[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 30/10/13 13:40, Martijn Grooten wrote:
On Wed, 30 Oct 2013, Julian Hall wrote:I know that any image link on a webpage can link to a drive-by download, that's not the new part. What /is/ new to me is that she got it from an Ebay auction page - that much is established as she hadn't done anything else on the web when the infection announced itself. That I think is a bit of a worry as you can go to a perfectly well trusted - and very popular - website, click on an auction and simply by viewing it end up with a virus.Did this actually happen on eBay, or was there a link from eBay to somewhere else that she clicked on?Note that some malware takes some time before it becomes active, so I would be hesitant to link what she was doing when the infection announced itself to the actual source of the infection. I also haven't heard anything about eBay serving malware. It is possible of course (last week php.net was serving malware) but if it's a big site it's usually discovered pretty quickly.The general message - that by only browing big sites you have nothing to worry - remains true of course. Make sure your browser and all of its plugins are and remain up-to-date.Speaking of ransomware, a _much_ nastier piece of ransomware, also currently spreading, is CryptoLocker, that encrypts your files in a 'secure' way: without the backup, you can only get your files back by paying a huge ransom. (And even then, as you're dealing with crooks, there's no guarantee that you will get them back.) Again, I don't think it targets anything but Windows, but again, the principle could affect any operating system.Martijn.
Hi Martijn,I'm not saying Ebay themselves did, simply that it /seems/ to have come from an auction, presumably a graphic/link the seller inserted in the text, since you can add links - for example to a manufacturer's website. CryptoLocker was mentioned in reference to this one, so I don't know if that was the payload. If it was she got away with it because she can still access all her files after it was cleared.
I agree that virii do take time often to activate, however she is a fairly infrequent Internet user, and this was the only thing she had done in a while, so while you're right it's not conclusive, it does seem more likely than someone surfing for hours and suddenly blaming Ebay.
Kind regards, Julian -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq