Need NoScript like never before....

General discussion about the NoScript extension for Firefox
luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Need NoScript like never before....

Post by luntrus »

Hi users of NoScript,

The web seems to be teaming with so-called malicious SQL-injections and iFrame hacks, and all these were found to be on respectable trusted sites that were being hacked apparently for malicious purposes. Here is information about this malware: http://www.microsoft.com/security/porta ... director.H
In general about these SQL-injecting threats see: http://blogs.technet.com/antimalware/
As a malware fighter at the avast web-forum we saw a definite increase of people that mention to be victims of this kind of malware or site with malicious obfuscated script that is being flagged.
So I think a situation is now being created that using a web-browser without script blocking is no longer feasible. I know I hold an extreme view, but I think we are rapidly getting to this situation now where users without good protection inside browsers are leaving the Internet because of mentioned threat frustrating their online experience. For just a couple of examples of mentioned threats look here:
http://forum.avast.com/index.php?topic=44728.0
http://forum.avast.com/index.php?topic=44700.0
http://forum.avast.com/index.php?topic=44702.0
http://forum.avast.com/index.php?topic=44735.0
http://forum.avast.com/index.php?topic=44703.0
And so we can go on and on and on, so keep your NoScript visors up, my friends,

luntrus aka polonus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090429 Shiretoko/3.5b5pre
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Need NoScript like never before....

Post by GµårÐïåñ »

Thank you for sharing with us. 8-)
We have always felt this way about NoScript's awesomeness but good to know that we were right and others agree :P
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Need NoScript like never before....

Post by Tom T. »

luntrus wrote:So I think a situation is now being created that using a web-browser without script blocking is no longer feasible.
(emphasis added)
"Now"??? :?: :?: :?:

With the XSS, CSRF, clipboard-stealing, etc. ad infinitum, ad nauseam, I've been afraid to use the Internet without NS ever since I discovered NS. :shock:
If it can be made novice-friendly enough, perhaps those at Mozilla who are trying to make NS a default part of Fx will succeed.

If this was a sneaky plug for Avast, I use it on one machine and like it. Thank you very much for supporting it. :)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Re: Need NoScript like never before....

Post by luntrus »

Hi you users of NoScript,

Well at the avast webforum we get so many reports now of users whose connection was disconnected by the avast webshield because of a hidden iFrame malcode or other malcode injections on and this is important trusted sites. Yes many site owners, webmasters or hosters or abuse admins are not able to protect the average user and do not follow a good update regime for their software or do not use proper protection.
What about this code:

Code: Select all

</script>
<script>document.write('^s'+'cript language="JavaScript" src="hxtp://view.atdmt.com/jaction/gbm054_L4DHomepage_1"></s'+'cript>')</script>
<noscript><iframe src="hxtp://view.atdmt.com/iaction/gbm054_L4DHomepage_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"^^/iframe>^/noscript>... 
 
What does s+cript do here? And this actually not malcode, the following "broken" exemplars are certainly:
Script outside of HTML

Code: Select all

 var nav4 = window.Event ? true : false;^^
function msg(){alert('All images on this site are protected...^^ 
Script outside of HTML

Code: Select all

 eval(function(p,a,c,k,e,d)^{e=function(c){return c.toString(36)};if(!''.replace(/^/,String))^{while(c... 
Script outside of HTML

Code: Select all

 eval(function(p,a,c,k,e,d){while(c--)^^{if(k[c]){p=p.replace(new ^^RegExp('\\b'+c.toString(a)+'\\b','g'... 
Now do you realize why NoScript is an in-browser essential. And well I cannot understand why this was not brought into Firefox or flock browsers as by default. Who is on the side of the malcoders here, they are infesting the Internet all over the place, and do we have to endure this just to please the adware trackers and those that live from user click-streams?
Glad I have my NoScript add-on recent version implemented,

luntrus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090504 Shiretoko/3.5b5pre
User avatar
pirlouy
Junior Member
Posts: 28
Joined: Fri Mar 20, 2009 11:48 am

Re: Need NoScript like never before....

Post by pirlouy »

luntrus wrote:Well at the avast webforum we ...
I read several bad reviews of Avast. Do you use Avast ?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090503 Shiretoko/3.5b5pre
User avatar
therube
Ambassador
Posts: 7922
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Need NoScript like never before....

Post by therube »

I have read HORRIBLE reviews of AVG. And that Avast is not much better. (Or was it the other way around.)

But, does that make them bad or wrong?

For some, anything will suffice.

I have also read where Avast/AVG have flagged websites (& correctly I might add) where other A/V products have not. I surf with no A/V, so when I open a web site, everything looks fine to me. But that does not make it so? No. It only means that I am oblivious to the malware it may contain.

Now an Avast/AVG user may be forewarned & therefor decided not to traverse that Porn/Warez link. Me, I want my porn & warze, so I visit the site regardless ;-).

(OK, not actual reviews, but reports of what they can or cannot do efficiently & effectively & how Avast/AVG compares to other A/V products that can & do a more effective job, by persons whose opinion I value.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.21) Gecko/20090403 SeaMonkey/1.1.16
luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Re: Need NoScript like never before....

Post by luntrus »

Hi therube,

I am not here to do a talk on any av, and as I noticed lately that there are a lot of young American users that totally surf without any protection of whatever av, anti-malware or firewall software for that matter, who am I to preach here? Do as you please, and cleanse your machines of all the additional infections. The common trend now of a huge increase of trusted sites being infected by hidden iFrames, SQL injections and other backdoors etc. will certainly slow many a PC to a grinding halt, but already half of all the windows PC's form part of a botnet and are herded by everyone but the man, woman or child between the keyboard and the chair behind the console. But because the botnet=herder wants his apps/malware to go under the radar a lot of users never know they have the infection...

These souls probably cannot be helped by installing and implementing NoScript because even that is well over their heads, and is protection not really a nag.
When you visit your favorite pr0n site or free stuff site, that in more cases than not does not come free, but with additional malcode (keygens, P2P etc. because some parties does not favor these activities to say the least),
use http://safeweb.norton.com/report/show?name=hotican.com to see what resides there or get the current safety status with a scan at: http://www.unmaskparasites.com/security-report/ it may open your eyes why we cannot do without NoScript in the browser to-day, and the av story is just to demonstrate this case,

luntrus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090504 Shiretoko/3.5b5pre
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Need NoScript like never before....

Post by GµårÐïåñ »

Luntrus, thanks for the perspective and if I may say something in therube's defense (I apologize if it is not my place) the dry humor (by own admission) tends to get missed and misunderstood sometimes. No one is suggesting anything against using AV and there is absolutely nothing wrong with it and almost a necessity these days. The assertion is that therube doesn't use it and that's a choice and nothing that factors into this discussion other than the benefit of AV being a personal choice. As far as the benefits of NS, it stays ahead of new developments almost to a fault, so it is safe to say that users of NS will have an added layer of security against these attacks. That being said, I will say what I always say and that is that you have to ALWAYS, regardless of who you got watching your back, be vigilant, proactive and aware of what is going on around you. The minute you become complacent, then you are screwed. Anyway, thanks for letting me chime in here for a sec.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Need NoScript like never before....

Post by Tom T. »

pirlouy wrote:
luntrus wrote:Well at the avast webforum we ...
I read several bad reviews of Avast. Do you use Avast ?
We're admittedly off-topic here, but as luntrus has been a loyal supporter of NS and has at times made suggestions/bug reports and other assistance here, I'd like to return the courtesy.
You can find good and bad reviews of any movie, person, thing, or software on the planet. Regarding the latter, so much depends on how the test was set up, what criteria were used, whether the reviewer had any hidden biases (conflict of interest, paid by one vendor, etc.).

I've used Avast for over a year on one machine. It's fine, for me at least. No false positives, no problems. My only (trivial) complaint was they wouldn't let me delete the skins I didn't want -- waste of 2 MB of disk space. ;)

I use Avira on another machine as it's smaller. lighter, and I like the UI better. (Avast "advanced user" UI is only available on paid version.) But that's personal choice again. Someone else might hate their UI and love Avast's. "De gustibus non disputandum est". (There's no arguing about matters of taste.)

I used to use AVG for all machines, incl. a third one that finally went to computer heavan a while back. IIRC, the reason I got rid of it is that they forced an updated version, 8.0, which I *could not turn off*. Sometimes you want to do that, esp. when installing new sw, to avoid conflicts. "Please close all applications before continuing Setup" etc. Also for defragging, secure erasing, cleanup, etc. And, d'oh, I'd always disconnect from the Net before turning AV off.
therube wrote:I have read HORRIBLE reviews of AVG. And that Avast is not much better. (Or was it the other way around.)
Now an Avast/AVG user may be forewarned & therefor decided not to traverse that Porn/Warez link. Me, I want my porn & warze, so I visit the site regardless ;-).
In my occasional need to go to pr0n and warez sites for tech support and investigation, I've never gotten an actual virus alert.* What they're notorious for is drive-by adware/spyware installations, tracking cookies, Web bugs, and such, and between SpywareBlaster (free) and MVPS Hosts file (free), plus NS, plus Sandboxie... no problems. Once d/l a virus in .txt file just to read it. Huge alert, but it was specific that you had to change extension to .vbs to make it "work". I probably haven't been to the slimiest (or maybe I have lol), but even if you get a virus warning, your AV should still let you browse the site after blocking the virus or quarantining it for deletion. Again, Sandboxie would just flush it down the toilet when the browser was closed, if so configured, and I would always close the browser after visiting such a questionable site, to let SB do its thing.

So it seems it would be possible, and IMHO, desirable, for users without therube's level of tech knowledge to use NS and an AV, even, or especially, at the Dark Side of the Web.

*One exception. On one visit to RSnake (Robert Hansen's) blog, ha.ckers.org, I got a virus alert. Might have been a POC, might have been he was screwing with us, or more likely, one of his friends/rivals was screwing with him. They attempted to XSS him once before, but didn't succeed. Or it might have been a false positive, since there's a lot of code there and who knows what people upload in the comments? Anyway, the virus was blocked and I left the site.

Personal opinion only, comes with no warranty and conveys no rights. Use this information at your own discretion and your own risk only.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
User avatar
pirlouy
Junior Member
Posts: 28
Joined: Fri Mar 20, 2009 11:48 am

Re: Need NoScript like never before....

Post by pirlouy »

I'm proud of this off-topic. :mrgreen: (but you can split it !)

I don't use antivirus/antimalware/HIPS/firewall/etc. But sometimes I read some news about it. I can't give you links, since it's french, but Avast has been seriously criticized (by several sites). In contrast, AntiVir receives positive reviews.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090503 Shiretoko/3.5b5pre
Nan M
Ambassador
Posts: 102
Joined: Thu Mar 19, 2009 12:44 pm

Re: Need NoScript like never before....

Post by Nan M »

pirlouy wrote:I'm proud of this off-topic. :mrgreen: (but you can split it !)

I don't use antivirus/antimalware/HIPS/firewall/etc. But sometimes I read some news about it. I can't give you links, since it's french, but Avast has been seriously criticized (by several sites). In contrast, AntiVir receives positive reviews.
!

Give us the links, go on pirlouy! Some of us have some French reading skills.
Besides, web translation engines are getting better.

*disclaimer: I wouldn't know an AV application if I fell over one. I learned to use the web on a mac and still can't understand how users in Windows can so easily run as admin - out of the box. And how the web browser is so entwined in the system.
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10
User avatar
pirlouy
Junior Member
Posts: 28
Joined: Fri Mar 20, 2009 11:48 am

Re: Need NoScript like never before....

Post by pirlouy »

http://forum.malekal.com/viewtopic.php?p=89938#p89938 (it's the conclusion, but you can read complete page if you want).
More recently: http://www.infos-du-net.com/actualite/d ... -2008.html
:P
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090503 Shiretoko/3.5b5pre (.NET CLR 3.5.21022)
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Need NoScript like never before....

Post by GµårÐïåñ »

pirlouy wrote:I'm proud of this off-topic. :mrgreen: (but you can split it !)

I don't use antivirus/antimalware/HIPS/firewall/etc. But sometimes I read some news about it. I can't give you links, since it's french, but Avast has been seriously criticized (by several sites). In contrast, AntiVir receives positive reviews.
Not to be taken out of context or seen as a position on the subject but I wanted to add that I have used Avast! (per client request) on machines and in our dev environment and it truly brings the overall performance of the system down to a crawling halt and it interfered in very unfriendly manner to perform its functions causing alot of breakage, system hangs and just plain old frustrations. However, to each their own as I know many who use it and love it, so I guess we all have different expectations.

Forgot to add, as Nam said, would love to read the links, s'il vous plaît, and although I don't speak ALOT of French, I manage to get in trouble, like my very broken Italian that embarrasses me when I find out I used the wrong gender :lol: but Giorgio kindly corrects me, merci.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
User avatar
therube
Ambassador
Posts: 7922
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Need NoScript like never before....

Post by therube »

pirlouy wrote:(but you can split it !)
I think it's a good idea, but I'll leave it up to someone else. After all, we did hijack luntrus's thread pretty much, didn't we.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090429 SeaMonkey/2.0b1pre
luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Re: Need NoScript like never before....

Post by luntrus »

Hi you folks,

Well thanks for the exposé. Merci beaucoup. But let us go back to the matter at hand, the massive hidden iFrame attacks on a grand scale found to-day. Just another example, where I try not to mention any av or other security measure but NoScript,
just to demonstrate that these hacks come in all various sorts and for all sorts of malicious purposes.
HTML:iframe-inf virus worm coming from ht\xtp://clicksmanagementscom.com/banner/b87492/ad_adv.php , which is a banner object that has been hacked as instead of just displaying the banner it is trying to run something on another site visitcouns.com.

Code: Select all

^IFrame> hidden link - hxtp://visitcouns.com/?t=1
See here for the possible spam links:
http://www.unmaskparasites.com/security ... tcouns.com
Bad stuff detektor verdict: Url checked:
hxtp://www.clicksmanagementscom.com/banner/b87492/ad_adv.php
Zeroiframes detected on this site: 1
No ad codes identified
What common user will detect this and would get the additional spam if he was not protected by NoScript,
curious whether ABP would prevent this exploit,
So that was what I wanted the demonstrate with or without additional protection mentioned, and how many websites are vulnerable by outdated software and hosting parties (site admins) not really interested or webmasters not able to protect the user of a browser without inside protection like NoScript and RequestPolicy. Time for implementing CSP on a large scale,

luntrus aka polonus (malware fighter)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b5pre) Gecko/20090506 Shiretoko/3.5b5pre
Locked