Jump to content

WilliamKing321

Members
  • Content Count

    7
  • Joined

  • Last visited

Posts posted by WilliamKing321


  1. On 11/23/2020 at 4:52 PM, zombunny2 said:

    This is not stricly related to Immunet, but may be worth highlighting to visitors of this forum.

    In October, the lead developer of the popular adblocker extension "Nano Adblocker" and companion extension "Nano Defender" sold the identity and code-repository access (effectively "sold the extension") to some previously-unknown Middle-Eastern developers. In his defence, he had been unable to keep up with the maintenance requirements of the addon, and wanted its development to continue rather than leave his users "high and dry". He also performed some (albeit) minimal background-checking on the new developers before the sale, although he may have been a little naive and therefore too trusting.

    Unfortunately, the first thing the new developers did was introduce some very crudely-obfuscated spyware into the popular extensions. In a rudimentary attempt to conceal the existence of the spyware, the developers even attempted to have the extension detect if the browser's developer console was open, and modify its behaviour accordingly.

    If you use Chrome, (which is arguably a piece of spyware in and of itself), it is important that you remove these extensions immediately. I suspect the same extension will also be used in Opera/Vivaldi/Brave, so if you are a user of those browsers this could also apply to you.

    Fortunately, the Firefox version of the extension has not yet been updated with the malware changes, as the extension is developed for Chrome, and ported to Firefox by another maintainer. The new spyware was exposed before the Firefox maintainer had pulled-in the upstream code-changes. That said, it would be a smart move to delete this extension if you are using it on Firefox, as I don't see any updates being made to it from now on.

     You will probably find Gorhill's uBlock Origin a suitable replacement for Nano Adblocker, and in fact it is the extension from which Nano takes most of its (non-malicious) code. If you are already a uBlock Origin user, please doublecheck that you didn't install Nano Defender at some time, to protect uBlock.

    Fortunately, at the time of writing, this malware is easy to remove: Simply uninstall the Nano Adblocker and Nano Defender extensions. Then change all of your passwords. If you are extremely worried, and want to make extra sure that your browser profile is clean, delete your browser profile and create a new one.

    To the best of my knowledge Immunet does not yet detect these extensions when installed.

    I think it'd be a good idea for us to all treat this as a warning that an extension is only as trustworthy as its developer, and that the same developer may not always "own" an extension. It'd therefore be a good opportunity to have a look at all your browser extensions, and uninstall the ones you don't use. You could also take a look to get a feel for the public profile of each developer. Uninstall any that make you uneasy. Broadly-speaking, if it's not under a free (libre)/open-source licence, you can't verify that the code is benign and you need to be confident that you know how the developer(s) are paying for their time and resources.

    More info:

    GHacks Article

    Ars Technica Article.

     

     


  2. There are Ransom Stopper from CyberSight, Cybereason's RansomFree and RansomBuster from TrendMicro. They are all free and I was thinking if any of them are any good to add as a second layer of defence on a server or client since I already have an antivirus but I don't trust it very much.


  3. On 9/24/2015 at 11:47 PM, ritchie58 said:

    Hello sobrog, Immunet can be used with Windows Server 2003 & 2008. You'll have to write your own install scripts as far as a batch install is concerened. Although Immunet will give you additional features compared to just using ClamAV, such as two additional cloud based detection engines & more advanced heuristic capabilities plus the incorporated ClamAV detection engine, there are still limitations as far as customizing the software to suit your multiple endpoint needs. For instance, compared to ClamAV there is no automatic command-line scanning feature with Immunet. Also, some users have reported Name Resolution conflicts while using Immunet within a server platform.

     

    One additional option at your disposal is to use FireAMP instead (this is the Enterprise version of Immunet). This security solution has been designed from the ground up to work in a multiple endpoint enviorment. Although not free, it is highly customizable, easily deployed within an enterprise infrastructure and will provide you with many additional security options compared to Immunet. More info about FireAMP can be found at the link provided.

    Cheers, Ritchie...

    http://www.ndm.net/sourcefirestore/technology/sourcefire-fireamp

    Thanks for this help.

     

     

×
×
  • Create New...