Results 1 to 5 of 5
  1. #1
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    376
    Thanks
    1
    Thanked 29 Times in 24 Posts

    Readers comment on the LizaMoon infection story




    LANGALIST PLUS

    Readers comment on the LizaMoon infection story


    By Fred Langa

    The recent LizaMoon Top Story generated a deluge of reader e-mails!

    Some of the letters criticized my actions but most of the letters requested additional details and some asked excellent "what if?" questions.

    The full text of this column is posted at WindowsSecrets.com/2011/04/28/04 (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. The Following User Says Thank You to Tracey Capen For This Useful Post:

    Timmer (2011-04-28)

  3. #2
    New Lounger
    Join Date
    Dec 2009
    Location
    10546
    Posts
    23
    Thanks
    0
    Thanked 3 Times in 2 Posts
    I've given different instructions to my non-computer savey wife. If she sees stuff she doesn't understand, hold the power button down till the machine turns off! There is no way she's going to accurately use the task manager, something she NEVER uses, to get out of this. Yes - she may loose the last few edits she did, but that's a cheap price to pay.

    (I have changed her firefox configuration so it never automatically restores the previous session after a crash, since doing that gets you right back to the problem).

  4. #3
    New Lounger
    Join Date
    Nov 2010
    Location
    connecticut usa
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    a couple things i found with this infection that i ran into....i didn't go all crazy like fred did, but when i encountered the page, it indeed immediately started "scanning" my machine...what i found was as soon as the web page loaded, it downloaded a small executable to my machine, which is how it presumably finishes the infection. i minimized the browser, noticed a shortcut on the desktop to something i didn't install...right clicked it and checked properties, and then navigated to the folder the exe was hiding in. i simply deleted it. done. ran scans with a squared and mse, machine came up clean, and no infection without allowing the executable to do it's thing. sorry, don't remember which folder (was in a temp file) or the name of the exe, either...i sent a bunch of links to fred as i encountered the infection in various locations in the wild. one thing i did notice was that closing the browser before the popup radio button came up worked...even closing the page worked. but you've gotta be quick, and the best bet once the control button popped up was to close the entire browser from the taskbar. i use firefox with no script on a win vista 64 machine, fully updated and patched, btw for what it's worth... when firefox restarts, it gives the familiar ...oooops...do you want me to restore your tabs? click NO, if possible. this can help. another thing that can help is a third party task manager called "dtaskmanager" by "dimio"...it's like windows task manager, yet pumped up...if you make it the default, you can kill damn near any process running with it. anyways....hope this info helps someone. fred, if ya get a wild hair across your butt, and wanna try what i described doing, please post back your findings! namaste jimi
    what, me worry?

  5. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    Seattle, WA, USA
    Posts
    14
    Thanks
    2
    Thanked 3 Times in 1 Post
    Just yesterday while doing some Google searching for Wordpress material, some malware tried to load itself, but following Fred's advice, I fortunately caught it (Windows Defender didn't) and didn't allow it to execute. I still ran several scans to make sure my system was clean.

  6. #5
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Timmer View Post
    Just yesterday while doing some Google searching for Wordpress material, some malware tried to load itself, but following Fred's advice, I fortunately caught it (Windows Defender didn't) and didn't allow it to execute. I still ran several scans to make sure my system was clean.
    Something similar happened to me last night.

    I was at a photos and videos indexing web site, when one link led to a page which started to show the popup and fake scan which are the LizaMoon signatures. But the dialog said this was Chrome scanning my computer, that Chrome had detected infections, etc. (Chrome does not scan for anything -- it is not a security program. How do the writers of this malware not know these things?) And the titlebar on the popup showed the exact, real filename of the attacking agent. The infecting agent was not downloaded, no shortcuts or Tray Notifications appeared.

    I quickly closed Chrome, disconnected from the Internet, cleaned up the computer with several tools, and scanned offline with Super Antispyware and Microsoft Security Essentials. All looked clean, so I rebooted. Still clean. I went online and ran Hitman Pro (multi-vendor Cloud Antispyware Application) and it also detected nothing malicious. Deep scans will be done this weekend.

    I take this experience to demonstrate that in my Windows 7 Home Premium 64-bit Standard User Account (patched through the March MS Updates, but April updates still pending), the Google Chrome browser (with several ad blockers and the Click N Clean Extension) does a very good job of identifying and sandboxing this type of attack. The Chrome sandbox appears not to have leaked, even though I did click on the "Scan Now" button in the popup. I have not seen Internet Explorer or Firefox do such a good job of identifying and containing an Internet threat. While I would not use Chrome as a first line of defense (and certainly not as my only line of defense), I am impressed with Chrome's security performance in this incident.

    Thanks, Fred, for the heads-up about this LizaMoon security threat.
    Last edited by bobprimak; 2011-04-28 at 15:49.
    -- Bob Primak --

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •