[senior citizen]

Any computer geeks/experts out there who might have a clue as to why when I log onto T.O.T.V. my internet security system, which is NORTON, shows this message in bottom right hand corner of my screen ?


What is a "malicious exploit kit website"........?
It's been occurring the past two weeks.
Norton takes care of it by blocking it. I'm just wondering its origin? THANK YOU.


Hisn Severity - Blocked
WEB ATTACK: Malicious Exploit Kit Website
Attacking Computer: gcattys.in.ua.64.202.116.156,80
Attacker URL: gcattys.in.ua/d9dj8h5/2

[Bogie Shooter]

From the Internet

Defining an Exploit Kit

An exploit kit, sometimes called an exploit pack, is a toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser. Common exploit targets have been vulnerabilities in Adobe Reader, Java Runtime Environment and Adobe Flash Player.

It�s interesting to see that different specialists define an exploit kit/pack a bit differently, while agreeing on the general characteristics of this type of malware.

Characteristics of Exploit Kits

A key characteristic of an exploit kit is the ease with which it can be used even by attackers who are not IT or security experts. The attacker doesn�t need to know how to create exploits to benefit from infecting systems. Further, an exploit pack typically provides a user-friendly web interface that helps the attacker track the infection campaign.

Some exploit kits offer capabilities for remotely controlling the exploited system, allowing the attacker to create an Internet crimeware platform for further malicious activities.

For an overview of the key characteristics of common exploit kits, see Mila�s Overview of Exploit Packs, which includes a spreadsheet of exploit kit features.

Competing for Customers and Victims

An exploit kit is a launching platform used to deliver other payload, which may include a bot, a backdoor, spyware or another type of malware. In this context, exploit kit authors and distributors compete for customers.

The ease of use and affordability of exploit packs makes it possible even for people with low technical skills to become a �hacker,� be it for profit, politics or other reasons. The user friendliness of the control interface of the exploit kit might be one a market differentiator, helping it stand out from the competition.

Overall, it�s not uncommon for criminals of all shapes and sizes to battle one another for control. I�m not surprised we�re seeing such battles in the Internet world as well. Though there are a lot of potential targets for competing attackers to infect, it�s natural for the attacker to wish to assert full control over newly-compromised system. If the host is already infected, the new attacker will need to remove the presence of a competing entity. It�s a variation of a children�s game called King of the Hill, though obviously with more severe repercussions.

Exploit Kits and Geographic Boundaries

Some of exploit kits are developed and marketed in a specific country and, therefore, will be used more widely by attackers who speak that language or who hang out in those forums. However, the �beauty� of exploit kits is that they can be developed in Country A, sold in Country B, and used in Country C to attack Country D by using systems hosted in Country E. As the result, is that it�s hard to attribute malicious activity to actors located in a particular country by simply looking at IP addresses observed during the immediate attack.

Resisting Exploit Kit Attacks

Though some exploit packs target zero-day vulnerabilities, a large number of exploits go after vulnerabilities for which patches exist. End-users and organizations should look closely at how they keep up with security patches on the desktop. End-users at home can use auto-update mechanisms of the targeted applications or specialized tools such as Secunia PSI. Enterprise environments should use automated tools to identify vulnerable systems, install relevant patches and validate that the patches are installed. It�s also important to lock down the environment so that when an individual system is affected, the attack is contained and discovered quickly.

[senior citizen]

Quote:

Originally Posted by Bogie Shooter;902***

From the Internet

Defining an Exploit Kit

An exploit kit, sometimes called an exploit pack, is a toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser. Common exploit targets have been vulnerabilities in Adobe Reader, Java Runtime Environment and Adobe Flash Player.

It�s interesting to see that different specialists define an exploit kit/pack a bit differently, while agreeing on the general characteristics of this type of malware.

Characteristics of Exploit Kits

A key characteristic of an exploit kit is the ease with which it can be used even by attackers who are not IT or security experts. The attacker doesn�t need to know how to create exploits to benefit from infecting systems. Further, an exploit pack typically provides a user-friendly web interface that helps the attacker track the infection campaign.

Some exploit kits offer capabilities for remotely controlling the exploited system, allowing the attacker to create an Internet crimeware platform for further malicious activities.

For an overview of the key characteristics of common exploit kits, see Mila�s Overview of Exploit Packs, which includes a spreadsheet of exploit kit features.

Competing for Customers and Victims

An exploit kit is a launching platform used to deliver other payload, which may include a bot, a backdoor, spyware or another type of malware. In this context, exploit kit authors and distributors compete for customers.

The ease of use and affordability of exploit packs makes it possible even for people with low technical skills to become a �hacker,� be it for profit, politics or other reasons. The user friendliness of the control interface of the exploit kit might be one a market differentiator, helping it stand out from the competition.

Overall, it�s not uncommon for criminals of all shapes and sizes to battle one another for control. I�m not surprised we�re seeing such battles in the Internet world as well. Though there are a lot of potential targets for competing attackers to infect, it�s natural for the attacker to wish to assert full control over newly-compromised system. If the host is already infected, the new attacker will need to remove the presence of a competing entity. It�s a variation of a children�s game called King of the Hill, though obviously with more severe repercussions.

Exploit Kits and Geographic Boundaries

Some of exploit kits are developed and marketed in a specific country and, therefore, will be used more widely by attackers who speak that language or who hang out in those forums. However, the �beauty� of exploit kits is that they can be developed in Country A, sold in Country B, and used in Country C to attack Country D by using systems hosted in Country E. As the result, is that it�s hard to attribute malicious activity to actors located in a particular country by simply looking at IP addresses observed during the immediate attack.

Resisting Exploit Kit Attacks

Though some exploit packs target zero-day vulnerabilities, a large number of exploits go after vulnerabilities for which patches exist. End-users and organizations should look closely at how they keep up with security patches on the desktop. End-users at home can use auto-update mechanisms of the targeted applications or specialized tools such as Secunia PSI. Enterprise environments should use automated tools to identify vulnerable systems, install relevant patches and validate that the patches are installed. It�s also important to lock down the environment so that when an individual system is affected, the attack is contained and discovered quickly.

WOW. THANK YOU SO VERY MUCH.
I appreciate all of the information.
Norton seems to have solved the problem, but I wonder.
Sounds quite involved. Again, thanks.

[graciegirl]

Quote:

Originally Posted by senior citizen

WOW. THANK YOU SO VERY MUCH.
I appreciate all of the information.
Norton seems to have solved the problem, but I wonder.
Sounds quite involved. Again, thanks.

I have had similar issues. It is like the common cold when you visit any large website. EXCEPT it can be very annoying and even harmful. Keep your security updates current.

[villagetinker]

Very interesting, I am using Norton 360 product (computers and phones) and I get no such message. Norton offers online help. I would suggest contacting Norton directly to see what the issue is.

[zcaveman]

Quote:

Originally Posted by villagetinker

Very interesting, I am using Norton 360 product (computers and phones) and I get no such message. Norton offers online help. I would suggest contacting Norton directly to see what the issue is.

I use Norton NIS and occasionally I get hit. I am glad that Norton is protecting me.

Z

[senior citizen]

Quote:

Originally Posted by zcaveman

I use Norton NIS and occasionally I get hit. I am glad that Norton is protecting me.

Z

Yes, Norton is excellent. They have straightened out some issues.

For awhile, the "Web Attack; Malicious Exploit Kit Website" message was GONE......but now it has returned, yet only when I log onto TOTV. But, Norton pops up with the message that all is taken care of. (I'm paraphrasing that).

My main problem now is that my "d" key on the keyboard went from just sticky & problematical occasionally, to so stubborn I have to hold it down forever until it works again.

I discovered that I have an "onscreen keyboard" which has been a Godsend temporarily.

My husband vacuumed out my entire keyboard but it is still STUCK.

I read on "Ask How" whereby you can remove the troublesome key from the keyboard and replace it with a new "d" key.

I will let my husband attempt that. If he cannot, then we will bring it down to Staples to their repair department.

This is a relatively NEW computer. Made in China.
Top of the line HP. Oh well.

[graciegirl]

Quote:

Originally Posted by senior citizen

Yes, Norton is excellent. They have straightened out some issues.

For awhile, the "Web Attack; Malicious Exploit Kit Website" message was GONE......but now it has returned, yet only when I log onto TOTV. But, Norton pops up with the message that all is taken care of. (I'm paraphrasing that).

My main problem now is that my "d" key on the keyboard went from just sticky & problematical occasionally, to so stubborn I have to hold it down forever until it works again.

I discovered that I have an "onscreen keyboard" which has been a Godsend temporarily.

My husband vacuumed out my entire keyboard but it is still STUCK.

I read on "Ask How" whereby you can remove the troublesome key from the keyboard and replace it with a new "d" key.

I will let my husband attempt that. If he cannot, then we will bring it down to Staples to their repair department.

This is a relatively NEW computer. Made in China.
Top of the line HP. Oh well.

Some advice. Don't go on Topix. You can get ugly things there.

[senior citizen]

Quote:

Originally Posted by graciegirl

Some advice. Don't go on Topix. You can get ugly things there.

The one & only place it shows up is T.O.T.V. website......
Have you encountered it on Topix???

Norton took care of it twice .......
Severity: High

No further action is required but you may wish to perform some of the following actions as a precautionary measure.
• Run the Norton Power Eraser. (home users)
• Run the Symantec Power Eraser. (business users)
• Update your product definitions and perform a full system scan.
• Identify suspicious files.
• Submit suspicious files to Symantec for analysis.

An exploit kit is a drive-by download attack that looks for unpatched vulnerabilities in your operating system and programs, that can be used to install malware without any action on your part.

Norton detected the threat and blocked it. You may want to run LiveUpdate and scan your system just to be certain that nothing managed to slip though, but otherwise there is no cause for concern and really nothing else you need to do.

Note that Norton blocked the threat at the initial stage - the exploit kit. In order to infect your system the kit would still have needed to find a vulnerable program, launch the exploit and install the malicious payload.

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

This signature detects attempts to download exploits from a malicious toolkit which may compromise a computer through various vendor vulnerabilities

Malicious toolkits contain various exploits bundled into a single package.Victim on visiting the malicious server hosting exploit toolkit is attacked with several different exploits exploiting different vulnerabilities one by one.Exploits may include MDAC,PDF,HCP etc.
















　

[TOTV Team]

We have had the server and site scanned multiple times and there is nothing found. We'll monitor all feedback and continue to provide to the host company.

[Indydealmaker]

I use the free Microsoft Defender (part of Windows 8) and am not seeing any of these error messages. I also occasionally scan with Malwarebytes for NSA bugs.