WARNING: memory-alpha spreading malware

[Kotik]

Just a little hint for people, who regularly visit the Trek site memory-alpha. The site seems to have been compromised and spreads blackmailing malware. I don't know if it is specifically targeting german speaking countries, but there is the danger of other countries being affected as well.

The trojan hijacks the computer disabling the computer completely by displaying a fullscreen message illegaly using the logo of Federal German Bureau of Criminal Investigation (Bundeskriminalamt) claiming that the computer has been used to distribute child pornographic material and emails with terroristic background have been sent using the machine. The message threatens to wipe the hard disk if not withín 24 hours a payment of 100,- EUR is made using the financial provider Ukash.
The trojan disables all system functions, including the task manager, so please be careful when you visit that site.

EDIT: The trojan in question carries the Kaspersky designation Trojan-Ransom.Win32.PornoBlocker.jtg. It's a bitch to get rid of, as it install itself as the Windows shell (replacing explorer.exe). It scans every 100ms for instances of Windows Explorer and Task Manager and kills them immediately. I had to repair the registry manually to finally wipe that darn thing off

[marchale]

Just a little hint for people, who regularly visit the Trek site memory-alpha. The site seems to have been compromised and spreads blackmailing malware. I don't know if it is specifically targeting german speaking countries, but there is the danger of other countries being affected as well.

The trojan hijacks the computer disabling the computer completely by displaying a fullscreen message illegaly using the logo of Federal German Bureau of Criminal Investigation (Bundeskriminalamt) claiming that the computer has been used to distribute child pornographic material and emails with terroristic background have been sent using the machine. The message threatens to wipe the hard disk if not withín 24 hours a payment of 100,- EUR is made using the financial provider Ukash.
The trojan disables all system functions, including the task manager, so please be careful when you visit that site

Wow, thanks for that warning, Kotik! Actually, I've never visited that site, but I'm sure not going to now after hearing about that. I've encountered a bunch of different trojan horses over the years but I've never ran across one like you did there - I usually just get blasted with phishing scams trying to get personal information out of me via email, though I have had a few hackers get into my old computer a few years ago. Anyway, thanks for the warning there!

[Kotik]

It can be just about any site that uses these infernal flash-ads. In the olden days, such things were only to be found on pr0n sites or other shady business joints, but in recent years "normal sites" have started to give their readers epilepsy by using those flashing advertisements, too. Problem is that some of them carry malicious content piggyback.

My advice is to use a Linux system, which cannot be affected by these. Usually I boot into my Linux system for browsing and only use Windoze for gaming, but I was too damn lazy to reboot in the morning. Serves me right

[Entilzha]

A really lazy person just uses two computers, one with Linux and the other with Windows.

[Kotik]

A really lazy person just uses two computers, one with Linux and the other with Windows.

Yeah, but that would require putting one computer away and standing up to get the other No the *REALLY* lazy person does, what I did today - install VMWARE and run Linux inside Windoze

[Kevin Thomas Riley]

What if you have ad blocker on Firefox?

[marchale]

What if you have ad blocker on Firefox?

Yeah, I hope Ad Blocker can stop that problem for Firefox - I use Firefox with Ad Block Plus, Ad Block Plus Pop-up Addon and Element Hiding Helper for Ad Block Plus, as well as Norton Toolbar and BetterPrivacy addons too. If you don't use Firefox in Windows, I would highly recommend it; there's lots of cool add ons and other toys for it that make your web browsing a lot more pleasant and enjoyable.

[Kotik]

What if you have ad blocker on Firefox?

It might solve the problem, but it's not a 100% protection. The biggest risk are scripts running in your browser (like Ajax or JavaScript). Unfortunately people have forgotten how to design websites without using scripting. The second big risk factor is that user processes in Windows have way too much access to system resources. The Ransomware I described, exploites the fact that unless you've spent hours on sifting through 1000s of access rules, any user process can change the default shell, something that isn't possible in Unices.

[marchale]

What if you have ad blocker on Firefox?

It might solve the problem, but it's not a 100% protection. The biggest risk are scripts running in your browser (like Ajax or JavaScript). Unfortunately people have forgotten how to design websites without using scripting. The second big risk factor is that user processes in Windows have way too much access to system resources. The Ransomware I described, exploites the fact that unless you've spent hours on sifting through 1000s of access rules, any user process can change the default shell, something that isn't possible in Unices.

Thanks for explaining that, Kotik - I just put an addon called "NoScript" in Firefox (and Seamonkey for my email too), so hopefully that will help as well too. I know I'd probably be better off with a different system, but everything I use is Windows dependent, so I really have to stick with that. But hopefully NoScript can stop a script related problem from occuring.

[Kotik]

Marchale, I don't know much about all the available Firefox addons, but the safest bets and best security measures are addons, which assist with the following things:

• Monitoring and/or preventing the access to scripts, which are hosted in a different domain than the one you're loading the website from. This is a common source of code injection.
• Monitoring background downloads of scripts or executables. A very common way of infecting computers is that in the background (hidden in a JavaScript) an executable is downloaded to the users temporary file space and executed from there.

Unfortunately ad-blockers and script-blockers are only partially effective, since they might end up blocking code that is needed to use the site - for instance the member section of ff.net cannot be used if you have disabled the execution of JavaScript code. Other websites use Flash to display their menu structure - the same technology that's being used by malicious ads, so you might end up blocking vital content together with the ads.

[marchale]

Marchale, I don't know much about all the available Firefox addons, but the safest bets and best security measures are addons, which assist with the following things:

• Monitoring and/or preventing the access to scripts, which are hosted in a different domain than the one you're loading the website from. This is a common source of code injection.
• Monitoring background downloads of scripts or executables. A very common way of infecting computers is that in the background (hidden in a JavaScript) an executable is downloaded to the users temporary file space and executed from there.

Unfortunately ad-blockers and script-blockers are only partially effective, since they might end up blocking code that is needed to use the site - for instance the member section of ff.net cannot be used if you have disabled the execution of JavaScript code. Other websites use Flash to display their menu structure - the same technology that's being used by malicious ads, so you might end up blocking vital content together with the ads.

Okay, thanks for explaining that too, I appreciate it! Well, with this NoScript addon, you can "whitelist" the trusted scripts you want to have run, like I gave the Aniweather addon permission to load the script so it shows those cute little rain and thunderstorm animations as well as the national radar map so you see how far away any storm is. The only thing I've noticed so far with it is that things that used to download automatically you have to press that "press this if your download doesn't start automatically" button to download items manually; but hopefully I'll get the option on every website whether or not I want it to run a script so I can decide (and hopefully not be blocking any vital content that way).

Yeah, the only problem I have (at least knowingly!) encountered with Flash is that I wish damn near every photographer hadn't started using Flash on their portfolios. I've found so many great body shots I'd love to use in my fakes but can't because it's tied up into a Flash control you can't download from; but hopefully some sweet genius will build a Firefox addon for that like they did for the Flickr website so you can still download pictures there that normally are disabled from being downloaded (I actually have 2 addons that will let you grab pics from Flickr, the Flickr original (for original size pictures) as well as the Pixler Grabber (that works on the smaller pictures you can't use the other addon for). Actually the Pixler Grabber works on some sites outside of Flickr too). But anyway, hopefully I can pick and choose which javascripts I want to run from any website though so that way I won't block anything important.