OT: virus on the wild?

Michel Messerschmidt lists at michel-messerschmidt.de
Thu Jan 22 15:57:32 CET 2009


On Thu, Jan 22, 2009 at 08:51:23AM -0500, Robert J. Hansen wrote:
> Faramir wrote:
> > And the second question is: Does somebody know about this virus? Is is
> > as fast spreading as it looks like?
> 
> Yes.  No.  Moo.  Ten pounds of flax.  Getting accurate intelligence
> about the spread of malware is a very difficult task.

Agreed, but does it really matter?. 
I suppose you really wanted to know whether your computer is at risk 
because of this AV warning? And the only definitve answer is obvious: 
Ask your AV vendor. There exist AV products that issue a warning 
even whenever they encounter a zip file :)
Therefore any speculation here won't give you the level of assurance you 
probably want.


> > And the third and last question is: why the AV detected the virus
> > _before_ I visited the site?

Assumption: Your AV adheres to common virus naming conventions here.
1. Your AV stated that it detected a Trj = trojan but not a virus. So 
it won't replicate itself (no spreading in the usual sense) but waits for 
users/browsers to execute it.
2. The malware class JS means JavaScript. Your AV detected some malicious 
javascript maybe on the google search page or on one of the result pages.
Some AV products prefetch linked pages to scan them before the user clicks 
on a link. Also some browsers prefetch web pages and an AV may detect the 
javascript in the browser cache. 
Conclusion: It is absolutely possible that your AV warned you without 
anything malicious happening on your computer. OTOH if something happened 
it won't be easy to track down the origin of the attack.

Whatever your AV vendor will tell you, these apply in general:
 - disable javascript / browser scripting as much as possible
 - don't use outdated browser versions
 - know the behaviour of your browser



Michel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
URL: </pipermail/attachments/20090122/ecb5cb14/attachment.pgp>


More information about the Gnupg-users mailing list