Dear All,
Browsing with Namoroka 3.6.8 on Gentoo, I just stumbled across a webpage containing Javascript that was probably trying to install malicious code on my system. The script
- claimed (implausibly) to be a malware scanner, and (even more implausibly, because the places it claimed to have looked were Windows-specific directory names that don't exist on my system) that it had found half a dozen items of malware on my system;
- generally made a nuisance of itself by grabbing focus with dialogue boxes (this seemed odd - my browser settings forbid Javascript to raise or lower windows, yet my main browser window was, to all intents and purposes, irreversibly lowered by the presence of the dialogue boxes, and the only browser actions possible were to click on dialogue box buttons or do a window-manager close on the dialogue box)
- did a passable impersonation of Windows Update (or at least, it would have been passable if the system I was looking at it with had been running Windows ;-)); and
- finished up by offering me a download of an executable Windows binary, which I rejected.
I took a look at the Javascript source code, but it was _very_ obfuscated.
My question is - could the script have got any sort of access to my local filesystems or otherwise done any damage?
On 06/09/10 12:50, Dan wrote:
- finished up by offering me a download of an executable Windows binary, which I rejected.
[...]
My question is - could the script have got any sort of access to my local filesystems or otherwise done any damage?
Highly unlikely: these scripts are generally aimed at persuading the user to download and run the trojan; it's far easy to apply a bit of social engineering than it is to get past even basic browser security. Given that the script almost certainly had access to your browser's user-agent and didn't bother to present something more targetted at your OS I'd be very surprised if they'd have known what to do with yout filesystem if they saw it!
For what it's worth, I've seen this on Windows machines and not detected any problems afterwards (provided the .exe wasn't downloaded of-course).
On Mon, 6 Sep 2010, Mark Rogers wrote:
On 06/09/10 12:50, Dan wrote:
My question is - could the script have got any sort of access to my local filesystems or otherwise done any damage?
Highly unlikely: these scripts are generally aimed at persuading the user to download and run the trojan; it's far easy to apply a bit of social engineering than it is to get past even basic browser security. Given that the script almost certainly had access to your browser's user-agent and didn't bother to present something more targetted at your OS I'd be very surprised if they'd have known what to do with yout filesystem if they saw it!
For what it's worth, I've seen this on Windows machines and not detected any problems afterwards (provided the .exe wasn't downloaded of-course).
Many thanks to Mark and Tim. That's reassuring. Also, a clamscan of my filesystems has finally completed and come up clean, apart from a couple of suspected phishing messages in an old e-mail folder.
On 6 September 2010 12:50, Dan vi5u0-alug@yahoo.co.uk wrote:
Dear All, Browsing with Namoroka 3.6.8 on Gentoo, I just stumbled across a webpage containing Javascript that was probably trying to install malicious code on my system. The script
- generally made a nuisance of itself by grabbing focus with dialogue
boxes (this seemed odd - my browser settings forbid Javascript to raise or lower windows, yet my main browser window was, to all intents and purposes, irreversibly lowered by the presence of the dialogue boxes, and the only browser actions possible were to click on dialogue box buttons or do a window-manager close on the dialogue box)
Yes. damn annoying web browsers still throw up modal dialog boxes (Yes/No, Username/Passowrd) completely blocking access to other tabs. Apart from lynx, are there any other browsers which don't do that?
Tim,
-
Dan -
Mark Rogers -
Tim Green