PSA: Behold the Resurrection of EPIC THREAD

[mjrpes3]

A month back I got hit with a malware that was able to installed itself on my computer just by visiting a website (and it wasn't even pr0n). I had to do a reinstall because it was so invasive. This was an eye-opener for me because I thought I didn't have to worry about this stuff as long as I ran firefox, avoided downloading anything, and used a firewall. I didn't even have antivirus installed. me == dummy.

I was never able to determine what exactly let it through, whether it was a firefox, flash, foxit, or a java exploit. But I stumbled upon this article about exploit kits that probe your browser for known security holes:

http://www.krebsonsecurity.com/2010/01/a-peek-inside-the-eleonore-browser-exploit-kit/

It’s important to keep in mind that some of these exploits are browser-agnostic: For example, with the PDF exploits, the vulnerability being exploited is the PDF Reader browser plug-in, not necessarily the browser itself. That probably explains the statistics in the images below, which shows a fairly high success rate against Opera, Safari, and Google Chrome users.

Moral of the story: always keep browser and add-ons up to date, consider not using pdf plug-ins or java runtime if you don't really need them, use flashblock, and use antivirus software just in case anything else gets through... which is bound to happen at some point.

 

[ManBearPig]

wait a sec, so did we get the pics or not? let me know please.

 

[Dr. Detroit]

Sup, PM!

 

[ImDonly1]

Using Win 7 x64, with Microsoft security essentials. I am using Firefox (latest) with ad-block plus. I don't think I got the malware. No notifications and nothing funny. Maybe I didn't get the advertisement.

 

[Epic Fail]

what happened? and PM

 

[TallBill]

pm if you got sexy pics.

 

[Newbian]

Bumping before going to bed to see what happens.

 

[Miramonti]

Bump after Newbian went to bed so when he wakes he thinks something happened.

 

[GTaudiophile]

Awww, no change this morning? No pics?

 

[lurk3r]

Sorry to Jeebus for the personal attack, last nite I was fuming, it was not your fault, but the Megaupload link was definately the problem, firefox did not have noscript but it did have adblock. There was no popup, just the file download link from mega, the only other things I had done after getting home were check hotmail (nothing new), and play a little castles on facebook. IMMEDIATELY after the download finished firefox crashed, when I ran firefox again my HDD went bonkers, after turning it off and on, even in safe mode IE crashed with something like "was unexpectedly closed, restore or not", chrome, and malwarebytes had been removed and spybot snd did not seem the same (possibly hijacked). At least 2 other people reported the same issue, and I did have avg running ...

My computer's still reinstalling, I should probably just use this as an excuse to upgrade (gf gave me grief at how fuming mad I was, said 'whats the worst case, you get a new computer and it costs you $1000 lol, its like a free pass).

Last nite I was mad enough to actually have paladin charge my cc so I could hunt them down. I did find a couple sites about how to get rid of it, deleted around 40 registry keys manually, got malwarebytes installed finally, but eventually just had to throw the windows CD in and delete the windows directory. Hopefully after running all the updates Malwarebytes will catch all the remnants.

Sorry again Jeebus, not your fault.

 

[Bignate603]

I thought I had got rid of the stupid malware but now my computer won't hibernate. It pops up the 'preparing to hibernate' screen and then just dumps me back to my desktop. It hosed something up. There is a special place in hell for people that write viruses and malware.

 

[RoloMather]

I downloaded the pic but no viruses here. Noscript for the win?

 

[MotF Bane]

I am disappoint.

 

[Squisher]

Anybody got a smiley reducer?

 

[kalrith]

We just had a message at work from our IT guy last week - apparently there's a pop up out there that if you click on the "x" to close the window - that's conveniently the install button. Sounds like that could possibly be what happened?

That's my guess as well. I always close questionable windows through task manager. I got a pop-up from the link yesterday, closed it in task manager, but ran malwarebytes and Symantec AV just in case. They both came back with nothing.

 

[rudder]

Jeebus' popularity is falling faster than obamas approval rating.

He has gone from owner of the epic thread to owner of the worst failure of 2010.

 

[FoBoT]

brb

 

[Kelvrick]

Jeebus' popularity is falling faster than obamas approval rating.

He has gone from owner of the epic thread to owner of the worst failure of 2010.

We got jeebed?

 

[vshah]

 

[krylon]

PM me link

 

[Glitchny]

PM me link

me as well

 

[KMc]

Yep, the "Security Essentials 2010" and "Paladin" malware got me too. I was able to upload My Documents and personal files to the network before my laptop went down, so I just had it completely wiped and a new OS install. In the end, a popup came up and said it was shutting my system down in 20 seconds. I thought, yeah right - well, it did and it would not boot again after that.

 

[thraashman]

Sorry to Jeebus for the personal attack, last nite I was fuming, it was not your fault, but the Megaupload link was definately the problem, firefox did not have noscript but it did have adblock. There was no popup, just the file download link from mega, the only other things I had done after getting home were check hotmail (nothing new), and play a little castles on facebook. IMMEDIATELY after the download finished firefox crashed, when I ran firefox again my HDD went bonkers, after turning it off and on, even in safe mode IE crashed with something like "was unexpectedly closed, restore or not", chrome, and malwarebytes had been removed and spybot snd did not seem the same (possibly hijacked). At least 2 other people reported the same issue, and I did have avg running ...

My computer's still reinstalling, I should probably just use this as an excuse to upgrade (gf gave me grief at how fuming mad I was, said 'whats the worst case, you get a new computer and it costs you $1000 lol, its like a free pass).

Last nite I was mad enough to actually have paladin charge my cc so I could hunt them down. I did find a couple sites about how to get rid of it, deleted around 40 registry keys manually, got malwarebytes installed finally, but eventually just had to throw the windows CD in and delete the windows directory. Hopefully after running all the updates Malwarebytes will catch all the remnants.

Sorry again Jeebus, not your fault.

You're not the only one. I wasn't thinking and clicked on the link here at work and it crashed my system and I had to get the thing formatted as a result. So yes there was a virus on that megaupload page and it hit me too.

 

[lurk3r]

You're not the only one. I wasn't thinking and clicked on the link here at work and it crashed my system and I had to get the thing formatted as a result. So yes there was a virus on that megaupload page and it hit me too.

Thank you, I was feeling like a pariah when I was just trying to protect my peeps ...

 

[JulesMaximus]

Malwarebytes was able to clean up my system of this scourge. Make sure you download it and then run the updates before doing the system scan. I did not have to format and re-install Windows on my PC.