That really is about it. Those droppers are usually "drive by" sometimes you never even know until VIPRE says "Oh hi. I found this bad thing trying to run" (paraphrased). :)
Incidentally most of the droppers I've run into have been that fake AV scan (an image of "My Computer" faked to look like yours) - Even more amusing; I've run into one of those browsing from my Blackberry. Imagine my surprise when a window came up that had a C:\ drive, telling me I'm infected! Thanks, Jeff Cain Technical Support Analyst Sunbelt Software Email: [email protected]<mailto:[email protected]> Voice: 1-877-673-1153 Fax: 1-727-562-5199 Web: <http://www.sunbeltsoftware.com<http://www.sunbeltsoftware.com/>> Physical Address: 33 N Garden Ave Suite 1200 Clearwater, FL 33755 United States -------------------------------------------------------- If you do not want further email from us, please forward this message to [email protected]<mailto:[email protected]> with the word 'unsubscribe' in the subject of your email. -------------------------------------------------------- Helpful Sunbelt Software Links: Knowledge Base<http://support.sunbeltsoftware.com/> Open a New Support Ticket<http://www.sunbeltsoftware.com/Support/Contact/> Sunbelt Software Product Support Communities<http://www.sunbeltsoftware.com/communities/> From: John Aldrich [mailto:[email protected]] Sent: Friday, May 14, 2010 11:45 AM To: NT System Admin Issues Subject: RE: "A known bad URL was replaced" Yeah... I was reading something about that the other day, how the malware operators would hijack an innocent website and inject a hostile applet. What can you do about that, other than notifying the website operator? [cid:[email protected]][cid:[email protected]] From: Jeff Cain [mailto:[email protected]] Sent: Friday, May 14, 2010 11:31 AM To: NT System Admin Issues Subject: RE: "A known bad URL was replaced" Your ISP may not use the same bad-URL lists that Threat Track does. The bad scripts could certainly be a hijacked website. I've seen many more of these lately. Those iFrame droppers can be nasty. Thanks, Jeff Cain Technical Support Analyst Sunbelt Software Email: [email protected]<mailto:[email protected]> Voice: 1-877-673-1153 Fax: 1-727-562-5199 Web: <http://www.sunbeltsoftware.com<http://www.sunbeltsoftware.com/>> Physical Address: 33 N Garden Ave Suite 1200 Clearwater, FL 33755 United States -------------------------------------------------------- If you do not want further email from us, please forward this message to [email protected]<mailto:[email protected]> with the word 'unsubscribe' in the subject of your email. -------------------------------------------------------- Helpful Sunbelt Software Links: Knowledge Base<http://support.sunbeltsoftware.com/> Open a New Support Ticket<http://www.sunbeltsoftware.com/Support/Contact/> Sunbelt Software Product Support Communities<http://www.sunbeltsoftware.com/communities/> From: John Aldrich [mailto:[email protected]] Sent: Friday, May 14, 2010 11:28 AM To: NT System Admin Issues Subject: RE: "A known bad URL was replaced" Our ISP has a RedCondor appliance that they run our email through. Guess I ought to advise them that we're getting bad URLs through the filter. Also, I'm getting more notifications of bad scripts blocked on "previously good" sites. Would that mean that the site was likely hacked and a bad applet inserted or something? [cid:[email protected]][cid:[email protected]] From: Jeff Cain [mailto:[email protected]] Sent: Friday, May 14, 2010 11:26 AM To: NT System Admin Issues Subject: RE: "A known bad URL was replaced" If VIPRE removed a URL from an email that means it was in our "bad" list from Threat Track. VIPRE was most likely not over-reacting. Which spam filter do you use? Thanks, Jeff Cain Technical Support Analyst Sunbelt Software Email: [email protected]<mailto:[email protected]> Voice: 1-877-673-1153 Fax: 1-727-562-5199 Web: <http://www.sunbeltsoftware.com<http://www.sunbeltsoftware.com/>> Physical Address: 33 N Garden Ave Suite 1200 Clearwater, FL 33755 United States -------------------------------------------------------- If you do not want further email from us, please forward this message to [email protected]<mailto:[email protected]> with the word 'unsubscribe' in the subject of your email. -------------------------------------------------------- Helpful Sunbelt Software Links: Knowledge Base<http://support.sunbeltsoftware.com/> Open a New Support Ticket<http://www.sunbeltsoftware.com/Support/Contact/> Sunbelt Software Product Support Communities<http://www.sunbeltsoftware.com/communities/> From: John Aldrich [mailto:[email protected]] Sent: Friday, May 14, 2010 10:45 AM To: NT System Admin Issues Subject: "A known bad URL was replaced" I keep getting notices from Vipre that one or another machine has cleaned an email of a known bad URL, but it never really gives me any more info. Should I be worried that this stuff is getting past our spam/virus filters? Also, is this *really* cleaning a bad URL or is Vipre overreacting? [cid:[email protected]][cid:[email protected]] ... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<inline: image001.jpg>>
<<inline: image002.jpg>>
