Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1] 2

Author Topic: Exploit.pdf-Name.Gen virus found on DF Wiki page  (Read 7536 times)

Farmerbob

  • Bay Watcher
    • View Profile
Exploit.pdf-Name.Gen virus found on DF Wiki page
« on: April 30, 2010, 01:48:06 am »

  I suspect this might be coming from the advertisements, it's popped up a couple times while I was browsing through the Wiki - this time it happened on the "Gremlin" info page.  Can't remember what game version page on Gremlins though, might have been an older page, I tend to look at all the available pages and see if they match up with what I'm seeing in game.

  This is an attack targeted at older installs of Adobe, supposedly new installs will repair the vulnerability.

  It appears as if F-Secure crushed it before it got anywhere.

  The attack seems to require Java somehow, as it activated Java on the taskbar right before it got clubbed.

  If you update your Adobe in the hopes of reducing system vulnerability, open it again, and check for updates after each update you finish.  I got two back-to-back updates, and I was not notified there was an additional one when the first completed.
Logged
How did I miss the existence of this thread?
(Don't attempt to answer that.  Down that path lies ... well I was going to say madness but you all run towards madness as if it was made from chocolate and puppies.  Just forget I said anything.)

zwei

  • Bay Watcher
  • [ECHO][MENDING]
    • View Profile
    • Fate of Heroes
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #1 on: April 30, 2010, 02:23:56 am »

yeah, advertizers usually run any ad without asking much questions as long as they are paid. It is quite easy to distribute flash exploits this way.

Cheshire Cat

  • Bay Watcher
  • You Have Struck Turtle Shell!
    • View Profile
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #2 on: April 30, 2010, 02:31:11 am »

my simple solution has allways been dont use adobe acrobat. ever. foxit does the job fine, is much smaller, and does not force me to update every few hours.

i also dont install java. both programs seem to leave great gaping orifices directly into the pulsing heart of my pc, so i avoid them. exploits in advertising toolbars pop up fairly frequently, and all the ones ive seen use adobe acrobat or java or both. ive gotten at least one horrifically evil trojan through such an advertisement, which really ate up my computer and even caused google redirects on other pcs in my home network by doing something insidiously clever to my router. it even coopted norton and tried to make it download more evil software in the guise of norton updating, and utterly destroyed adaware.
Logged

zwei

  • Bay Watcher
  • [ECHO][MENDING]
    • View Profile
    • Fate of Heroes
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #3 on: April 30, 2010, 02:36:25 am »

Adblock is better solution. Regular updates too.

There are exploits in pute html/javascript or images too, so, do not be luled to feeling secure if you take care fo worst offenders.

nenjin

  • Bay Watcher
  • Inscrubtable Exhortations of the Soul
    • View Profile
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #4 on: April 30, 2010, 04:22:13 am »

Yeah, the amount of malicious ads that are being served is getting ridiculous. You'd *think* someone would be holding those guys accountable for making the money off the proliferation of viruses. It's like the postal service delivering mail bombs and going "what? we're getting paid, it's all good."
Logged
Cautivo del Milagro seamos, Penitente.
Quote from: Viktor Frankl
When we are no longer able to change a situation, we are challenged to change ourselves.
Quote from: Sindain
Its kinda silly to complain that a friendly NPC isn't a well designed boss fight.
Quote from: Eric Blank
How will I cheese now assholes?
Quote from: MrRoboto75
Always spaghetti, never forghetti

Shades

  • Bay Watcher
    • View Profile
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #5 on: April 30, 2010, 04:37:59 am »

Yeah, the amount of malicious ads that are being served is getting ridiculous. You'd *think* someone would be holding those guys accountable for making the money off the proliferation of viruses. It's like the postal service delivering mail bombs and going "what? we're getting paid, it's all good."

Most people are too apathetic to do anything put post on a forum about it or rant to someone over im, until that changes nothing will be done as there is no pressure on the advertiser to do so. And as you say they are making money so they certainly don't care.
Logged
Its like playing god with sentient legos. - They Got Leader
[Dwarf Fortress] plays like a dizzyingly complex hybrid of Dungeon Keeper and The Sims, if all your little people were manic-depressive alcoholics. - tv tropes
You don't use science to show that you're right, you use science to become right. - xkcd

Locriani

  • Bay Watcher
  • Locriani == Briess
    • View Profile
    • dwarf fortress wiki
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #6 on: April 30, 2010, 06:29:55 am »

Yeah, the amount of malicious ads that are being served is getting ridiculous. You'd *think* someone would be holding those guys accountable for making the money off the proliferation of viruses. It's like the postal service delivering mail bombs and going "what? we're getting paid, it's all good."

Most people are too apathetic to do anything put post on a forum about it or rant to someone over im, until that changes nothing will be done as there is no pressure on the advertiser to do so. And as you say they are making money so they certainly don't care.

Google says the affected ad has been cleared from the system.  any other reports like this, please email me.
« Last Edit: April 30, 2010, 07:38:56 am by Locriani »
Logged
I am one of many administrators of the wiki.  Please use my user page (http://dwarffortresswiki.org/index.php/User_talk:Briess) on the wiki to contact me, as I check that more often than these forums.

Lord Darkstar

  • Bay Watcher
    • View Profile
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #7 on: May 06, 2010, 02:29:10 pm »

Yeah, the amount of malicious ads that are being served is getting ridiculous. You'd *think* someone would be holding those guys accountable for making the money off the proliferation of viruses. It's like the postal service delivering mail bombs and going "what? we're getting paid, it's all good."

Google has stated that at any point in their adserving history to current day, between 12 to 20% of their ads are just malware. But their money spends as well as "less ambitious customers", so they take it. After all, they wouldn't want to deny themselves that ad revenue. What are you going to do? Nothing. They are Google.
Logged
learn to give consolations to frustrated people
What is this, a therapy session? We don't need to console someone because they're upset about a fucking video game. Grow a beard, son, and take off those elf ears!

Kilo24

  • Bay Watcher
    • View Profile
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #8 on: May 06, 2010, 03:06:35 pm »

Yeah, the amount of malicious ads that are being served is getting ridiculous. You'd *think* someone would be holding those guys accountable for making the money off the proliferation of viruses. It's like the postal service delivering mail bombs and going "what? we're getting paid, it's all good."

Google has stated that at any point in their adserving history to current day, between 12 to 20% of their ads are just malware. But their money spends as well as "less ambitious customers", so they take it. After all, they wouldn't want to deny themselves that ad revenue. What are you going to do? Nothing. They are Google.

Given that their ads are text-only, I don't think that there are any that can force viruses in without clicking on them.  And investigating which hold malware is a rather large and expensive undertaking, given the sheer volume of ads they deal with.

It's still pretty bad (and does discourage people aware of it from clicking on the ads), but it's at least a workable arrangement.  But still, publicizing the number of ads which are malware could force them to improve their standards to avoid the loss of revenue by people being afraid to click on ads.
Logged

lucusLoC

  • Bay Watcher
    • View Profile
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #9 on: May 06, 2010, 06:07:40 pm »

my simple solution has allways been dont use adobe acrobat. ever. foxit does the job fine, is much smaller, and does not force me to update every few hours.

you need to read more of the security bulletins. foxit is actually vulnerable to more than half of the reader exploits, and has quite a few of its own to boot. in my opinion the whole pdf format is one big vulnerability. (speaking as a sys admin here, who has had to clean up his fair share of adobe and pdf related problems.)
Logged
Quantum dumps are proof of "memory" being a perfectly normal dimension in DF. ~Gazz

Tilla

  • Bay Watcher
  • Slam with the best or jam with the rest
    • View Profile
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #10 on: May 06, 2010, 06:20:39 pm »

Not a whole lot Google can do about these sorta things except either A> make a much more rigorous and probably /costly/ approval process or B> (what they do now) remove malware when reported.
Logged

Cheshire Cat

  • Bay Watcher
  • You Have Struck Turtle Shell!
    • View Profile
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #11 on: May 10, 2010, 08:00:46 am »


Given that their ads are text-only, I don't think that there are any that can force viruses in without clicking on them.  And investigating which hold malware is a rather large and expensive undertaking, given the sheer volume of ads they deal with.

no, if you have programs like adobe acrobat reader or java as a browser plug in, some of those malware advertisements can and will get into your pc without being clicked on. all they need is to be displayed in your browser. i posted somewhere up this page about an experience i had with this, that was not detected by my virus scanner, and the scanner was then coopted and used to download more malware.

given that these threats are generally added to the databases in standard commercial virus scanners very quickly after they appear, it would not seem difficult for companies organizing them, like google, to scan adds before allowing them to be shown. it may be harder then i think it is, but this way only very new threats would get through, and then only for a few days. it would also be easier to blacklist people providing the adds, which would not stop them, but would slow things down a bit.
Logged

Bronzebeard

  • Bay Watcher
    • View Profile
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #12 on: May 10, 2010, 12:08:03 pm »

Not a whole lot Google can do about these sorta things except either A> make a much more rigorous and probably /costly/ approval process or B> (what they do now) remove malware when reported.

Costly? You mean Google -- literally one of the most powerful corporations on the face of the earth that may as well control the internet -- is strapped for cash?
Logged

Interus

  • Bay Watcher
    • View Profile
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #13 on: May 10, 2010, 02:24:35 pm »

Not a whole lot Google can do about these sorta things except either A> make a much more rigorous and probably /costly/ approval process or B> (what they do now) remove malware when reported.

Costly? You mean Google -- literally one of the most powerful corporations on the face of the earth that may as well control the internet -- is strapped for cash?

Generally, if corporations can avoid lowering their profit, they will.  Regardless of how high that profit may be.  Sometimes they can't, and I'm thinking that they'd probably decide that if they have to pay people to check each advertisement, then they'll have to charge more per advertisement, and then they'd have fewer customers and make less money.

That's just what I know from economics.  I have no idea if it's the actual reasoning or not.
Logged

alway

  • Bay Watcher
  • 🏳️‍⚧️
    • View Profile
Re: Exploit.pdf-Name.Gen virus found on DF Wiki page
« Reply #14 on: May 10, 2010, 05:46:08 pm »

That there was a virus in the Gremlins page is infinitely amusing.
Logged
Pages: [1] 2