Pwnd2Pwnr Posted September 1, 2012 Share Posted September 1, 2012 Hey-row Hak5... I was browsing new movie releases from Vudu.com. I click on my browser, proceed to type "vudu.com" and the DUH DUH DUH of Kaspersky told me that the site attempted to download a trojan. Great... so I called vudu, cancelled my account, and decided to see what the hell was going on. I ran a check against the script... and... well... scan the site with an audit tool (i like w3af) and tell me what you find. Can I post my results? Ehhh.... not sure if that is breaking TOS... once I get permission from one o the admins... I will post my results... until then... can someone recreate my lab test and check the script on Vudu.com? I don't think auditing is illegal... but who knows in the snowball effect of policy makers... Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted September 1, 2012 Author Share Posted September 1, 2012 If I were anyone who uses this service... it is not good... Won't get into what could happen... but Kris Kross would be the group to be listening to! Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted September 2, 2012 Share Posted September 2, 2012 Believe nothing you hear and half of what your av sees. Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted September 2, 2012 Author Share Posted September 2, 2012 Normally, I would think that... but I checked the scripts... the cache was not from the Vudu.com server... this was verified on the phone. The lady said she had worked there for years and never has had that issue. I was frankly upset... I have spent A LOT of money through there UV service. But, as I was telling her of the issue, she said that there servers were down. Now, unless I am a person that leaves all coincidences at the door, I would agree, "Hey, it is just a false positive."... but the fact the servers were acting strange and that they "reset themselves", as the lady put it, is a great cause for alarm. Recreate my lab, bobby, I wonder if you will see the faults in the js as I did... Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted September 2, 2012 Share Posted September 2, 2012 No I sure didn't look at the site buddy. However I do go to several sites, one being tuts4you.com, which is a tutorial site and it's blocked by Kaspersky. I also have a friend who recently who wrote a completely legitimate packer, he posted it on his blog, and 2 days later every piece of software using that packing is blocked and flagged as a trojan because the av developers are too lazy to figure out how to unpack it and would rather just block all software using it, legit or not. Flip side to that coin, is that I've built .exe's that while they were packed and had a small level of obfuscation, they had very transparent and known malicious windows API calls and they were undetected. Most av's don't even verify DNS integrity which would take like 10 lines of code and stop tons of attacks. Many don't verify hosts file entries either. Who knows, maybe the site you went to did get pwned, but I don't trust in av's so much. Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted September 2, 2012 Author Share Posted September 2, 2012 No I sure didn't look at the site buddy. However I do go to several sites, one being tuts4you.com, which is a tutorial site and it's blocked by Kaspersky. I also have a friend who recently who wrote a completely legitimate packer, he posted it on his blog, and 2 days later every piece of software using that packing is blocked and flagged as a trojan because the av developers are too lazy to figure out how to unpack it and would rather just block all software using it, legit or not. Flip side to that coin, is that I've built .exe's that while they were packed and had a small level of obfuscation, they had very transparent and known malicious windows API calls and they were undetected. Most av's don't even verify DNS integrity which would take like 10 lines of code and stop tons of attacks. Many don't verify hosts file entries either. Who knows, maybe the site you went to did get pwned, but I don't trust in av's so much. I like how you put that. I see your logic and I agree with you. I reported the issue to a friend of mine in Nashville, and he said what you said. But, to add an admin to any given server, it needs to reset its root, right? Maybe I am being overly cautious, but hey, it beats the hell out of getting my information stolen (if it hasn't already :[). Thanks, bobby, you get the metaphorical cookie! It is macademia nut with white chocolate! Quote Link to comment Share on other sites More sharing options...
biob Posted September 9, 2012 Share Posted September 9, 2012 Av's do cause quite a few false negatives. Better safe then sorry. Quote Link to comment Share on other sites More sharing options...
Xcellerator Posted December 12, 2012 Share Posted December 12, 2012 If you're really worried, try a live USB or VM, or even a sandbox and try again. Or use Google Chrome (if you're not already). Id be very surprised if there's a new vulnerability in Chrome that noones heard of... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.