Bot Update
Last night I updated my Flash files and I was still getting notices as per my added notice on the post: A Possible Answer to the RUBotted Pop-ups?
However, this morning – upon boot – I’ve yet to receive one. I also went directly to the main file disclosed in the previous post that was serving up the ad and I did not receive the pop-up.
At this point, I can only conclude that the flash was the vulnerability and it is NOT a glitch or bug in RUBotted.
Anthony Valente, my partner from Network Defense Solutions is working with the Flash file I sent him this morning to find out what it was in the file that might have been doing this. Only by understanding how the malware providers are pushing this crap on us, can we understand how to protect ourselves.
Stay tuned for more disturbing news about the ad servers from hell! You are not going to be happy when you hear what Anthony has uncovered through my initial research with the Antivirus 2009!
In the meantime, go update your flash players PLEASE!
9 Responses to “Bot Update”
Leave a Reply
 |
 |
 |
|
||
 |
|
 |
|
||
I’m not completely sure if this is what u mean but I already had the latest version of Adobe flash before the RUBotted pop-ups started? 10,0,12,36…also, when I click on the link to ‘National Vulnerability Database’ in your previous post , I get the following error.ERROR, “null” is not valid. The CVE either does not exist or is not in the format of CVE-XXX-XXXX.
Reply
Facebook User reply on November 26th, 2008 11:24 am:
@jay, Back to the drawing board! I’ll find the proper link and repost it. Thanks for letting me know!
Debbie
Reply
I think it is just happenstance that you’ve stopped your issue with the flash upgrade. I’ve been receiving the same issues, until this morning when they also disappeared, except I didn’t upgrade flash. I’d recommend that you test if possible and load the old flash on a test box.
Reply
Facebook User reply on November 26th, 2008 11:26 am:
@Bob, As I said in the past post, back to the drawing board! This is a very strange thing indeed! But Anthony, my partner is also looking into it. We’ll see what he comes up with too!
Thanks for the input. It’s only through this sharing can we find the problem. And if we find the problem, we can learn how to prevent it in the future. This is why security is ALWAYS a process – not an end!
Thank you again!
Debbie
Reply
Thank you so much for this series of articles! I’ve been going crazy these last few days with the RUbotted warnings! I’ve been wondering if this isn’t a way for Trend Micro to “advertise” their latest anti-virus offering. I’ve scanned, double-scanned & triple-scanned, and both machines come up clean. Thanks for staying on top of this … I’ll be coming back every day – you’ve got some great stuff here!
Reply
What frustrates the bleeping heck out of me, though, is that this little beta (important word, that) program detects a bot and runs around like Chicken Little hopped up on speed, Red Bull and couple dozen Starbucks espressos warning me persistently. Yet, every scan I do from long-established programs (AVG, Housecall, Spybot Search and Destroy, Ad-Aware) find nothing. Zero. Ziltch. Nada. And, others have also run other reputable programs with the same results. So, this not-ready-for-prime-time utility finds something that the “big guys” cannot, including the “big guy” that makes the very applet issuing the warnings.
Anyway, I’ll keep checking back here to see if wiser minds such as your own have discovered anything.
Reply
Glad to know I’m not the only one. This thing is going off constantly…however, when I open up the main program, It says, “Looking for bots…. No bots found.” So yea, I’m really confused. I’ve also been double scanning for a couple days now and nothing is ever found.
Reply
As you may recall from my original post: http://mice.org/blog/what-ad-server-is-dishing-up-malware-and-bots/ the scans always come out clean.
I’ve posted a brief update on our Fridays Quickies today, so check that out too.
Thanks for stopping by and commenting!
Debbie
Reply
Hi, I have had the pop-up six times the last three weeks. In RUBotted log it says:
Detected DNS query of malicious domain
A full scan with F-SECURE 2007 – Telia Säker Surf – finds no malware.
Reply