Security risk: The trick behind camouflaged links

[luis]

Hmmm... no....the problem is caused by Java being installed, period. Its just that Java script for this particular test in the link is being used.

No.

We do this professionally

Never been a guarantee of anything.

[SFSxOI]

Yes, more correctly its Java being installed and active, period. I edited my post by the way as the way I originally posted it wasn't correctly phrased and gave the impression you took.

Nope, doing it professionally has never been a guarantee of anything and I did not mean to imply it was. Only pointing out one thing, in the big picture, that there are so many exploits and so much malware out there that its supports an entire industry for combatting them.

[Little John]

Yes, more correctly its Java being installed and active, period.

As I wrote previously, this problem has nothing got to do with Java.
Just to be sure, I removed Java completely from my system. As expected, the problem still is there.

[SFSxOI]

Yes, more correctly its Java being installed and active, period.

As I wrote previously, this problem has nothing got to do with Java.
Just to be sure, I removed Java completely from my system. As expected, the problem still is there.

yes, the problem is still there, that's because the web site uses the exploited poisoned link. Its Java period, not that its simply installed on a users computer. Its if Java is installed or used anywhere in the connection link that makes it exploitable.

So as you wrote has nothing to do with it, you simply are not seeing the larger picture here. Its if Java exists anywhere in the connection chain not just on the users computer. That's why I posted that you are just seeing one aspect of it.

Its Java, period. The only way to stop it is uninstall or turn off Java... if its anywhere in the connection chain not just on the users computer.

[luis]

This is way beyond ridicule now.

[SFSxOI]

Yeah, well people did not know about java exploits either and thought they did not exist until they started becoming public. Just telling the facts, believe them or not. Its up to the web site administration to ensure none of the links on their web pages have been compromised or point to web pages which have been compromised. If they don't care to do that then there is not much you can do about it.

[Little John]

So as you wrote has nothing to do with it, you simply are not seeing the larger picture here. Its if Java exists anywhere in the connection chain not just on the users computer. That's why I posted that you are just seeing one aspect of it.

I seems more to me that you do not see the wood for the trees.

What the facts are telling me, is contrary to what you wrote.
I can even reproduce the problem locally on my system, with Java completely removed.

[c4s]

@SFSxOI
I really really hope that you're joking or something like that. Because you're completely wrong, period*! Please fully re-read this topic and the original article. In this particular case we are talking about JavaScript...

*as you like to say it


@Little John
No need to uninstall Java just to make sure that this is a JavaScript issue. It's pretty obvious if you read one of the articles.
And if you really want to uninstall Java just do it by disabling it in the browsers plugin settings. Disabling Java there is the same as uninstalling it.

[SFSxOI]

So as you wrote has nothing to do with it, you simply are not seeing the larger picture here. Its if Java exists anywhere in the connection chain not just on the users computer. That's why I posted that you are just seeing one aspect of it.

I seems more to me that you do not see the wood for the trees.

What the facts are telling me, is contrary to what you wrote.
I can even reproduce the problem locally on my system, with Java completely removed.

Oh sigh... i'm talking about it being used on the web site. It does not matter if you can produce it locally or not by what ever method. Its the web site activity we are talking about. its someone else doing it independent of you and on the web site its java being used in some context to do so. You are obscuring the picture by trying to see the trees without believing you are in a forest. Just to make sure this is understood, we are talking about exploited links on web sites like that in the link over which you have no control ... Its java, period, and that's a fact as much as you want to think otherwise.

[SFSxOI]

@SFSxOI
I really really hope that you're joking or something like that. Because you're completely wrong, period*! Please fully re-read this topic and the original article. In this particular case we are talking about JavaScript...

*as you like to say it


@Little John
No need to uninstall Java just to make sure that this is a JavaScript issue. It's pretty obvious if you read one of the articles.
And if you really want to uninstall Java just do it by disabling it in the browsers plugin settings. Disabling Java there is the same as uninstalling it.

'
No i'm not wrong, I am 100% correct.

Just to point out the obvious that people are overlooking. Stop trying to draw some big distinction between Java and Java script, for purposes of exploits they are one and the same, Java is exploitable in any aspect weather its Java directly or Java script.

[c4s]

No i'm not wrong, I am 100% correct. [...]

...Ok, if you're joking you can stop now. It's not funny anymore.

[luis]

I can even reproduce the problem locally on my system, with Java completely removed.

It's not even needed to do so, just looking at the code on that page is more than enough. It's not even an exploit.

Code: Select all

var links = document.links;
for(i in links) {
    links[i].onclick = function(){
        this.href = 'http://bit.ly/141nisR';
    };
}

It's very simple javascript code, the only particularity is the fact you can alter the href after you clicked on it.
That is the reported fact. Everyone can test this on his own system.

@SFSxOI
Java has nothing to do with it, as COBOL has nothing to do with it.

Stop it, take a step back, try to talk about it with a friend you trust (possibly a javascript programmer) and empty your head from the dogmas some evil goblin instilled in you. This is your last chance to regain control.

[Little John]

However, a malicious web page could additionally just disallow right-click, couldn't it?

You can also open it via middle-click. I'm used to open every link that way.

Thanks for the tip. I almost forgot about the middle-click.

@Little John
No need to uninstall Java just to make sure that this is a JavaScript issue. It's pretty obvious if you read one of the articles.
And if you really want to uninstall Java just do it by disabling it in the browsers plugin settings. Disabling Java there is the same as uninstalling it.

Yes, I'm aware of all this.
Anyway, I completely removed Java from my system, because at that point in time I had some hope that it would help to convince SFSxOI that he is wrong. In the meantime, that hope is gone ...

[SFSxOI]

No i'm not wrong, I am 100% correct. [...]

...Ok, if you're joking you can stop now. It's not funny anymore.

No, i'm not joking. I never intended it to be funny. So you can ridicule all you wish, its a known fact in the malware industry (or why else would they develop countermeasures or bother to release security updates), its a known fact made public by many web sites in various aspects, its a known fact made public by Oracle and dozens of security researchers. You are simply trying to separate java script away from java in your consideration. When these entities talk about java being exploited they are taking about anything to do with java, including java script, or only discussing it in one aspect. There are many more aspects to this, its a fact, if its java (script or not) its exploitable and the problem is with java (aside from those idiots that would exploit it) period and that's a fact.

[MachineCode]

Oh sigh... i'm talking about it being used on the web site.

So, if my web site doesn't have Java installed/running and I solely use that JavaScript snippet in a HTM page there, would you then believe it's nothing to do with Java? You do know that Java <> JavaScript, right?