antdudeA Ninja AntPremium,VIPReviews:
·Time Warner Cable
Popular Site Speedtest.net Compromised by Exploit Drive-By
"Cisco recently reported that the highest concentration of online security threats are in fact legitimate destinations visited by mass audiences. As if to underscore that point, we accidentally discovered an exploit on Speedtest.net, a site used by mass audiences to test their connection speed to the Internet. Now to be clear, Speedtest.net did not put this exploit up. Rather, speedtest.net is a victim of being exploited; but in turn their website was used to exploit countless others. As of this writing, Speedtest.net has rectified the issue, so they are safe to visit..."
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.
I'm sort of confused. Speedtest.net does not use Java so wouldn't a user going there notice Java being invoked? They would get a popup from Oracle asking if they wanted to run a Java applet and knowing that the site uses Flash for speed testing rather than the superior Java wouldn't they get the hell out of Dodge as fast as they could after denying Java the right to run? The Oracle Java security slider doesn't work as well in IE as in other browsers but it does work in my experience but I have only used it with IE 10.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
siljalineI'm lovin' that double widePremiumReviews:
|reply to antdude |
I'm kind of on board with Mele20 & Cartel
Although Speedtest.Net is flash-based and thus whacks you with LSO's everytime you use it, and other than serving lots of ads that my TPL's were blocking, it seems clean.
your moderator at work|
|reply to Mele20 |
Re: Popular Site Speedtest.net Compromised by Exploit Drive-By
said by Mele20:I think this would only apply to more security/tech savvy users. Most people will assume it's part of the site and run it.
I'm sort of confused. Speedtest.net does not use Java so wouldn't a user going there notice Java being invoked? They would get a popup from Oracle asking if they wanted to run a Java applet and knowing that the site uses Flash for speed testing rather than the superior Java wouldn't they get the hell out of Dodge as fast as they could after denying Java the right to run?
Desktop Win 7 x64 Emsisoft Anti Malware v7, Laptop Win 7 x64 & Desktop XP Pro Emsisoft Anti Malware v7 & Online Armor Premium v6, Netbook Win 7 Starter and Netbook XP Home Avast 7, MBAM and Hitman Pro used on-demand only.
|reply to Mele20 |
While speedtest.net may not use Java in their tests, that does not mean that it was not harboring a malicious Java app, simply sitting in wait for a vulnerable system to happen by, one with Java installed & enabled.
Actually from the looks of it, from the log, that was not the case. It looks more like the visitor was redirected (IFRAME or whatever) from speedtest.net to talkydao.is-an-accountant & it was from there that the Java app was launched.
(Wonder if nothing else that would have been picked up as an XSS exploit by NoScript?)
And if we read down further, it is all explained:
NoScript certainly stopped any further chances of exploit at that point.
Then there is Java itself. No Java, no exploit. Java disabled, no exploit. So if you need Java, whitelist it, allow it to run, only on sites you know, & know it is needed, & "trust" (heh).