[geeks] filtering out web base trojan?
Sridhar Ayengar
ploopster at gmail.com
Sun Mar 16 12:18:39 CDT 2008
Sheldon T. Hall wrote:
> Alois Hammer said ...
>
>> Also, the outright bulk compromise of normally-trustworthy sites is
>> still going on, as far as I know.
>
> Yep, over 10,000 sites counted by
> http://www.incidents.org/diary.html?storyid=4139.
>
> I've seen, twice, "advertisements" carried by normally-OK websites that pop
> up that "your computer is infected" box. Evidently, the bad guys have
> compromised some advertising-distribution server[s], in addition to the
> IFRAME issue. Or maybe it it's the same issue.
>
> I really miss running my own DNS server; it was easy to block a large
> percentage of advertising sites outright, by getting the list from YoYo
> (http://pgl.yoyo.org/adservers) and letting DNS point those host names to
> localhost. I added a list of known malware sites and other bad actors, too,
> of course. It wasn't foolproof, and it did require maintenance, but I
> really liked the results.
You can do the same thing with hosts files.
Peace... Sridhar
More information about the geeks
mailing list