A new reason to avoid Deere

[Sysop]

Was trying to lend assistance to a new TBN member, who had only posted a model number of their tractor. I did a search, it came up as a JD model number. I clicked over to the Deere site to see the details of this tractor, and they tried to infect me...

The following event occurred on the Untangle Server @ 2017-04-06 13:28:54.831

HTTP virus blocked:
Virus Blocker Lite found virus [Swf.Exploit.CVE_2016_7874-5351170-0(f05d244640a7faea65decc5fc92c6a7f:98015)] hxxp://www.deere.com/media/player/playerdata/Player.swf

Which is a VERY nasty thing.

NVD - CVE-216-7874

Also: All I did was open the tractors product page. I'm guessing the media player is the part that is doing the slideshow at the top of the page. Users beware.

 

[MORRISONSTEEL]

Are you sure this is not something along the lines of a bad/malicious extension on your browser? An older example would be the fake evernote extension. These make it look like it is the website you are visiting. I personally will not be avoiding their website, haven't had anything like that happen since they put up a page many moons ago. If it happened to me I would probably be looking to run a clean up like malwarebytes or something.

 

[coobie]

Them stinking deere.I try to avoid them but they keep coming back..

 

[Egon]

But, but ; I just want to turn the key on mine?

 

[Sysop]

Are you sure this is not something along the lines of a bad/malicious extension on your browser? An older example would be the fake evernote extension. These make it look like it is the website you are visiting. I personally will not be avoiding their website, haven't had anything like that happen since they put up a page many moons ago. If it happened to me I would probably be looking to run a clean up like malwarebytes or something.

Typically, if it were a rogue extension, the offending file would be being pulled from another server, not deere.com. That being said; I don't use extensions, and use In-Private for general web searches such as the one above. Untangle Server is my Router, which performs antivirus scans on all incoming data. The virus was found in data that was coming directly from deere.com. It never was passed through my router to my PC.

I do this stuff for a living and guarantee it is as it seems, deere.com is using Flash vulnerabilities to exploit user's systems for arbitrary code execution. It is a cross platform vulnerability that not only works on Windows, but MacOS and ChromeOS also. This should be considered a severe threat.

 

[kthompson]

Sysop, why would Deere do such or what would they hope to gain? No I am not a computer expert just use one many hours, many hours per week on the internet. Today using Chrome and Windows 10 I was web site that I doubt would have knowing had a virus or such on it. One thing I have had to learn to watch for is fake web sites whose address often shows up before the valid company does in a search.

Do I think it possible their site could be infected? Sure the Federal Government has had it happen.

 

[Sysop]

Who says it is Deere themselves? Perhaps their systems are compromised and it's a 3rd party that infected their webserver? Perhaps they have a rogue employee or 3rd party contractor? Perhaps the Ukrainians that are distributing hacked firmware are the perpetrator? Who really knows or cares? Fact is, I'd not visit deere.com with a system that has a vulnerable version of Flash installed and doesn't have proper protections in place. If you're not savvy enough on a computer to ensure these things, avoid deere.com altogether.

 

[Wagtail]

Who says it is Deere themselves? Perhaps their systems are compromised and it's a 3rd party that infected their webserver? Perhaps they have a rogue employee or 3rd party contractor? Perhaps the Ukrainians that are distributing hacked firmware are the perpetrator? Who really knows or cares? Fact is, I'd not visit deere.com with a system that has a vulnerable version of Flash installed and doesn't have proper protections in place. If you're not savvy enough on a computer to ensure these things, avoid deere.com altogether.

You did. It is implied in you thread title.

If there's a problem with a website, report it as such. Have you reported the issue to JD? Are they aware of it and have fixed the infection that you detected?

 

[Sysop]

Ok, I didn't get specific in the title and say "A new reason to avoid Deere.com". But honestly, it could as easily be them doing something dastardly as anything else. ESPN.com regularly has virus laden code spewing out of their advertising system, and it is regularly reported, but never gets any better. Some companies simply don't care. I don't know if that is the case with JD, but I'm not going to spend my time and risk my resources to hang out on their site and find out.

I personally have no contact information for them, nor was I going to poke around on a site I know is sending viruses to exploit visitors just to find some contact information. Just because my router stopped that one, doesn't mean it will stop the next one they could send. I'm not going to increase my risk by remaining connected to their site. If they have competent people working for them, it should not have happened at all; having happened, if competent, it should be found and fixed fast, unless they either just don't care or are doing it purposely.

 

[s219]

Another reason I avoid flash.

 

[Sysop]

That is a good way to mitigate many threats. Avoiding Java is as well.

 

[Paystar]

I didn't need any other reasons to avoid a John Deere, LOL.

 

[Sysop]

Me either, I just wanted to pass on a warning to those that may be shopping. I'd hate to see someone be the victim of identity theft or worse because they visited a malicious site.

 

[s219]

That is a good way to mitigate many threats. Avoiding Java is as well.

Amazingly, my employer -- who is generally over-zealous with IT security -- continues making online training content for employees that uses Java and Flash. So we have to have both on our computers. It boggles the mind. I am pretty sure they sub it out to a low bidder.

I have both Flash and Java disabled on my everyday browser, and pull up a sequestered version of Chrome with them enabled when I have to take training.

 

[Wagtail]

Well, I just 'threw myself on this grenade" and visited the JD website... yes, the US one.

Everything is fine, no alerts from my 'Panda' security.

I appreciate the warning, though.

So, what exactly were all of the other old reasons to avoid Deere?

 

[kthompson]

I agree a company has a responsibility to prevent damage to people who put there trust in their products whether a tractor or web site.

But here is my question: is there the ability of a virus to hit you from any source in the routing between a computer and a web site? We use good software and scan systems often for infections and find some well know companies want to down load tracking software which one program we use points out itself is not bad, it is what the info is used for.

 

[Kyle_in_Tex]

Well, I just 'threw myself on this grenade" and visited the JD website... yes, the US one.

Everything is fine, no alerts from my 'Panda' security.

I appreciate the warning, though.

So, what exactly were all of the other old reasons to avoid Deere?

Thanks, you got my first gut busting laugh of the day going.

 

[adventure bob]

look at the url: it's hxxp, it's not deere it's you for not looking at the link before you clicked it. deere has no sites that begin with hxxp. look before you click

 

[TheMadOne]

look at the url: it's hxxp, it's not deere it's you for not looking at the link before you clicked it. deere has no sites that begin with hxxp. look before you click

"hxxp" is a standard way of writing "http" so that it doesn't read as an active link. I think it can also be used as a way to set up a clone site as well, but I'm not 100% on that.

 

[Paystar]

Maybe it was just a Deere tick? I hear you catch stuff from them.