Is this encoded JScript a hacking exploit ?

Discussion in 'Feedback' started by harrytrader, Apr 9, 2004.

  1. Baron

    Baron ET Founder

    The trojan you are referring is coming from your own machine and is exploiting a vulnerability in your copy of Internet Explorer by inserting a special jscript encode function. It is inserting this code in the content of certain web pages you surf to determine whether it can find any private information of yours on those pages. This trojan is distributed via email (so that's how you got it). It has infected your machine because you have not installed the latest patches available for your browser and operating system. I recommend you visit http://windowsupdate.microsoft.com to review the list of patches and upgrades that are available for your machine.
     
    #11     Apr 19, 2004
  2. OMG! lol!

    Explains why my AVG never encountered anything here. I'm clean! :cool:
     
    #12     Apr 19, 2004
  3. Baron,

    That may be true but I have Windows Update download new copies automatically and am up-to-date.

    Just to make sure I went there again, and a revisit a few seconds ago reveals "There are no critical updates available at this time." and absolutely no IE updates of any kind, critical or otherwise. Check the attached jpg to see that I've got the latest IE 6 updates.

    I have also never had this problem on any other pages I have visited on any other site, ever.

    My McAfee software is set up to automatically update and does so every other day or so. It claims to detect and delete a new Trojan every time I visit this thread.

    What am I missing?
     
    #13     Apr 19, 2004
  4. Also I just completed a full scan using McAfees latest virus definitions which does not show any infections on my machine.

    I'm willing to believe that my machine is somehow infected despite the fact that the software that detects the trojan tells me I don't have it after it deletes it. However, it seems suspicious to me that the only place I've ever encountered this problem is a topic about possible jscript hacking.

    I've been a programmer for over 20 years, and know a fair bit about trojans and such. I know PHP, HTML, etc. and while I don't consider myself an "expert" I'm not your typical neophyte.

    I can't find enough information about the trojan in question to know what this actually might be but I do know that McAfee has been able to detect the trojan it thinks I get from this thread for over two months. Since my machine is only a month old I don't see how I would have been infected in the iterim, IE vulnerabilities notwithstanding.

    - Curtis
     
    #14     Apr 19, 2004
  5. Baron

    Baron ET Founder

    The online resources I consulted said that there isn't even a patch from Microsoft that's available for that Trojan yet. So if you are infected, it's not because you don't have the latest patches. So I take back my previous comment in that regard. Obviously you can't patch something when there's no patch available yet.
     
    #15     Apr 19, 2004
  6. Wonders, wonders of modern day technology....

    About 20 months ago I had a laptop infected with SOMETHING, never worked out what it was. McAfee, Norton, NOD32, AVG, Ad-Aware, Pestpatrol never detected anything. but when I tried to open a file it would tell me the file was empty and then it automatically deleted the file.

    (By the way I have been in the IT since 1984 and am pretty savvy on the technical level, so this is not some dumb user problem)

    It took me ONE MONTH to get rid of the darn thing. At the time I had two machines and somehow I crossinfected the "clean" machine and the backups on external hard disks :confused: :mad: .

    I had to re-install everything from scratch after I had done a fix on the master boot record.

    Since then I have adapted my browsing habits, email habits and backup / restore procedures.

    Bascially I make sure I have all the software available and where- ever all possible patches and Service Packs downloaded, scanned and on CD.

    I then install the PC and make a backup onto CD (image of the partition) I also seperate program software from data. Sensitive data is stored in an encrypted file that is first closed before browsing. After browsing a restore is being done. No browsing / email etc is done prior and during trading hours. ( Restore takes about 12 minutes with the software I am presently using, it was less than 6 minutes some time ago but I installed some big stuff)

    Basically when I am trading it is with a setup that has "never" browsed the internet and the only connection it has ever seen is the broker and the datafeed.

    In addition I am not using any trading associated software that is having "realtime authentication" and remote server based/originated. In other words: All my software is localised and standalone stuff. Too easy to slip something in the trading software to say " if this is user XYZ then extract the strategy and send it to PQR email address". People have been doing less rewarding things for far more risks, don't underestimate the risks of your systems (strategies) getting stolen online.

    Every week I install another backup that has the latest anti virus, trojan, spyware, etc installed and I then first check my encrypted data. (encrypted data gets opened after first updating the anti xxx stuff, the order of the routine is important to avoid contamination in case if there is something present)

    Slowly but surely I feel the quality of software is going backwards and that inferior (but complex mathematical) stuff is "shoved down our throats". I do no longer believe in complex strategies, indicators etc.

    Basically I believe in the Fear, Greed and Manipulation as being the major, if not exclusive, motivators of any market movement. All one needs is some simple stuff on how to measure this fear, greed and manipulation.

    This is available in most software but then there is some important stuff that used to be available in older software but no longer gets implemented in the "modern" crap.

    What I am saying is that progress is a two sided sword and let's not forget what Gerald Loeb, Jessie Livermoore and others discovered: The real (long term) money is being made by longer term position trading, not by the intraday micro scalping. (The intraday microscalping only works because of a technological edge and sooner or later will be obsolete) Intraday may be fun and may be rewarding short term but over a longer timeperiod it hardly stays profitable.

    Hope that my raving about software and associated risks of spying on your stuff makes sense.

    Peace
    :cool:
     
    #16     Apr 23, 2004
  7. Sounds kind of like trying to keep from getting AIDS from having sex by cutting off your wanker, putting it in a safe, have sex (using a strap-on), and then reattaching your little Bill - instead of just wearing a condom. :) :) :)
     
    #17     Apr 23, 2004

  8. Most people place far too much trust in the anti virus, anti spame, anti trojan etc software.

    As usual it is all a cost / benefit analysis. What would you rather experience: weekly spend two hours on a weekend for "maintenance" (updating, making new backup etc) or going down in the middle of your trading and be down for a month?

    I see it as cyber warfare againsts those who have unfathomable objectives in mind by disrupting everything.

    How many steps do you take? How complacent are you? Already forgotten Sept 11? Or the Bali bombing? Or the Spain railways?

    Oh yeah, I forgot " It won't happen to me ", yes, once upon a time I thought that too.

    Peace.

    :cool:
     
    #18     Apr 23, 2004
  9. Hey Baron,

    I'm NOT a techi but your suggestion that a trojan virus on our machines is looking for script or something doesn't make sense to me. Until recently my ActiveX blockers never kicked in when I visited ET. And they don't show up on other web sites...

    I'm Confused??
     
    #19     Apr 24, 2004