I've had this happen to me as well.
Before I was able to kill the iexplorer(due to the huge lag the script casued) some strange new processes showed up...
Anyone have any info on the specifics of this attack and what It may have done that I'll need to clean out?
HTML Script Virus Warning
Quote:Original post by haphazardlynamed
I've had this happen to me as well.
Before I was able to kill the iexplorer(due to the huge lag the script casued) some strange new processes showed up...
Anyone have any info on the specifics of this attack and what It may have done that I'll need to clean out?
First, you'd better disconnect from the intarweb, block all connections except those done by your browser (not IE. Install another one, even if you use it only for a few minutes) and run your antivirus software. If the processes doesn't disapear, try to get a newer version of your antivirus and redo.
If the process are still there, then you're in trouble, as I don't know what they do.
BTW, right now I only see this bit of code in the post.asp pages.
Forget that - I just saw it on topic.asp as well.
Forget that - I just saw it on topic.asp as well.
Quote:Original post by haphazardlynamed
I've had this happen to me as well.
Before I was able to kill the iexplorer(due to the huge lag the script casued) some strange new processes showed up...
Anyone have any info on the specifics of this attack and what It may have done that I'll need to clean out?
The process is a downloader, it downloads trojans and other fun stuff, so it can be a large host of things. I recommend you try running ad-aware, SpybotSD, and a virus scanner. Afterwards update your windows.
Quote:Original post by Emmanuel DelogetQuote:Original post by haphazardlynamed
I've had this happen to me as well.
Before I was able to kill the iexplorer(due to the huge lag the script casued) some strange new processes showed up...
Anyone have any info on the specifics of this attack and what It may have done that I'll need to clean out?
First, you'd better disconnect from the intarweb, block all connections except those done by your browser (not IE. Install another one, even if you use it only for a few minutes) and run your antivirus software. If the processes doesn't disapear, try to get a newer version of your antivirus and redo.
If the process are still there, then you're in trouble, as I don't know what they do.
Erm how about taking the site down and removing this crap, rather than distributing it?? Leaving the site up when you know it has these problems makes you just as bad as the writer of the malicious code.
Have a look at your hosting contract, does it not say something to the effect
Quote:To knowingly upload, copy, post, publish, transmit, reproduce, distribute or participate in the
transfer or transmit any files that contain viruses, corrupted files, malicious code or any other
similar software or programs or ...
But the again your legal terms do say
Quote:...PROVIDER DOES NOT WARRANT 1) THAT THE SOFTWARE IS ERROR FREE, VIRUS FREE,....
Bring on the rhino!
Quote:Original post by dmailIf you're concerned about it so much, why are you still visiting the site?
Excellent keep on spreading malicious code then, rather than taking your users and advertisers into consideration. I realise downtime is a last resort but you have a problem and are spreading it, infecting just one machine and personally I think you have kept the site up too long. Infect an advertisers machine and you loose money and respect ...
Quote:Original post by Evil SteveQuote:Original post by dmailIf you're concerned about it so much, why are you still visiting the site?
Excellent keep on spreading malicious code then, rather than taking your users and advertisers into consideration. I realise downtime is a last resort but you have a problem and are spreading it, infecting just one machine and personally I think you have kept the site up too long. Infect an advertisers machine and you loose money and respect ...
My concern was not myself, I use firefox and a script blocker(NoScript), my concern was for the site and other users!
[edit]
Erm don't know what is going on there, maybe something which has been added just recently is causing this, the post times are incorrect and this new post is being inserted before earlier posts.
Yes, the new one is asking to download the a "VML" renderer.
The other thing was that before I blocked newx0x.com, it copied and tried to install PWS:Win32/Lmir.gen (a password stealer) to my PC. Fortunately OneCare caught it before it could do any harm.
The other thing was that before I blocked newx0x.com, it copied and tried to install PWS:Win32/Lmir.gen (a password stealer) to my PC. Fortunately OneCare caught it before it could do any harm.
Quote:Original post by dmail
Erm how about taking the site down and removing this crap, rather than distributing it?? Leaving the site up when you know it has these problems makes you just as bad as the writer of the malicious code.
I have to disagree. Further, I have to point out that we have curtailed the malicious code previously, but experienced adverse interactions with other site software. Even further, we have now taken extensive steps to correct not only the vulnerability but also other configuration issues. There will be some minor breakages (images not fully loading here and there) as caches are repopulated, etc, but we're managing to do so without taking the site down.
You, as an individual, may think it is okay for the site to go down. Our audience, in aggregate, however, does not. That audience includes people who are paying for a subscription service, such as GDNet+, or companies that pay to advertise products and jobs. Downtime is an absolute worst-case scenario, and we want to avoid it if at all possible.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
