Welcome
Username or Email:

Password:


Missing Code




[ ]
[ ]
Online
  • Guests: 102
  • Members: 0
  • Newest Member: omjtest
  • Most ever online: 396
    Guests: 396, Members: 0 on 12 Jan : 12:51
Members Birthdays:
One birthday today, congrats!
Alexandre (33)


Next birthdays
05/07 a.gutzeit (64)
05/08 wpk5008 (35)
05/09 Alfons (37)
Contact
If you need assistance, please send an email to forum at 4hv dot org. To ensure your email is not marked as spam, please include the phrase "4hv help" in the subject line. You can also find assistance via IRC, at irc.shadowworld.net, room #hvcomm.
Support 4hv.org!
Donate:
4hv.org is hosted on a dedicated server. Unfortunately, this server costs and we rely on the help of site members to keep 4hv.org running. Please consider donating. We will place your name on the thanks list and you'll be helping to keep 4hv.org alive and free for everyone. Members whose names appear in red bold have donated recently. Green bold denotes those who have recently donated to keep the server carbon neutral.


Special Thanks To:
  • Aaron Holmes
  • Aaron Wheeler
  • Adam Horden
  • Alan Scrimgeour
  • Andre
  • Andrew Haynes
  • Anonymous000
  • asabase
  • Austin Weil
  • barney
  • Barry
  • Bert Hickman
  • Bill Kukowski
  • Blitzorn
  • Brandon Paradelas
  • Bruce Bowling
  • BubeeMike
  • Byong Park
  • Cesiumsponge
  • Chris F.
  • Chris Hooper
  • Corey Worthington
  • Derek Woodroffe
  • Dalus
  • Dan Strother
  • Daniel Davis
  • Daniel Uhrenholt
  • datasheetarchive
  • Dave Billington
  • Dave Marshall
  • David F.
  • Dennis Rogers
  • drelectrix
  • Dr. John Gudenas
  • Dr. Spark
  • E.TexasTesla
  • eastvoltresearch
  • Eirik Taylor
  • Erik Dyakov
  • Erlend^SE
  • Finn Hammer
  • Firebug24k
  • GalliumMan
  • Gary Peterson
  • George Slade
  • GhostNull
  • Gordon Mcknight
  • Graham Armitage
  • Grant
  • GreySoul
  • Henry H
  • IamSmooth
  • In memory of Leo Powning
  • Jacob Cash
  • James Howells
  • James Pawson
  • Jeff Greenfield
  • Jeff Thomas
  • Jesse Frost
  • Jim Mitchell
  • jlr134
  • Joe Mastroianni
  • John Forcina
  • John Oberg
  • John Willcutt
  • Jon Newcomb
  • klugesmith
  • Leslie Wright
  • Lutz Hoffman
  • Mads Barnkob
  • Martin King
  • Mats Karlsson
  • Matt Gibson
  • Matthew Guidry
  • mbd
  • Michael D'Angelo
  • Mikkel
  • mileswaldron
  • mister_rf
  • Neil Foster
  • Nick de Smith
  • Nick Soroka
  • nicklenorp
  • Nik
  • Norman Stanley
  • Patrick Coleman
  • Paul Brodie
  • Paul Jordan
  • Paul Montgomery
  • Ped
  • Peter Krogen
  • Peter Terren
  • PhilGood
  • Richard Feldman
  • Robert Bush
  • Royce Bailey
  • Scott Fusare
  • Scott Newman
  • smiffy
  • Stella
  • Steven Busic
  • Steve Conner
  • Steve Jones
  • Steve Ward
  • Sulaiman
  • Thomas Coyle
  • Thomas A. Wallace
  • Thomas W
  • Timo
  • Torch
  • Ulf Jonsson
  • vasil
  • Vaxian
  • vladi mazzilli
  • wastehl
  • Weston
  • William Kim
  • William N.
  • William Stehl
  • Wesley Venis
The aforementioned have contributed financially to the continuing triumph of 4hv.org. They are deserving of my most heartfelt thanks.
Forums
4hv.org :: Forums :: General Chatting
« Previous topic | Next topic »   

Help understanding MALICIOUS IPs

Move Thread LAN_403
IamSmooth
Sat Jul 17 2010, 10:03PM Print
IamSmooth Registered Member #190 Joined: Fri Feb 17 2006, 12:00AM
Location:
Posts: 1567
I went to watch some DragonBall Z videos online. I did a search and found a site with over 300 episodes. When I clicked on the link my MalwareBytes intercepted a malicious IP. Now I don't think the sites creator intended this to happen (or maybe he did), but it seems that an ad-page that is linked to the site tried to do this.

Can anyone clear up why some legitimate sites have malicious code associated with them, or are the sites not so innocent?
Back to top
Hon1nbo
Sun Jul 18 2010, 03:44AM
Hon1nbo Registered Member #902 Joined: Sun Jul 15 2007, 08:17PM
Location: Pacific Northwest USA
Posts: 1042
it could possibly be a middle of the road injection, meaning the code had a bit added in that was malicious in the process of transferring data to your computer - it's been done, usually only a small bit can happen at a time but that small bit can matter. Try switching to "https" and see if it stops, I think it is harder to inject the code if the security certificate is invoked rather than a strait up query but I could be wrong

Or, the owner could have linked to the site thinking it was safe. McAfee has a Firefox Addon called Site Advisor that's free - it can tell you if it's the site or if its a link to another site on that site (it even has a "spider-web: view to see the malicious site in relation to the legit site

-Jimmy
Back to top
...
Sun Jul 18 2010, 04:40AM
... Registered Member #56 Joined: Thu Feb 09 2006, 05:02AM
Location: Southern Califorina, USA
Posts: 2445
Usually when this happens it is the adds that are flagged, often times they contain malaware. It is also possible the video listing site you are using is put together by a spammer who was simply trying to get his/her malaware on your computer (usually when this is the case the links will be broken, or just direct to more spam).
Back to top
UltraMagnus
Sun Jul 18 2010, 01:21PM
UltraMagnus Registered Member #2875 Joined: Mon May 24 2010, 08:28AM
Location: England
Posts: 42
if it is the adds, install adblock plus
Back to top
quicksilver
Sun Jul 18 2010, 02:21PM
quicksilver Registered Member #1408 Joined: Fri Mar 21 2008, 03:49PM
Location: Oracle, AZ
Posts: 679
I use MalwareBytes and I believe it's well designed. Some products use heuristics that trigger with impunity (Norton) but I don't think that's an issue with MalwareBytes. However if the site was designed to provide more ad features than would be possible with a pop-up blocker enabled in the browser, on occasion that may trigger an malware alert.
Many times I've seen a work around for pop-up blockers where a window will walk across the screen. Just an opinion but when a web designed attempt to get that ad in there; that may trigger the alert.
Back to top
IamSmooth
Sun Jul 18 2010, 04:25PM
IamSmooth Registered Member #190 Joined: Fri Feb 17 2006, 12:00AM
Location:
Posts: 1567
Does anyone know how they write to the operating system? I don't understand why the PC would allow something like this, while the iMac seems immune.
Back to top
UltraMagnus
Sun Jul 18 2010, 04:44PM
UltraMagnus Registered Member #2875 Joined: Mon May 24 2010, 08:28AM
Location: England
Posts: 42
unix based operating systems have a permissions system that stops anything not run as root from writing to protected areas. They would be almost as vulnerable if someone was stupid enough to browse the internet as root, which is effectively what you do on windows.

Windows NT was supposedly designed for the internet, but the internet was designed for Unix.
Back to top

Moderator(s): Chris Russell, Noelle, Alex, Tesladownunder, Dave Marshall, Dave Billington, Bjørn, Steve Conner, Wolfram, Kizmo, Mads Barnkob

Go to:

Powered by e107 Forum System
 
Legal Information
This site is powered by e107, which is released under the GNU GPL License. All work on this site, except where otherwise noted, is licensed under a Creative Commons Attribution-ShareAlike 2.5 License. By submitting any information to this site, you agree that anything submitted will be so licensed. Please read our Disclaimer and Policies page for information on your rights and responsibilities regarding this site.