Quote:
Originally posted by Mr. Mojo
So how did this happen?
|
From the SpywareInfo site,
Quote:
There are several possible means of distributing this hijack. The most common way is to spam people with a link to a web site hosting the malicious code. Some email clients also may download and execute a malicious java applet as soon as the attacker's email is opened or previewed.
Please do not be fooled by "experts" who downplay the danger of this and other flaws by saying the victim would first have to visit a malicious web site. There are many ways to force a victim's computer to load a particular web site. We help dozens of victims of such hijacks every single day at the support forums.
Victims show none of the regular symptoms of a browser hijack other than a bad HOSTS file. There are no suspicious activex objects or other tell-tale signs of infections. This leads me to believe that the victim was hijacked using either Microsoft Java VM or MSHTA.
The CWS trojan is one example of malware that exploits the ByteVerify flaw in Microsoft's proprietary version of Java. Faulty code checking allows an attacker to run arbitrary code on the victim's machine. This flaw has been patched in an updated version of Microsoft VM. My advice is to install the much more secure Sun Java and to use that instead of Microsoft Java.
The other possibility is the object data flaw I've written about previously. A flaw exists in Microsoft Internet Explorer that allows a malicious hacker to fool it into running malicious scripts with reduced security restrictions. Microsoft released a patch for this flaw, but unfortunately it failed to fix the problem. A workaround is either to disable ActiveX controls and plugins in Internet Options > Security or to run the HTAStop program from NSClean.
|
So, first thing is dump Microsoft VM and replace with Sun Java.
Personally, I use the Mozilla Firebird browser, and haven't had any security issues (IE can leave a lot of holes open). I also run Ad-Aware and SpyBot every other week or so.