Jump to content

ROP gadget protection and Chrome browsers


Recommended Posts

When I logged in to a Wordpress blog and reviewed the feedback form, I found out that there are some spammy-type messages within it. Even though I am accessing it through a sandbox software which means that my computer as a rest won't be affected, I had neglected to close a tab which is a login page with my already filled in password.

Upon further inspection I discovered that the "ROP gadget detection" in "Advanced Exploit Protection settings" were turned off. Is there still a chance that a fileless malware infection attempt has been foiled, such as by the firewalls?

Link to post
Share on other sites

Hello :welcome:I am presuming this machine is a home-user type & that it has Malwarebytes installed ( which apparently it has).
Have you run a scan today with Malwarebytes?
Then, after that, did you scan the C drive with the antivirus application ? ) like Microsoft Defender ) ?
Those are the first steps to do.

Link to post
Share on other sites

I finished the scan of C drive as soon as the computer is repaired. However that was before I logged in to the blog and look at the feedback form responses. Because I was using a sandboxing software (i.e. Sandboxie) to run Google Chrome for that purpose, I see no need for another ardous full-scanning.

The question thus was limited to the scope of whether a exploit/hack attempt was likely/unlikely foiled by Malwarebytes' other functions such as the standard Behaviorial Protection or perhaps the firewalls, when the sandbox was on, which I've cleared afterwards.

Edited by l3386490
Link to post
Share on other sites

I think I have taken the source code through the browser's view source code function and I am looking to privately forward it to Malwarebytes team for further analysis as to whether the spammy feedback messages contains malware threats or not. Any idea as to how to do that?

Link to post
Share on other sites

If you have the URL links or IP addresses of sites that you highly suspect are malicious, there is another sub-forum section where I believe you can relay those to the internal web-protection team.
First read the top-most posting about purpose of that section  https://forums.malwarebytes.com/topic/161999-read-me-purpose-of-this-forum/#comment-917124

Then if you have details to relay about external malicious threats on websites, make use of the sub-forum
https://forums.malwarebytes.com/forum/155-newest-ip-or-url-threats/

This section here is for Windows machines that have a current malware infection active on their machine.

Link to post
Share on other sites

I have the whole source code (not just a single url or two); wondering if I can PM it as a txt file to the internal team (such as AdvancedSetup) for further analysis because I don't really feel comfortable posting it publicly as it contains some personal information.

Link to post
Share on other sites

On 4/7/2023 at 10:09 PM, AdvancedSetup said:

You can send me a Private Message if you like but we don't really do website analysis for threat detection.

Thank you @l3386490

 

I have sent a PM containing the HTML source code in .txt file. I'd be extremely about the presence of .js links/embeds in the source code which often serve as an entry point for cyberattacks.

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.