A new reason to avoid Deere

[Sysop]

Was trying to lend assistance to a new TBN member, who had only posted a model number of their tractor. I did a search, it came up as a JD model number. I clicked over to the Deere site to see the details of this tractor, and they tried to infect me...

The following event occurred on the Untangle Server @ 2017-04-06 13:28:54.831

HTTP virus blocked:
Virus Blocker Lite found virus [Swf.Exploit.CVE_2016_7874-5351170-0(f05d244640a7faea65decc5fc92c6a7f:98015)] hxxp://www.deere.com/media/player/playerdata/Player.swf

Which is a VERY nasty thing.

NVD - CVE-216-7874

Also: All I did was open the tractors product page. I'm guessing the media player is the part that is doing the slideshow at the top of the page. Users beware.

 

[MORRISONSTEEL]

Are you sure this is not something along the lines of a bad/malicious extension on your browser? An older example would be the fake evernote extension. These make it look like it is the website you are visiting. I personally will not be avoiding their website, haven't had anything like that happen since they put up a page many moons ago. If it happened to me I would probably be looking to run a clean up like malwarebytes or something.

 

[coobie]

Them stinking deere.I try to avoid them but they keep coming back..

 

[Egon]

But, but ; I just want to turn the key on mine?

 

[Sysop]

Are you sure this is not something along the lines of a bad/malicious extension on your browser? An older example would be the fake evernote extension. These make it look like it is the website you are visiting. I personally will not be avoiding their website, haven't had anything like that happen since they put up a page many moons ago. If it happened to me I would probably be looking to run a clean up like malwarebytes or something.

Typically, if it were a rogue extension, the offending file would be being pulled from another server, not deere.com. That being said; I don't use extensions, and use In-Private for general web searches such as the one above. Untangle Server is my Router, which performs antivirus scans on all incoming data. The virus was found in data that was coming directly from deere.com. It never was passed through my router to my PC.

I do this stuff for a living and guarantee it is as it seems, deere.com is using Flash vulnerabilities to exploit user's systems for arbitrary code execution. It is a cross platform vulnerability that not only works on Windows, but MacOS and ChromeOS also. This should be considered a severe threat.

 

[kthompson]

Sysop, why would Deere do such or what would they hope to gain? No I am not a computer expert just use one many hours, many hours per week on the internet. Today using Chrome and Windows 10 I was web site that I doubt would have knowing had a virus or such on it. One thing I have had to learn to watch for is fake web sites whose address often shows up before the valid company does in a search.

Do I think it possible their site could be infected? Sure the Federal Government has had it happen.

 

[Sysop]

Who says it is Deere themselves? Perhaps their systems are compromised and it's a 3rd party that infected their webserver? Perhaps they have a rogue employee or 3rd party contractor? Perhaps the Ukrainians that are distributing hacked firmware are the perpetrator? Who really knows or cares? Fact is, I'd not visit deere.com with a system that has a vulnerable version of Flash installed and doesn't have proper protections in place. If you're not savvy enough on a computer to ensure these things, avoid deere.com altogether.

 

[Wagtail]

Who says it is Deere themselves? Perhaps their systems are compromised and it's a 3rd party that infected their webserver? Perhaps they have a rogue employee or 3rd party contractor? Perhaps the Ukrainians that are distributing hacked firmware are the perpetrator? Who really knows or cares? Fact is, I'd not visit deere.com with a system that has a vulnerable version of Flash installed and doesn't have proper protections in place. If you're not savvy enough on a computer to ensure these things, avoid deere.com altogether.

You did. It is implied in you thread title.

If there's a problem with a website, report it as such. Have you reported the issue to JD? Are they aware of it and have fixed the infection that you detected?

 

[Sysop]

Ok, I didn't get specific in the title and say "A new reason to avoid Deere.com". But honestly, it could as easily be them doing something dastardly as anything else. ESPN.com regularly has virus laden code spewing out of their advertising system, and it is regularly reported, but never gets any better. Some companies simply don't care. I don't know if that is the case with JD, but I'm not going to spend my time and risk my resources to hang out on their site and find out.

I personally have no contact information for them, nor was I going to poke around on a site I know is sending viruses to exploit visitors just to find some contact information. Just because my router stopped that one, doesn't mean it will stop the next one they could send. I'm not going to increase my risk by remaining connected to their site. If they have competent people working for them, it should not have happened at all; having happened, if competent, it should be found and fixed fast, unless they either just don't care or are doing it purposely.

 

[s219]

Another reason I avoid flash.