PDA

View Full Version : This is a warning for anyone who uses Russian download sites



BLACKWATCH
April 5th, 2012, 04:26 AM
Not sure if it will affect Windows PC users, but it looks like the MAC is just as vulnerable to
attacks as any other computer, so beware when getting that Russian content. :confused:

http://www.theinquirer.net/inquirer/news/2166228/600-infected-macs-botnet

RRSignal
April 5th, 2012, 08:28 AM
Not sure if it will affect Windows PC users, but it looks like the MAC is just as vulnerable to
attacks as any other computer, so beware when getting that Russian content. :confused:

http://www.theinquirer.net/inquirer/news/2166228/600-infected-macs-botnet


I can attest first-hand that Macs are just as vulnerable, as I've dealt with Mac malware going back to 1996. It's actually a lot worse in the Mac world in many respects because there isn't nearly as much awareness and tools to cope with threats as there is in the PC world.

Dermmy
April 5th, 2012, 05:07 PM
I have personally downloaded a huge collection of Russian content without issue.

Assuming that all Russian sites are 'dangerous' because SOME sites MIGHT be is inane.

fran1
April 5th, 2012, 05:24 PM
I've got loads of russian content, not an issue. Stick to the mainstream sites and you'll have no problems. Go to Gangstaparadise and you deserve what you get ie backdoor.flashback:hehe:

Beattie
April 5th, 2012, 05:26 PM
Just watch what websites you go thats the lesson here. Virus scan new things you download to and double check I recommend.

BLACKWATCH
April 5th, 2012, 05:34 PM
I have personally downloaded a huge collection of Russian content without issue.

Assuming that all Russian sites are 'dangerous' because SOME sites MIGHT be is inane.

Appreciate what you're saying Dermmy, but you have to remember that some of the younger members on here
may not be so savvy when it comes to knowing what sites are safe.

I don't use russian content, I'm totally British when it comes to modelling, it might be an idea for such as
yourself & other Russian content users to make a list of 'safe' sites that you can recommend, it may save
others from some nasty suprises. :)

Dermmy
April 5th, 2012, 08:52 PM
Any mainline Russian site you get led to direct from this forum is 'safe'.

Russian sites network extensively and almost all have numerous banner links to other sites. In my experience all of those are 'safe'.

Chasing missing content through Russian language forums via Google is 'safe'.

What does 'safe' mean?

Mainline sites are cdp downloads or cdp's further compressed in rar or zip form. I don't care where I download content from, every single thing comes onto my computer (DLS excepted) gets right-clicked and scanned before I open it. I never execute a cdp by double-clicking, I drag the icon into CM manually. If it isn't Trainz content it won't install. I have NEVER had a cdp that won't install -EXCEPT - a fair bit of Russian content has Cyrillic characters in the cdp name. They won't install in non-Russian versions of Trainz unless you re-name them first. The new name is irrelevant, it can be anything. 1.cdp is my favourite re-name!

Missing Content links from Russian forums are often to 3rd party file-sharing servers. Gambling and other unsavory links appear to be almost mandatory on those sites. Long waits for downloads are common. Requirements to visit 'host' sites for a period of 30 or 60 seconds to 'enable' the download are less common but do crop up. Whilst these host sites are never (in my experience) of the unsavory sort the golden rule is : Caveat Emptor. I have never had an issue with the actual Trainz content once I was finally able to access it, but there are certainly times along the way when I thought 'Oops, maybe not'. But this is truly Internet 101 - it has nothing to do with 'Russian' sites per se, nor with Russian Trainz sites in particular. If you get onto the Internet back roads, be darned careful. You never know what's around the next bend!

I have registered and posted on several Russian Trainz forums pursuing that truly elusive dependency and despite the language barrier I have found Russian Trainzers universally helpful, courteous and kind. Just like the rest of us really...

Andy

EDIT: One final point. if you do go chasing Russian Trainz content - and much of it is truly superb - either Google Chrome or IE with Google Toolbar will translate entire pages. Mind you the translation barely passes for lamentable English and I do somethimes think just battling on with the original Russian language page might have been easier. ;)

JCitron
April 5th, 2012, 10:14 PM
Not sure if it will affect Windows PC users, but it looks like the MAC is just as vulnerable to
attacks as any other computer, so beware when getting that Russian content. :confused:

http://www.theinquirer.net/inquirer/news/2166228/600-infected-macs-botnet

What do you mean Macs get viruses? According to the late Steve Jobs, Macs didn't get malware! Shame for spreading that rumor.
Like RRSignal, I too fixed many Mac viruses in the past and still do.

Remember ALL computer platforms ar vulnerable and as long as the computer can connect to a network, they are all open for attack no matter where they are in the world. These script and Trojan Horse things, that have been hitting everywhere lately, originate in the Eastern Block countries and are financed by the Russian mob. The writers actually get paid to create variants on the same malware. They generate new forms in about 30 minutes and they become active in 24 hours on the hosting site.

They work by using AJAX, or asynchronous Javascript execution. This means that the script downloads the malware while you are watching something else at the same time. A good example of AJAX in action is Google Maps. While the new data is downloading, you can still browse the maps. Before AJAX you had to wait for new data to be downloaded first. This new method, which isn't so new anymore, changed how the web worked, and allowed for multimedia presentations. The speed of the net helped as well.

Anyway, back to our malware. So the user clicks on a link, the script hosted on the fake link, dumps the bug on the computer. The bug can either wait and do something later, as in a dropper, or it can act right away. The bug then connects to the host and downloads the main malware. These bugs range from fake applications to fake malware fighters. The fake anti-malware software usually posts up a BUY ME to remove the bugs. It will put up a fake screen stating your machine is infected with a gazillion bugs, which is not true (or should not be true). To remove these fake bugs, buy the software. The user is so scared, they will buy the software, which does nothing more than take the credit card information for use by the mob. Nice!

The thing is since thispart of this malware infection process is written as scripts that use a cross platform javascript language, the malware can be developed for any operating system ranging from Unix to Windows. Sadly in Apple's case, Apple has modified a very secure operating system to allow priviledged access to certain system functions via software and this allow things to run easily on the Apple. The other thing too is Apple is now becoming popular so more malware writers are aiming at that platform.

To say you'll get these from Russian Trainz download sites, truthfully yes, but you can even get them from clicking on a link to a non-Russian site as well. I picked up one of these bugs clicking on the link to my local newspaper. I went there to search the obituary because I needed to find out where my friend's father was buried.

Remember what I said about the links above. The virus writers usually release bots that will make infected links to popular searches in the search hosts such as Bing and Google. These links are faked by changing the HREF command. Part of the href points to the link where the other is just displayed text. They change the link part and have that point to the malware download host instead. By making the links popular, they show up on the top-most part of the search engine screen. Using a bit of social engineering here, these guys figured that to get the biggest hits from searches, people will click on the top-most links first, which almost guarantees a hit for the malware.

So having said this, the safest thing you can do is to copy the link, and actually go there using a pasted in URL instead of clicking on the searched results instead. If you need to click on the searched results, use one of the lower links on the same subject. These are the more legit ones. It's the ones at the top part of the page that are infected.

John

Deano5
April 6th, 2012, 04:33 AM
Well said Dermmy.
I too have a vast amount of Russian content from third party sites and never had a spot of bother. All top class assets from friendly helpful people. If they have a problem with their links, they fix it, all you have to do is report it like you would on any other web site.
A little scare mongering going on here I think. All that's needed is common sense. :wave:

BLACKWATCH
April 6th, 2012, 11:12 AM
All that's needed is common sense

Something that seems to be a very rare commodity among humans a lot of the time. :hehe:

sawyer811
April 6th, 2012, 01:23 PM
I understand that many Russian sites are OK, but trust me I've had my issues. Luckily my anti-spyware program has been doing a good job so far. A good idea is to avoid the site if it wants to direct you to some other location for download (and I understand that there's numerous exceptions to that rule), but that's just my rule I've learned from expirience.