Virus in an ad?

[gstelmack]

So I forgot to have ads blocked here at home (fixed now) but Norton 360 popped up a block on "Bloodhound.Exploit.196" in a PDF file that appeared to have been embedded in an ad when browsing the FOF/TCY thread on the missing help file, or at least there was no PDF visible anywhere to be downloaded in the thread itself. Wonderful.

[Alan T]

Quote:

Originally Posted by gstelmack

So I forgot to have ads blocked here at home (fixed now) but Norton 360 popped up a block on "Bloodhound.Exploit.196" in a PDF file that appeared to have been embedded in an ad when browsing the FOF/TCY thread on the missing help file, or at least there was no PDF visible anywhere to be downloaded in the thread itself. Wonderful.

That has been a consistent attack method for viruses for a while now. They imbed invisible iframes into advertisements for all kinds of sites and if you don't block the ads with some form of adblocker or noscript or such, you can become vulnerable to it.

For the specific PDF attack, if you patch acrobat reader to the newest version AND turn off javascript inside of your acrobat reader options (Why do PDF files need javascript anyways?) it should protect you from that specific attack (Unless you have already been infected prior).

I highly recommend that people who browse the internet regularly get used to running noscript and set it up to block iframes of all kinds. It will protect you against 95%+ of the attacks out on websites currently.

[sterlingice]

Quote:

Originally Posted by Alan T

That has been a consistent attack method for viruses for a while now. They imbed invisible iframes into advertisements for all kinds of sites and if you don't block the ads with some form of adblocker or noscript or such, you can become vulnerable to it.

For the specific PDF attack, if you patch acrobat reader to the newest version AND turn off javascript inside of your acrobat reader options (Why do PDF files need javascript anyways?) it should protect you from that specific attack (Unless you have already been infected prior).

I highly recommend that people who browse the internet regularly get used to running noscript and set it up to block iframes of all kinds. It will protect you against 95%+ of the attacks out on websites currently.

Dumb technical question- what's the different between a frame and iframe? And why is it vulnerable to attack when frame is not?

SI

[Alan T]

Quote:

Originally Posted by sterlingice

Dumb technical question- what's the different between a frame and iframe? And why is it vulnerable to attack when frame is not?

SI

I am not a web programmer so can't really give the reasons for using an iframe (or inline frame), but the differences from a security point of view is that an inline frame is just one box that can exist inside of a site that refers the browser to a completely different location (or possibly another site all together such as launching a hacked .pdf file to take advantage of an exploit in adobe reader listed here). A frame has a more defined existance on a page and the constructs that it must follow.

[DanGarion]

Sounds to me that FOFC just has to stop with the banner ads, since they are filled with viruses.

[gstelmack]

The real issue is folks trying to turn the web into a virtual machine that runs real programs rather than leaving it what it is best at and leaving real applications to what they are best at. Java, ActiveX, Javascript, etc continue to be these great big gaping security holes as the folks working on the web seem to want to hack functionality in first and worry about security second.

[flere-imsaho]

Ah for the heady days of lynx and gopher.