Rage Skywolfe wrote:
> I got a couple of webshield warnings that listed two exploits one of
> those being microsoft video streaming active x (type 704) which I
> earlier I came across this that was on the bing site which was also
> caught by the shield. "Virus found
> HTML/Framer";"www.bing.com/captionHandler.aspx?IG=623aeaa144c9495998a7a10c279 06279&pu=http%3A%2F%2Fzyejanag.cn%2Frf%2FrepeatWas .pdf&IID=SERP.1&d=230704357822&w=23900be1,d25ae3fe &q=zyejanag.cn";"";"7/24/2009,
> 10:22:10 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
> (firefox being in this case is what the browser was when it came up)
> my question is what are the symptoms of exploits exactly. and has the
> webshield caught it as well as what I listed above.
The .Chinese zyejanag.cn site is attempting to use the AX exploit. That
your unidentified "web shield" security program caught it means that it
should have blocked that web page from even loading or blocked the
malicious content on it. Since it alerted means it protected you.
Obviously your unidentified security program already caught the exploit.
Presumably you have used Windows Update to also eliminate the exploit.
The exploits will be inuse for a long time after the patch since many
users don't bother to keep updated their Windows installation. Can't be
specific about a "web shield" alert from an unidentified security
obfuscation (see http://www.finjan.com/Content.aspx?id=1456
trick isn't itself malware but can be used to introduce malware. Some
sites use it to protect their content from getting stolen by web
crawlers. Some sites use it to hide from where their content comes. I
used the Finjan SecureBrowser toolbar for awhile but found that where it
alerted on dynamic code obfuscation was not for malicious intent except
at a couple of warez sites (which I visited in trying to find how well
this toolbar worked), so more of its alerts on this detected page
behavior were false alerts. Also, it was of little overall value since
it only scans the sites found in a search engine's results (and now it
appears broken for the current code used by the search web sites). So
far, Avast's Web Shield has been adequate in identifying suspect or
malicious web content so I got rid of Finjan's SecureBrowsing toolbar.
You can manually enter a URL for a web site using their tester web page
but I'm not going to bother doing that for every site that I happen to
The symtom of an exploit depends on what code it managed to deposit and
execute on your host. That the door to your house is open doesn't
define just who walked in through that open door.