ALERT: malvertizements utilizing computer clipboards (copy and paste).

An interesting comment was posted to my blog today - the commentator said:

"...I had my clipboard go crazy last night, and I knew right away, because I write clipboard software (ClipMate) and so I was able to "hear" the clipboard events. This thing was posting more than once a second - overwriting the clipboard with their silly URL.  I think they hope that people inadvertently paste it into blog posts, comments (like this one), e-mail, and such.

I have posted my findings here:
http://www.thornsoft.com/phpBB2/viewtopic.php?t=3567"

Another person complains of the clipboard problem - you can see the discussion here:
http://forums.devnetwork.net/viewtopic.php?f=6&t=86448&p=477521

And here, somebody who accidentally pasted a fraudware URL into a comment:
http://boards.msn.com/MSNBCboards/thread.aspx?threadid=708752&boardsparam=Page%3D983

 

You will see that the person who visited my blog mentions that closing msnbc.com stopped the behaviour.  You will also see that the person who accidentally pasted the URL was using boards.msn.com.  I am worried that msnbc.com may be displaying a malvertizement :o(

Another complaint:
http://forums.techguy.org/malware-removal-hijackthis-logs/729773-weird-copy-paste-virus.html

Published Sat, Aug 9 2008 13:35 by sandi
Filed under: ,

Comments

# re: ALERT: malvertizements utilizing computer clipboards (copy and paste).

Sunday, August 10, 2008 2:20 AM by Amy Sheehan

Please see my comment here posted at dslreports.com

www.dslreports.com/.../r20925461-Malvertisement-on-MSNBCcom-using-clipboard-copypaste

Thanks for posting this info

# re: ALERT: malvertizements utilizing computer clipboards (copy and paste).

Tuesday, August 12, 2008 12:39 PM by Bill Castner

This should be blocked by setting Internet Options, Security, Internet Zone, Scripting, "Allow programmatic Clipboard access" to Disable.

I would be curious if this setting failed to block this vector.

# re: ALERT: malvertizements utilizing computer clipboards (copy and paste).

Thursday, August 14, 2008 10:32 AM by Chris Jackson

I checked my settings for "Allow programmatic Clipboard Access" and it's set to "Prompt." I still caught the virus. I'm still looking for the cure, AVG Enterprise 8.0 didn't find it.

# How Cute.

Friday, August 15, 2008 4:49 PM by twitter

Visiting the site, windowsxp-privacy.net, with Konqueror on Debian Etch was harmless.  It gave me a nifty little XP scan show, just like <a href="discussions.apple.com/thread.jspa mac people saw</a>.  User input does not matter, it drives towards handing you an Windows EXE file.  Konqueror politely asks if you want to download the file.  MSNBC is either clean or does nothing to me, but visiting the xp-vista-update.net site redirects to google.com and puts the same in my clipboard.  It only manages that trick once and the clipboard then continues to function.  Not having flash may be helpful as is having a system that does not allow web pages to do nasty thing.

# re: ALERT: malvertizements utilizing computer clipboards (copy and paste).

Sunday, August 17, 2008 12:02 PM by jeno

Try *disabling* the "clipbook" service also...

# re: ALERT: malvertizements utilizing computer clipboards (copy and paste).

Thursday, October 30, 2008 5:47 PM by computer repair

Interesting post, not sure I agree fully although you make some excellent points, thanks for a good read.