?

Log in

No account? Create an account

Previous Entry | Next Entry

Drive-by Malware and DeviantArt

This is annoying. For the second time now, separated by a week, I've gotten drive-by malware install attempts from visiting DeviantArt. I suspect someone is providing them with a third-party flash ad that resizes the browser window, claims to have found malware on the your machine, and then sends you to a website purported to be a free online scanner for XP. That site WILL install malware on your machine if you visit it running Windows.

The URL it sends you to is (almost, disabled for your safety) as follows.

http ://xponlinescannerDOTcom/2008/1/_freescan.php?aid=77024212

Luckily for me, I don't run Windows. But I figure there are thousands of folks who do run windows who visit DeviantArt every day. This is unconscionable that it's still happening after more than a week.

In the meantime, until this is addressed, if you run Windows, DON'T VISIT DEVIANT ART. If you do find yourself getting a dialog stating that your machine is infected, or if you are sent to the xponlinescanner dot com site, DON'T CLICK ON ANY APPARENT DIALOGS. IMMEDIATELY USE ALT-F4 TO QUIT YOUR WEB BROWSER!

Tags:

Comments

( 6 comments — Leave a comment )
(Anonymous)
May. 30th, 2008 10:45 pm (UTC)
Unfortunately it's not just Deviant Art that's been hit by this type of scheme. The Economist, MLBA, ESPN, and National Geographic websites, as well as hotmail, have unknowingly hosted malicious banner ads that do the same thing. It's rank, vile, and malicious, and exceptionally difficult to defend against for the common user. When the websites you visit are as trusted as National Geographic, it almost feels safer to pull the plug from the wall.

Blacklisting the websites that the redirects point to seems to be an interim solution. Opera has a blocking capacity to do this that saved my hide once, but by now these attacks are widespread, I'm assuming the idiots on the other end can buy a new domain faster than one could block it.

It's a serious problem with no real solution, and it's been around for months now.
susandeer
May. 30th, 2008 11:13 pm (UTC)
It's a Flash exploit. Update Flash and you should be fine.

(Holy shit, I just gave you tech advise. I hope Hell has a good supply of mittens!)
the_twf
May. 31st, 2008 12:29 am (UTC)
It's a exploit being done through flash. All sources say update to the new version of Flash.
siege
May. 31st, 2008 07:21 pm (UTC)
Well, damn. I guess I have a reason to upgrade Flash now.
doodlesthegreat
May. 31st, 2008 12:36 am (UTC)
All net connection programs are updated to most stable versions. In addition, I have Firefox, AdBlock, and NoScript. If anything gets through that, Kaspersky catches it.

Exploits? Bitch, PLEEZE. =};-3
kairee
May. 31st, 2008 10:13 am (UTC)
I'm a fan of adding sites like this to hosts file pointing to 127.0.0.1.
( 6 comments — Leave a comment )