Skip to main content

web based malware vectors.

Yesterday I had a visit by a childhood friend, during the visit I wanted to give him an idea of why Flash based web chat services can be inefficient for large number of simultaneous users while chatting. Before I could get into my example, the Userplane chat room I entered sent the following message:


It says "Warning! Your PC is at risk of virus and malware attack. Your system requires immediate check! System security will perform a quick and free scan of your PC for viruses and malicious programs." followed by an ok button as shown. Well , my years using computers and warning people of the dangers of trojan horse like messages from web pages prompting users to run scans, quickly told me this was a false message provided by some script embedded into the Userplane room I was in, and triggered by my attempt to send a message into the room. This is really bad news for Userplane, as it means the public rooms on its service have been compromised by malicious code creators and is being used as a vector for attack. Knowing what usually happens if one is to press the 'ok' button shown above, I immediately made my way for the "x" to close the window, and that was followed by a new message over the old one as shown below:Double the fun! This message attempts to admonish the User against closing the window without running the supposed "cleansing" scan. Of course, it is simply the malware trying to get you to click one of its buttons so that you can be redirected to what ever page, or initiate the download of whatever malware it really wants you to see. Since I could not close the window (and firefox has no method for terminating specific subwindows) I had to close Firefox by using the windows process tree to kill the process. This is a very ominous attack vector, that tries really hard to get you to press it's buttons and download the supposed cleaning software. I'd imagine most of the people who use Userplane for casual chatting have no idea of the possibility of a malware script being embedded in the chat room page. This makes such chatrooms significantly more dangerous than chat rooms accessed from stand alone chat clients like Yahoo messenger or MSN Messenger, which lacking control of the actual UI though embedded scripts (though they used to be rampant 10 years ago) are no longer able to send false messages that appear to look like standard windows prompts. I was curious to see if there was anything about this attack vector on google and searched "userplane chat malware" I found the following siteadvisor summary of the site.

http://www.siteadvisor.com/sites/userplane.com/summary/

The user comment by "art" posted on 3/30/2006 indicates that a Userplane advertisement from "ErrorSafe" seems to prompt messages to install its software. I don't know if the messages I captured are from Errorsafe, but judging by the way they completely interrupted the chat experience , I doubt Userplane would allow code in the advertisements that interrupts the users experience so completely. However, who knows...AOL (owner of Userplane) is pretty hard up for advertising revenue with their recent troubles.

Comments

Popular posts from this blog

Highly targeted Cpg vaccine immunotherapy for a range of cancer

Significance?


This will surely go down as a seminal advance in cancer therapy. It reads like magic:

So this new approach looks for the specific proteins that are associated with a given tumors resistance to attack by the body's T cells, it then adjusts those T cells to be hyper sensitive to the specific oncogenic proteins targeted. These cells become essentially The Terminator​ T cells in the specific tumor AND have the multiplied effect of traveling along the immune pathway of spreading that the cancer many have metastasized. This is huge squared because it means you can essentially use targeting one tumor to identify and eliminate distal tumors that you many not even realize exist.

This allows the therapy for treating cancer to, for the first time; end the "wack a mole" problem that has frustrated traditional shot gun methods of treatment involving radiation and chemotherapy ...which by their nature unfortunately damage parts of the body that are not cancer laden but …

Engineers versus Programmers

I have found as more non formally trained people enter the coding space, the quality of code that results varies in an interesting way.

The formalities of learning to code in a structured course at University involve often strong focus on "correctness" and efficiency in the form of big O representations for the algorithms created.

Much less focus tends to be placed on what I'll call practical programming, which is the type of code that engineers (note I didn't use "programmers" on purpose) must learn to write.

Programmers are what Universities create, students that can take a defined development environment and within in write an algorithm for computing some sequence or traversing a tree or encoding and decoding a string. Efficiency and invariant rules are guiding development missions. Execution time for creating the solution is often a week or more depending on the professor and their style of teaching code and giving out problems. This type of coding is devo…

First *extra Galactic* planetary scale bodies observed

This headline


Significance?
So every so often I see a story that has me sitting at the keyboard for a few seconds...actually trying to make sure the story is not some kind of satire site because the headline reads immediately a nonsense.
This headline did just that.
So I proceeded to frantically click through and it appears it was a valid news item from a valid news source and my jaw hit the floor.
Many of you know that we've been finding new planets outside of our solar system for about 25 years now.
In fact the Kepler satellite and other ground observatories have been accelerating their rate of extra-solar planet discoveries in the last few years but those planets are all within our galaxy the Milky Way.
The three major methods used to detect the bulk of planets thus far are wobble detection, radial transit and this method micro lensing which relies on a gravitational effect that was predicted by Einstein in his general theory of relativity exactly 103 years ago.
https://exoplanet…