Harnessing Ingenuity January 12, 2008
Posted by Simeon Simeonov in Weblogs.trackback
I found Afrigadget through a short write-up in Fortune. The site can be an inspiration for many, but especially the garage-type entrepreneurs who haven’t made money before. It’s about engineers, entrepreneurs and inventors in Africa who create cool & useful things using uncool and in many cases scrap parts, as in the case of the homemade helicopter below whose heart is a Honda Civic engine.
Warning: when I browse to Afrigadget, Symantec Anti-Virus reports that the site tries to download malware called Downloader. It is successfully blocked/deleted. This could be a false positive or someone could have indeed hacked the site and positioned some malware there. Comments from security gurus and people using other anti-virus tools are welcome.
sure looks like it. Downloader is a precursor to other trojans and viruses being installed on your machine. Could easily be a script injection attack via some bad advertisement SSI that’s been put on the page. Haven’t browsed over there to check, but that’s my wager.
Chris, I don’t see any ads there, which is why I assumed that a hacker has made a mod to the site. If you have a few spare minutes (yeah, you can laugh) I’d appreciate it if you hit the site and see for yourself.
I don’t get that problem at all when visiting the site with latest Firefox. Nothing tries to get downloaded… Maybe it’s already fixed
Wow; I would assume that a Civic engine would be too heavy for a helicopter. I am happily mistaken- this seems like a very cool group.
The trend of legitimate sites being attacked as malware delivery points is growing. I talk about this problem in my latest podcast on CNET.
Security Bites Podcast: When Web apps attack
http://www.news.com/Security-Bites-Podcast-When-Web-apps-attack/2324-12640_3-6225817.html?tag=item
Many small site owners don’t have the resources to keep their web sites secure. They often build these sites out of open source components and open source web apps that have checkered security records. In addition when a vulnerability is found in something they are using they don’t get wind of it so they don’t upgrade. The bad guys have an easy time of finding a vulnerable site and modifying its content to attack the people who browse the site. They then install their spyware or bots.