Dangerous site: Infectionscanner.com

Post Reply
ander
Posts: 2
Joined: Wed Jul 02, 2008 7:32 am

Dangerous site: Infectionscanner.com

Post by ander » Wed Jul 02, 2008 7:32 am

Tonight, I inadvertently got redirected to a site that showed one of those phony "Your PC is infected!" messages and asked me to click OK to install their "scanner" software. Each time I tried to close the dialog box or my browser window, the site used JavaScript to cancel my close request and open a file-download box (just in case I was dumb enough to click "OK" on that instead). I could not get rid of the site by normal means.

Fortunately, I'd installed the QuickJava Firefox add-on, which let me deactivate JavaScript by clicking an icon. Otherwise I suppose I would've had to use Program Manager to kill Firefox manually.

Naturally, I was gave this site a "red" WOT rating---but I noticed two things:

_ The site hadn't been WOT-rated.

_ Once I rated the site, and WOT's "unsafe site" message appeared over its webpage, this did not stop the webpage from opening its creepy dialog and download boxes---even when I quit and re-ran Firefox, and returned to the site as a test. (But maybe that's not part of WOT's functionality.)

The site to avoid is http://infectionscanner.com

The actual page I was directed to was http://infectionscanner.com/nag/2/?aid=dogma&lid=keyin&affid=240&n=nag&install=1

Cheers, ander

Sami
Posts: 6987
Joined: Sat Oct 07, 2006 11:43 am

Re: Dangerous site: Infectionscanner.com

Post by Sami » Wed Jul 02, 2008 8:48 am

Thanks for the information. WOT doesn't disable JavaScript for poorly rated sites or prevent you from accessing them. You could use [url=http://noscript.net/ t=_self]NoScript[/url] for stopping scripts, if you prefer. You can also configure WOT to block access to poorly rated sites, but it will slow down your browsing, because ratings must be fetched before the website is loaded.

logicman
Posts: 378
Joined: Sat Jun 28, 2008 12:58 am

rogue antivirus

Post by logicman » Wed Jul 02, 2008 7:22 pm

This was reported at Castlecops:
http://www.castlecops.com/postp1102875.html

Variants of this scam keep popping up (was that a pun?)
I've had two such nag-attacks this month, but in a sandbox.

This report may also be of interest:
http://blogs.stopbadware.org/articles/2008/03/27/alert-xp-antivirus-2008

Recommended stay-safe software:
http://www.sandboxie.com/
Please read up on Sandboxie before using.

cotojo
Posts: 2568
Joined: Fri Jul 04, 2008 10:50 am

AntiVirus2008

Post by cotojo » Fri Jul 04, 2008 10:50 am

Sadly many surfers have fallen victim to this one and downloaded it. The good news being that it is easily removed using RogueRemover and Malwarebytes anti-malware.
http://www.download.com/RogueRemover/3000-8022_4-10634508.html
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Sandboxie, as recommended by logicman is an awesome tool, I use it all of the time apart from one pc which I use to test programs on.
With Sandboxie you will never get any malware infections, everything is completely isolated unless you recover items outside of the box.

Colin
http://cotojo.wordpress.com - Free PC Security

phantazm
Posts: 4906
Joined: Thu Jan 03, 2008 1:46 pm

Malware indeed...

Post by phantazm » Fri Jul 04, 2008 6:38 pm

SiteAdvisor also rates this site Yellow/Red:
http://www.siteadvisor.com/sites/infectionscanner.com

phantazm
Posts: 4906
Joined: Thu Jan 03, 2008 1:46 pm

Blocking scripts..?

Post by phantazm » Fri Jul 04, 2008 6:40 pm

Try NoScript for FireFox, if you want to block centain sites, but not them all...

auswan
Posts: 2
Joined: Tue Sep 30, 2008 5:55 am

Browser slow down when WOT is configured to block

Post by auswan » Tue Sep 30, 2008 5:55 am

It will be great if the next release of WOT can include the optimisation of browsing speed when WOT is configured to block access to poorly rated sites. Or maybe, by fetching only the required rating (depends on per user configuration, e.g, only Trustworthiness is configured for blocking, other WOT rating categories are configured to warning only). WOT is a very impressive innovation, and thumbs up for all the developers and supporters!!!

Sami
Posts: 6987
Joined: Sat Oct 07, 2006 11:43 am

Re: Blocking

Post by Sami » Tue Sep 30, 2008 6:09 am

Blocking will always be slightly slower, because the add-on has to load ratings before allowing access to the site, but we'll see if it can be improved.

Toptiger5
Posts: 84
Joined: Wed Apr 23, 2008 3:21 pm

Three Fingers

Post by Toptiger5 » Sun Jan 18, 2009 7:04 pm

Control Alt Delete whenever you see this! Exit all running applications before you try to touch the popups and you'll be safe. I speak from own experience.

Xp54321
Posts: 1046
Joined: Sun Oct 05, 2008 3:14 am

Tested

Post by Xp54321 » Mon Jan 19, 2009 1:50 am

Went there under Sandboxie. :) Again, Firefox 3.0.5 w/ NoScript and AdBlock enabled. Firefox warned it was an attack site. :D I bypassed the warning. (Not recommended under a normal browsing session) The site is currently down from my point of view anyways. I use Verizon FiOS and it (The Verizon page displayed when you try to visit a non-existent site[Or maybe blocked site...?])said it could not find the site. Blocked by ISP or is the site just gone? :)

Also, one more thing about Sandboxie. When opening a new sandboxed web browser. Make sure you wipe all the private data. There may be vulnerabilities that allow the stealing of that data from the browser (In fact, there have been) since a sandboxed program launches with your current settings for it. That sandbox is worth nothing for protecting you if you left all your data in there. :)

Also, quite a few dangerous sites are blocked by Avast!. :)

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests