:: NEWS :: TIPS :: INFO ::


Featured Sponsor : -click x here-

Nine Ball
What is it?
Nine Ball is a multi-layered Web browser attack targeting legitimate Web sites to redirect users to malicious sites owned by the attacker. The downloaded malware attempts to infect user's computer through a number of exploits including Adobe Reader, QuickTime, Microsoft Data Access Components (MDAC) and AOL SuperBuddy.

The attack name "Nine Ball" refers to the name of the final landing page which is full of malicious drive-by exploits that are automatically downloaded to computers without user's consent or knowledge. Once infected, anything the victim types could be monitored and used to commit identity theft, such as stealing credit card numbers, passwords or other sensitive data.

How does the threat work?
  1. Victim visits legitimate infected site.
  2. Victim is redirected to a series of different sites owned by attacker.
  3. The final redirect is to a malicious drive-by download site, which attempts to download malware to victim's computer through a number of exploits including MDAC, AOL SuperBuddy, Adobe Reader, and QuickTime exploits.
  4. The malicious programs typically attempt to steal information from the victim via a keystroke logger.
  5. Once a user has already visited the malicious web page, these repeat visitors are re-directed to the search engine site Ask.com. We assume this design is a technique to evade investigation.
Associated effects & implications of attack:
  • Over 40,000 legitimate web sites have been compromised.
  • Multi-level redirection attack---victims are redirected to a series of different sites owned by attacker. Final site contains the malicious drive-by download and records visitors IP address.
  • Detection by antivirus/antispyware programs is very low because attack uses random number generation to determine which malware to download, evading an obvious pattern that can be picked up by signature-based antivirus detection systems.
  • Malicious programs typically attempt to steal information from victim via a keystroke logger. This information could potentially be used for financial or identity theft.
Are there other variances of this vulnerability/threat?
Yes, in the sense that the malware downloaded at the final redirect site varies. It appears that among other malware, a waledac variant is delivered at the final redirect URL.

How do I protect myself?
ZoneAlarm Customers:
If you are running ZoneAlarm® ForceField™ browser security technology (included in ZoneAlarm Extreme Security), you are already protected. ZoneAlarm® ForceField™ will stop Nine Ball infected sites from redirecting your browser or downloading malicious programs onto your computer. An additional layer of ForceField's security jams malicious software as it tries to log keystrokes. Therefore no keystrokes can be recorded.

NOTE: If you are running ZoneAlarm Extreme Security, you must turn ON ForceField virtualization.
If you are running ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite, or ZoneAlarm Extreme, the anti-virus will detect and remove the Nine Ball malware.

NOTE: Make sure your PC has the latest virus definitions and product updates: To make sure your product is up-to-date, click "Check for Updates" on the main overview panel, lower left corner.

NOTE: ZoneAlarm Pro and ZoneAlarm Free Firewall customers are not protected. These products do not include anti-virus or ForceField's browser security.

Users who lack protection are invited to download a 15-day trial version of ZA Extreme CLICK [x] HERE.
 [to BookMark]
Killer Kona - Bookmark and Share
[Click Here]

SLAM Dunk ONLINE?

[Yo Momma]
Bonus: play now while you can.

How2Fix SlowComputers

just Log in.


=:> 1993... something deadly.

Keyboard Kowboys - Nothing is Secure is a non-nerdy book about computer programmers who steal money using viruses. Find out how I made money in 2008 with my excerpt.

[.$oldOut ?]
 
Copyright How2FixSlowComputers-[GLIPS Entertainment, Inc.]All Rights Reserved. -[#Fix it#]