InformAction Forums

I discovered BlogTV (www/blogtv/com) today and went on it a few times to watch a live streaming show. Later today I found out that BlogTV is spreading viruses through ads or something weird like that.
I am using Firefox with NoScript and AdBlock Plus, what do you think, I am safe browsing the site ? I am allowing BlogTV to go through NoScript (so that I can see the streaming), but that's it, not any other websites that appear blocked on there

A video of a guy explaining it : http://www.youtube.com/watch?v=-Lpk2GPQMe8

Let me know what you guys think, thanks in advance!

Neither Avast 5 nor Firefox report blogtv.com as an attack site, so I doubt it's serving malware. It sounds like this guy may have malware on his computer already.

That said, you're protected a few ways:
- You're running an up-to-date version of Firefox which has all the security patches.
- NoScript will stop any third-party scripts from a Forbidden malicious site from running.
- Firefox and Windows won't allow the malware's installer to be downloaded and executed without your explicit permission.
- You wouldn't install unknown software just because it told you to, right?

From a previous investigation: http://forums.informaction.com/viewtopi ... 089#p15089

This makes four layers of protection that I use, all of which have to be defeated for this attack to succeed.
1) Avast network shield
2) NoScript (no-to-be.cn and antispyware-l12.com have to be allowed)
3) Firefox and Windows not allowing the installer to be downloaded and executed without my explicit permission. All I had to do was close the tab or browser with the the close button. A more insistent attack may have required me to use the Task Manager.
4) My unwillingness to download or install the software. (This protection requires an educated user. Six zillion botnets would agree that, in general, this isn't very reliable).

Thanks for the reply Alan!

I am a very paranoid guy when it comes to my computer, that's why I've come here to ask questions, just to make sure that I was safe while browsing that site. I usually don't go on untrusted websites, and never install unknown software, but acording to WoT and Site Advisor.. blogtv is safe.. and I know for a fact now that it's not.. so many people are complaining about the same issue

I have done some research on the matter myself and it could happen random on just a few ads, you can refresh the page for 3 hours and could not get it. There are some videos of the infestation on youtube and how it occurs, on internet explorer it asks you to install an ActiveX script, you have a dialog box with X and OK (everything you do, X or OK it will install the spyware). Don't know yet if FireFox is affected but I assume it is..

I also have AdBlock Plus, so the Ads are blocked. I don't think I can get infested without seeing the spyware advertisement

EDIT : That guy in the video is not the only one, there are many others.. so I don't think he was infested before..
http://answers.yahoo.com/question/index ... 200AAfrYDt

IEDIT 2 : I have found a live demonstration of this virus :
http://www.youtube.com/watch?v=g3gkJ7B4aR8

Silence2r wrote:I also have AdBlock Plus, so the Ads are blocked. I don't think I can get infested without seeing the spyware advertisement.

The Adblock blocking is far from perfect according to Giorgio. You shouldn't rely on it as a security feature.

Silence2r wrote:I also have AdBlock Plus, so the Ads are blocked. I don't think I can get infested without seeing the spyware advertisement

Don't click on ads.

Alan Baxter wrote:

Silence2r wrote:I also have AdBlock Plus, so the Ads are blocked. I don't think I can get infested without seeing the spyware advertisement

Don't click on ads.

Watch that video I have posted above. The thing about this is that you don't have to click on ads to get it.. (btw, I never click on ads)

The good thing is that I didn't get infested and I will never visit that site again, you can close the topic! Thanks!

Thank you for the warning about blogtv, Silence2r, and thanks also for all the links and info you provided. Sounds like a good site to avoid.

What you posted about initially is pervasive across the web. It happens everywhere.
You think Youtube hasn't had this happen? Or a search initiated from Google, or Bing, or Yahoo, or AltaVista? Or ... you name it, it's been there.
Where it hits & how it hits & how people get infected by it is beyond me. (Ads or exploited servers come to mind.) But it happens all the time.

So long as the actual exploit is not hosted on the site you have Allowed, & so long as it relies on JavaScript to do its work (which generally will be the case), then you can generally assume you'll be OK. So if you need to do whatever BlogTV does, you allow blogtv.com & take your chances. And if you need to do whatever Youtube does, you allow youtube.com & ytimg.com & take your chances.

The second exploit you mention is totally different. You could spend all your time digging up exploits & end up nowhere. So you want to use the web, you use common sense, a bit of help from the tools you have at hand, & go do what you want to do. Otherwise, pull the plug.

@therube:
Thank you!