How to navigate away from quicksand domains which hold your browser captive until you install their software?

>>Sure, almost everyone uses Windows. And the hackers love it because
>>of all the holes in it. ;-)

Anyway, I noticed what was happening at the time and shut down
the browser and ADSL connection within about 10secs.
>
I found 7-8 small programs on my system and wrapped them in
a zipfile for safety (later sent to SuperAntiSpywar e guys for
analysis).
>
I then spent 2-3 hours running every piece of anti-malware s/w
I have, including several root kit programs. All came up clear.
>
Since then, I've seen no abnormal activity on my system using
packet sniffers and monitoring ports etc. My guess is that I
killed it before it had hardly got started doing its evil work.

>Sure, almost everyone uses Windows. And the hackers love it because
>of all the holes in it. ;-)
>
When I build my next system, I hope to install a version of *nix as
well as XP-Pro-SP3, probably using VMPC.

'Beauregard T. Shagnasty' wrote:

>So that was a Windows trojan then?
>
The one in question is called "trojan.systemp oser".

>hummingbird wrote:
><snippage>
>["trojan.systemp oser"]
>Anyway, I noticed what was happening at the time and shut down
>the browser and ADSL connection within about 10secs.
>>
>I found 7-8 small programs on my system and wrapped them in
>a zipfile for safety (later sent to SuperAntiSpywar e guys for
>analysis).
>>
>I then spent 2-3 hours running every piece of anti-malware s/w
>I have, including several root kit programs. All came up clear.
>>
>Since then, I've seen no abnormal activity on my system using
>packet sniffers and monitoring ports etc. My guess is that I
>killed it before it had hardly got started doing its evil work.
>
>Maybe you got lucky. Maybe it wasn't activated by its owner prior to
>your shutting off your connection.
>
>You do have a router and firewall, correct?

>>Sure, almost everyone uses Windows. And the hackers love it because
>>of all the holes in it. ;-)
>>
>When I build my next system, I hope to install a version of *nix as
>well as XP-Pro-SP3, probably using VMPC.
>
>Try Ubuntu. You can also install it from within Windows using Wubi. For
>testing and playing. I wouldn't recommend using any virtual machine for
>a working installation, though.

>>And like Micha, I don't have any anti- anything software on my
>>computer either.

>>Just think logically:
>>>
>>1) What is a website? It's HTML and CSS. It's a document, not a program.
>>You can display it in various formats, but it can't gain kind of an own
>>life to do funny things to your computer outside its rendering context.
>>>
>>Logical conclusion: A website alone doesn't do that.

>>On Mon, 14 Jul 2008 14:23:03 +1000 'Me Here'
>>wrote this on alt.comp.freewa re:
>>>
>>>Tom wrote:
>>>>On Sun, 13 Jul 2008 13:45:20 -0400, C A Upsdell wrote:
>>>>>
>>>>>If Windows, Ctrl Alt Delete to call up the task manager; select the
>>>>>browser; kill it.
>>>>Very inelegant.
>>>>>
>>>>When you have a dozen tabs open, killing the browser, kills all the tabs.
>>>>>
>>>>When you restart Firefox, it asks if you want to open all the old tabs,
>>>>but, of course, that will just open the quicksand site all over again.
>>>>>
>>>>So, without editing the hosts file and shift reloading, you're forced to
>>>>say NO to reloading your old tabs ... and you lose them all.
>>>>>
>>>>That's why you don't kill the browser session.
>>>>>
>>>>Luckily we found a single-click way to solve the problem (type "start ->
>>>>run -hosts, add the offending domain, and shift reload the browser). This
>>>>turns the quicksand URL into cement. Voila! Thanks to hummingbird!
>>>
>>>If you have other tabs open that you want to keep viewing, then yes,
>>>it's a good immediate, albeit 'temporary' solution to the problem. I
>>>say temporary because using a Hosts file isn't a good solution. Many
>>>malware sites scan and remove their listings from hosts files (and even
>>>locking it via the read-only attribute won't protect you). They do it
>>>by making you log into a benign site first (one that isn't blocked) and
>>>using that to remove their entry from your Hosts file before redirecting
>>>you and trapping your browser.
>>Good point MH. I've never experienced that trick, especially since
>>I started safe hexing, but I am aware it can happen.
>>>
>>These days, I seem to be safe with a hosts file to block unwanted
>>sites, plus a supplementary program or two (SpyWareBlaster etc).
>>>
>>>
>>>Even running free FireFox addons such as
>>>NoScript won't protect you unless you've been caught before and know not
>>>to allow the site access to Java or JS. You should really be running
>>>an IP blocking program like PeerGuardian or if that is too much hassle,
>>>do what I do and use OpenDNS. I'm sure there are other solutions, those
>>>two just spring to mind. My advice, if you don't want this happening
>>>again and you're the type that's likely to run across sites like these
>>>often, is to do a bit of research into blocking methods and choose the
>>>one that best suits your need.
>>>

>>hummingbird wrote:
>>>On Mon, 14 Jul 2008 14:23:03 +1000 'Me Here'
>>>wrote this on alt.comp.freewa re:
>>>>
>>>>Tom wrote:
>>>>>On Sun, 13 Jul 2008 13:45:20 -0400, C A Upsdell wrote:
>>>>>>
>>>>>>If Windows, Ctrl Alt Delete to call up the task manager; select the
>>>>>>browser ; kill it.
>>>>>Very inelegant.
>>>>>>
>>>>>When you have a dozen tabs open, killing the browser, kills all the tabs.
>>>>>>
>>>>>When you restart Firefox, it asks if you want to open all the old tabs,
>>>>>but, of course, that will just open the quicksand site all over again.
>>>>>>
>>>>>So, without editing the hosts file and shift reloading, you're forced to
>>>>>say NO to reloading your old tabs ... and you lose them all.
>>>>>>
>>>>>That's why you don't kill the browser session.
>>>>>>
>>>>>Luckily we found a single-click way to solve the problem (type "start ->
>>>>>run -hosts, add the offending domain, and shift reload the browser). This
>>>>>turns the quicksand URL into cement. Voila! Thanks to hummingbird!
>>>>
>>>>If you have other tabs open that you want to keep viewing, then yes,
>>>>it's a good immediate, albeit 'temporary' solution to the problem. I
>>>>say temporary because using a Hosts file isn't a good solution. Many
>>>>malware sites scan and remove their listings from hosts files (and even
>>>>locking it via the read-only attribute won't protect you). They do it
>>>>by making you log into a benign site first (one that isn't blocked) and
>>>>using that to remove their entry from your Hosts file before redirecting
>>>>you and trapping your browser.
>>>Good point MH. I've never experienced that trick, especially since
>>>I started safe hexing, but I am aware it can happen.
>>>>
>>>These days, I seem to be safe with a hosts file to block unwanted
>>>sites, plus a supplementary program or two (SpyWareBlaster etc).
>>>>
>>>>
>>>>Even running free FireFox addons such as
>>>>NoScript won't protect you unless you've been caught before and know not
>>>>to allow the site access to Java or JS. You should really be running
>>>>an IP blocking program like PeerGuardian or if that is too much hassle,
>>>>do what I do and use OpenDNS. I'm sure there are other solutions, those
>>>>two just spring to mind. My advice, if you don't want this happening
>>>>again and you're the type that's likely to run across sites like these
>>>>often, is to do a bit of research into blocking methods and choose the
>>>>one that best suits your need.
>>>>
>>As I said, a hosts file is great, so long as you protect it otherwise it
>>becomes pointless. Many programs out there now protect things like Home
>>pages and hosts files simply because security companies are aware that
>>they are easily hijacked with things like WSH or ActiveX (or even a
>>crappy FF addon).