cancel
Showing results for 
Search instead for 
Did you mean: 

transparent downloads

SOLVED
Go to solution
Bank Outlaw
Occasional Contributor

transparent downloads

Greetings, I do a lot of surfing on the net, I visit all kinds of web sites. During my travels to various web sites, I have noticed that some web sites have a sneaky type of code intermingled with the standard HTML, XML, JAVA, etc, that permits a web site to download and execute a file to a users hard drive, that is totally transparent and undisclosed to the user. I know this is the case as I have been a victim of semi this malicious act. Although, no damage was initiated, the possibility and potential of becoming a real victim was wide open. I have been secretely downloaded and executed to on two occasions now. The first time a telephone dialer was downloaded and exeuted. It knocked me offline, and attempted to dial into a long distance phone number, to a porn site in Norway, which would have added a charge of $4.95 a minute plus long distance charges to my phone bill. Upon examining my disk, I found the dialer.exe program, several new directory folders, DLL files, entries into my registry, and check this out, there was even a text file, and a signatured HTML file indicating I accepted their agreement when I downloaded and executed their software. The second time was similar to the first, with the inclusion of some software that defaulted me to their search engine when I received a HTML 404 Error because I entered a wrong URL, plus, popup advertisements, everytime I went to a new URL. There was also a dialer program, this time to Germany and a Bondage type web site. And of course, a multitude of registry entries to auto start the program at boot time. I was rather impressed how they did this, right in front of me, but behind my back, but at the same time, very angry because of the potential I left myself open to.
I was wondering, can anyone help me here.. I want to learn whats going on. Most of all, I want to learn how to defend against these transparent download end executions.
My system is a hp Pavilion 633mh, using Windows ME. I use the MSIE 6.1 when surfing. My mail agent is Outlook 6.0, any assistance would be helpful. THanks, Cigars Ash
2 REPLIES
Ron Kinner
Honored Contributor
Solution

Re: transparent downloads

You are seeing examples of what Norton Antivirus calls js.exception.exploits.

http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html

One reason you get these is that you are missing a security patch. Go to windowsupdate.microsoft.com and click on Product Update. It should tell you what downloads you need.

Also open IE and select tools/internet options/Security. Now move the slider up to the High end and press apply before visiting potentially nasty websites. You can also leave it at Medium and hit Custom and make sure that it prompts you before running java or active x scripts. If that doesn't work for your system then go to http://www.microsoft.com/downloads/search.asp? and search for all downloads for ME and find the section on IE6 and see if you have all of them. Best to install in calendar order from oldest to newest. Ditto for Outlook.

You should be running a good uptodate virus scanner and always save the files before executing them.

Another good thing to do is to get ad-aware.
http://www.lavasoftusa.com/downloads.html

Load it and then have it scan your computer for spyware. It is amazing what garbage it finds that you get when you download otherwise harmless software.

Make sure you do not let Outlook show you a summary of each email. Sometimes that's enough to trigger a virus.

Finally get the free version of zone alarm at www.zonelabs.com. If you do pick up something then zone alarm may prevent it from spreading.

Ron
Bank Outlaw
Occasional Contributor

Re: transparent downloads

Ron, thanks very much for the excellent response, it was just what I needed. I did download and install the patches from microsoft, and then I downloaded the freeware from Lavasoft. I found stuff on my disk that I overlooked when I ran thru it manually. I learned that companies like Address.com, Gator, and 5 others have found their way to my system... NOT NO MORE tho. Thanks again, Cigars Ash