How to Discover Viruses delivered by Website Advertisements and malware websites.
Using Linkscanner to detect malformed advertisements and malware sites.
It is very important to have your Anti Virus actively scanning files at all times.
I'm not talking about the Scanning function of your Anti virus I'm talking about the Active Shield or Active Scanner that checks temp folders and internet cache files live.
The active scan helps you by reporting viruses as they come in and are stored on your hard drive.
I have an good example today to share.
I use Quickbooks and it's tax season.
Today when I was surfing looking for a new icond I went to a site that seemed to be good. Google Rated up Number 1 and everything I thought was safe ended up to be what could have been a nightmare.
I clicked on a link and the next thing I saw I was connected to a Turkish Virtual Server that was pumping down Trojans.
But not just any Trojan.
This Trojan was taking over my mrtMngr.EXE file which is part of my Quickbooks.
Lucky for me my Anti Virus found it and removed it.
It's actually not needed for most of us from Quickbooks so I renamed it and removed it from my firewall safe list.
Its so important to have a fast computer or not to over work your computer as well as having fast scan applications from your anti virus software.
When you combine fast hardware with fast software you can run safer.
But if your computer is slow then always wait a minute or two before opening that MP3 or download you just made. Maybe your AV is scanning the file and just hasn't reported the virus.
Those that have the fastest internet connections always want to be the safest.
Here's some tech notes on the virus site that is active as of this date. (It's one of those sites that spreads viruses)
(I sent it in to the Siteadvisor and AVG)
If you don't have a great AV or if you don't mind being infected with a virus you can visit the site IP listed in the siteadvisor link or you can take my word for it that it's not a safe site.
It's using one of the Exploits for Internet Explorer so you should use anything but that if you are a techie looking for some website virus fun. Other than that the code on the page for the exploit looks like:
var xac22 = "60@#@!115@# @!99@#@!114@# @!105@#@!112@#@!116@# @!32@#@!116@# @!121@#@
It looks like it's using a Google API source code to deliver it but I don't have time to mess with it today.
Any case it's a very unsafe site most likely one of the Turkish hacked sites.
5-4-2012: Updates are coming to match this years discovery methods. It's getting easier to find malware sites. Searches using Google Images often produces results from the cached pages which can be viewed and researched to the advertisement server level. There is no active reporting process I can find online that helps report this type of problem so until that time. It's all about sharing information with your Antivirus company or team.