Posted on 03/03/2005 1:39:36 PM PST by holymoly
Security experts issued a warning this morning after detecting infections caused by Searchmeup, the first adware to use the Exploit/LoadImage vulnerability which downloads itself onto computers without the user's permission.
Panda Software's PandaLabs warned that the pages from which Searchmeup are downloaded also contain a series of exploits to download other malware onto the computer, such as the Tofger.AT Trojan, which steals banking passwords, Dialer.BB and Dialer.NO, and adware called Adware/TopConvert.
Searchmeup is downloaded onto the computer when the user visits maliciously coded web pages. Once installed it changes the home page to that of a search engine that displays pop-ups every time it loads with the aim of installing spyware and diallers on infected computers.
Searchmeup affects computers running Windows 2003, XP, 2000, NT, Me and 98, and allows arbitrary code to be run.
It could be exploited by an attacker hosting a specially crafted cursor or icon on a malicious web page or HTML email. Microsoft has released a patch to correct this problem, and users are advised to install it immediately.
The web pages from which Searchmeup is downloaded also drop Tofger.AT onto computers, a Trojan which runs every time Internet Explorer is opened.
Tofger.AT keeps track of the user's internet activity, logging passwords for secure 'https' connections which are often used for connections with online banks. Once it has collected this information, Tofger.AT sends it to a remote server.
Searchmeup can also generate an error in the 'services.exe' file, informing users that the computer will be restarted in one minute.
After the restart, the computer operates perfectly. On some occasions Searchmeup can also display blue screen errors, and Tofger.AT can actually update itself to a new version.
"The Exploit/LoadImage vulnerability can be used on web pages or HTML email by crafting a special icon or image file that causes a buffer overflow that in turn can be used to take control of the user's computer," said Patrick Hinojosa, chief technology officer at Panda Software US.
"This can be very serious as the user does not have to do anything unusual like opening a suspicious attachment. This is what is sometimes referred to as a 'drive by' attack."
Luis Corrons, director of PandaLabs, added: "The appearance of Searchmeup is a sign of the continuous evolution of malware, and of spyware and adware in particular.
"The first stage was that adware reached computers as a component of a freeware application, then web pages appeared that installed adware on users' computers using ActiveX.
"Now they have gone a step further, as Searchmeup exploits a vulnerability that even virus creators had not used until now."
Thank you, I printed it out. I have to find out what type of Internet Explorer I have. The 3---4---or 5.0
'dumped the cache'
"Excuse my ignorance but what is cache?"
There is a lot of "stuff" your system normally hides from you, which is nonetheless on the drive, and may cause you grief.
WARNING- do not run the following software without carefully noting which boxes are checked in the "clean" column, because it defaults to remove your cookies, and some other useful files you may want to keep. Look carefully before running the first time.
CCleaner (Crap Cleaner) is a freeware system optimization tool. That removes unused and temporary files from your system
http://www.ccleaner.com/
Response to #48. What I think is really nice with FireFox - next time you want to post something, go to the source, select the content you want, usually the center, right click - then click "View Selected Source". Up pops a window with all the stuff you want in HTML. Just copy and paste and you have all the stuff formatted, including hrefs.
tsd3 is very good.
even ms' beta antispyware is good; mainly it came from giant who got it from counterspy. counter runs on win98, ms' beta does not run on win98
Any thoughts on using Netscape Messenger instead of Outlook?
1 Try and fix it and destroy it, thereby having to buy a new computer.
2 Wait till it self-destructs on it's own by being filled to it's capacity with useless tripe, thereby having to buy a new computer.
3 Overloaded with so many viruses that it won't even turn on anymore, thereby having to buy a new computer.
See my conundrum?
Thanks, I may just cinch up my corset a notch and give it a try. If you don't see me around the net again, you'll know I'm waiting for my new computer. :-)
Don't overly worry about cookies... People get worked up about them, but most are benign, like FR's cookie and those of other sites where you've set up an account and want to remain logged in rather than log in at each visit. If you delete those cookies, you'll have to remember your login.
It can save you some space to clean up temp internet files and cookies from time to time, you can most easily do this by clicking "My computer - Right click your C drive and select "Properties" - click "Disk Cleanup" - and letting your computer clean up temporary internet files, your recycle bin, and cached web pages all at once.
You can always download the "Off By One" browser. Just unzip it to a folder and run it. No install, etc.
Even if you manage to screw IE up, you'd still be able to visit FR. :)
Thanks, I'll give it a shot tonight. God loves idiots and children. I'm counting on that. :-)
Then all won't be lost. :-)
I've wondered a few times if when I update my virus definitions some hacker hasn't tapped into the program and is redirecting me to download a trojan.
If you like, I *think* I can walk you through using Ccleaner-- the wife just got a new Dell toy, so I may be offline a while, but let me know if you would like my recommendations for what to check in the boxes.
The main thing is to not delete your cookies unless you have all the logon info you use for various sites written down, because you would then have to do that all over again. Spyware removers like Lavasoft's Ad-Aware or MSantispyware ( I prefer the latter ) should clean out the bad cookies anyway.
Heh... yeah - but you gotta trust somebody. That's why I only use professional virus software made by reputable companies, like Trend Micro's PC-Cillan, or Norton. I don't trust freeware made by someone in their garage. I think you get what you pay for.
I was reading something a while back about hackers tapping into the data stream. As I recall (my memory fails me), the article said though not impossible, it's pretty damn hard.
I actually paid for the Plus part of the WinPatrol because I liked the free one so much. It's the only one I've paid for out of all the free stuff I get online.
I love the plus information when Scotty detects a new task in the startup menu or tasks. I don't always know what those are and before disabling them I check the Plus section on BillP's website which almost always fully explains what they are.
Since Martha's getting out of jail I will say "Its a good thing"
:)
I smell a rat.
If it was me, and I had gone to those same sites for confirmation that indeed Firefox had allowed crap to get through and IE didn't, I'd put my ideological differences aside and try to warn others about it, seeing as how each and every Freeper is a computer user.
Now, if you're not talking trash, I owe an apology, of course, and I'll give it when you name the sites, seeing as how you have the logs.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.