[geeks] filtering out web base trojan?
Sheldon T. Hall
shel at artell.net
Sun Mar 16 05:58:44 CDT 2008
Alois Hammer said ...
> Also, the outright bulk compromise of normally-trustworthy sites is
> still going on, as far as I know.
Yep, over 10,000 sites counted by
http://www.incidents.org/diary.html?storyid=4139.
I've seen, twice, "advertisements" carried by normally-OK websites that pop
up that "your computer is infected" box. Evidently, the bad guys have
compromised some advertising-distribution server[s], in addition to the
IFRAME issue. Or maybe it it's the same issue.
I really miss running my own DNS server; it was easy to block a large
percentage of advertising sites outright, by getting the list from YoYo
(http://pgl.yoyo.org/adservers) and letting DNS point those host names to
localhost. I added a list of known malware sites and other bad actors, too,
of course. It wasn't foolproof, and it did require maintenance, but I
really liked the results.
-Shel
More information about the geeks
mailing list