Spyware, viruses, & security : How can I protect against malicious iFrames?
How can I protect against malicious iFrames?
by ClosetMonster3 - 6/28/07 5:27 PMIve recently tried linkscanner pro which supposedly detects malicious links within sites and scans sites on demand to tell if they will download torjans or other malicious content. Problem is, its not free and it uses a lot of CPU resources when scanning google searches. I read some on iFrames and how they download and install content without the users knowledge. I wanted to know how I could protect myself from these types of attacks and if there are other programs or add-ons (to firefox if available), that detect and prevent downloads from compromised servers and known hackers.
Preferrably, I would like to find something that is opensource or free, but I would also like to know how to protect against iFrames and other hacking attempts. Are these programs needed or will my current anti-virus suffice?
I am currently running Windows XP MCE, AVG anti-virus, Sygate personal firewall, Snoopfree privacy shield (keylogger detector), Windows defender, SpywareBlaster, Ad-aware and Spybot SD, through Firefox, all behind a Linksys SRX200 wireless router with SPI and NAT filtering.
Any suggestions appreciated.
So far I only found the Linkscanner - there is also an
by Marianna Schmudlach
- 6/28/07 6:53 PM
In reply to: How can I protect against malicious iFrames? by ClosetMonster3
on-line linkscanner:
http://linkscanner.explabs.com/linkscanner/default.asp
But the best you could do:
For home users:
* Beware of pages that require software installation. Do not allow new software installation from your browser unless you absolutely trust both the Web page and the provider of the software.
* Scan with an updated antivirus and anti-spyware software any program downloaded through the Internet. This includes any downloads from P2P networks, through the Web and any FTP server regardless of the source.
* Beware of unexpected strange-looking emails, regardless of their sender. Never open attachments or click on links contained in these email messages.
* Enable the “Automatic Update” feature in your Windows operating system and apply new updates as soon as they are available.
* Always have an antivirus real-time scan service. Monitor regularly that it is being updated and that the service is running.
* Free security tools are available at www.trendmicro.com
http://us.trendmicro.com/us/about/news/pr/article/20070618185040.html
what about programs that download silently?
by ClosetMonster3 - 6/28/07 9:59 PM In reply to: So far I only found the Linkscanner - there is also an by Marianna Schmudlach
the whole thing about iFrames is that they can be used to download malicious software and install them without my approval. Especially with XP, windows doesnt require a password to install new software which is bad. (Vista and Macs require it).
Im good about scanning programs and files that come through and I dont install bad stuff on the net that I dont trust. Im just concerned about programs that install silently without my knowledge. How can I protect against that? How well does Firefox do with denying iFrames from downloading installable programs and letting them run?
Thanks
Firefox is also vulnerable......
by Marianna Schmudlach - 6/29/07 9:41 AM
In reply to: what about programs that download silently? by ClosetMonster3
read more here:
https://www.kb.cert.org/vuls/id/143297
Note: Workarounds for users
* Disable JavaScript
* Use the NoScript Firefox Add-on to whitelist what sites can run JavaScript.
* Type in URLs directly in the web browser's address bar, or use bookmarks to navigate to websites
* See the Cross-Site Scripting Vulnerabilities document for general information.
IN IE 7 > tools > internet options > advanced > security > did you UNCHECK: allow software to run or install even if the signature is invalid?
RE: So far....
by caktus - 6/29/07 12:08 AM In reply to: So far I only found the Linkscanner - there is also an by Marianna Schmudlach
Marianna,
There [is] such a freeware program. I've since lost it do to a crash and can't recall what it's called or where to download it. I originally read of it in one of the CNET Forums. I believe it may have been Griff Thomas who mentioned it. Hopefully he, or who ever it was will happen across this thread repost it. I'll be watching the thread in case it shows up.
Charlie
reply to: RE: So far....
by caktus - 6/29/07 2:03 AM In reply to: RE: So far.... by caktusTurns out I was thinking of Dr. Web but only the Trial is free.
alternative to javascript?
by ClosetMonster3 - 6/29/07 9:35 PM In reply to: reply to: RE: So far.... by caktusI would like to be safe when surfing, but I also want the internet to function as it should. Ive tried no-script with firefox and it worked fine, but it became a hassle to create a white list. The thing about iFrames is that Ive read that attackers can put it in legitimate pages that I have deemed legit by no-script. So in this case, it doesnt seem that I would benefit from them if normal pages can be compromised so easily. I believe the method is cross-site scripting or something along those lines.
It would be better to scan and remove the malicious iFrames without disabling the rest of the page or legitimate pages.
Is there an option if firefox to deny iFrames with content not coming from the original server? If Im interested in only the page I am going to, I would assume that most of the content would be on the same server (except the adds, which I have AdBlock Plus for). I would also like to block the iFrames that point to other servers if possible.
Thanks for your help!
Have a look at this thread.....
by Marianna Schmudlach - 6/29/07 10:26 PM
In reply to: alternative to javascript? by ClosetMonster3
"Could this exploit code from a malware site affect Firefox?"
http://forums.mozillazine.org/viewtopic.php?t=560793&highlight=iframes
Maybe someone on the mozillaZine forum could help you ?
Just a thought...
by Marianna Schmudlach - 6/29/07 10:40 PM
In reply to: Have a look at this thread..... by Marianna Schmudlach
did you have a look in Firefox > Tools > Options > Security ?
Also - have a look at FF add-on Interclue:
http://www.geekzone.co.nz/content.asp?contentid=7170
Surf in a sandbox and don't worry about it
by howiem - 7/2/07 2:33 AM In reply to: How can I protect against malicious iFrames? by ClosetMonster3If you do all your surfing in a sandbox, like sandboxie (www.sandboxie.com)youm don't have to worry about the exploits as they cannot get into your operating system.
BTW I also use Linkscanner Pro and have not had any problems with it in about a year.
avast is the one
by digitalRenewal - 4/11/09 9:54 PM In reply to: How can I protect against malicious iFrames? by ClosetMonster3i had a round of iframe virus removal myself today, and was finally successful with avast's free home edition.
I do web design and had infected 3 of my clients sites, plus my personal blog. avg free and malwarebytes couldnt find the iframes. avast found em on my machine and also alerted me when I opened a webpage that was infected, which helped me find it and clear it off the server.
i highly recommend avast for this.
best of luck!
Trisha
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
