VIRUS: Caught One!

**MarillionFan** · 4 May 2012, 14:39

Originally posted by NickFitz View Post

OK, tried repeatedly with a clean XP/IE6 VM, and nothing.

Switched to an XP/IE7 VM, and lo! I have a Java-based something trying to do me over

I caught it because I'm running the VM's web connection through an HTTP debugging proxy, so I should have all the info necessary to work out how it's being delivered, and therefore which bit of CUK is pumping it out.

I'll see what I can find out about it and get together with admin to sort things out. Hopefully we should be able to get rid of this crap ASAP

Oh bugger. Rumbled.

**OwlHoot** · 4 May 2012, 14:40

I imagine it's most likely a link someone included in a post.

**NickFitz** · 4 May 2012, 14:43

Originally posted by OwlHoot View Post

I imagine it's most likely a link someone included in a post.

No, it's activated before the page rendering gets that far. In fact it was on the /general page, so I haven't even managed to view any posts yet: it's written in Java, and the VM I'm using doesn't have Java installed (clean XP SP2), so IE has errored out after downloading it.

**administrator** · 4 May 2012, 14:56

Thanks Nick! That is wicked news. Will be home in a bit and will catch up with you then. Send me over whatever you have found. Dim, why on earth are you still running IE7?

**northernladuk** · 4 May 2012, 14:58

Can we fix the virus that fills general up with crap as well?

**SimonMac** · 4 May 2012, 14:58

Originally posted by northernladuk View Post

Can we fix the virus that fills general up with crap as well?

Yes but it would involve banning most of the congregation

**fullyautomatix** · 4 May 2012, 15:08

Can Admin/Nick please confirm that this is a IE 7 isolated problem and does not affect IE 10/Firefox/Chrome ??

Its important I know this straight away.

<waits with fingers poised over the delete account button>

**NickFitz** · 4 May 2012, 15:40

Originally posted by fullyautomatix View Post

Can Admin/Nick please confirm that this is a IE 7 isolated problem and does not affect IE 10/Firefox/Chrome ??

Its important I know this straight away.

<waits with fingers poised over the delete account button>

Not certain yet: the code is heavily obfuscated and mixed in with perfectly valid stuff. I have one confirmation of it being seen in Opera. I also seem to have had one occurrence of Safari (on Mac) being fed the link, but the server containing the nasty just returned a zero-length response, presumably because it realised it wouldn't do any good.

I'll post info as I find it.

Actually scrub that: I've just tried Firefox (old, probably 3.6) and Chrome (fresh install) on the same VM and they were fine. Went back to IE7 and it got a nasty thrown at it again. So the code is definitely trying to avoid downloading anything on Firefox and Chrome, at least on the times I've tried.

Just installed Opera: it was sent an empty response, like Safari. So at a guess it's deliberately avoiding trying anything on Firefox and Chrome, and the server is not sending anything to Opera and Safari. But this is all tentative at this stage.

I haven't got IE10, so I can't say about that. I'll try it on IE8 later.

**DimPrawn** · 4 May 2012, 15:51

IE9 for me.

VIRUS: Caught One!

VIRUS: Caught One!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

VIRUS: Caught One!

VIRUS: Caught One!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Tag Cloud