Reply to: Forum Virus

That happened to my mum in Singapore. She was booked on a sightseeing coach trip of the city. Ten minutes before departure she got a phone call saying “Croach tour cransseled, have car for you take you to sites. She was taken to a crap fashion shop for a hard sell and it was then she realised she had been taken for a ride. She left and went back to the hotel. So much for security a Raffles.

It was a symptomless infection on my machine as far as I know - I didn't know I'd been infected, but ran that antimalware software you mentioned anyway, and it detected and deleted it. I assume it's gone now.

shit:e, sorry TimberWolf Did mbam clean it OK? Hope you didn't have to reinstall or anything.

Yes, this was the same iframe kind of hack that is being used on the Wordpress sites but it was calling a page from an Indian site and I am certain this was just a page that would trigger the Trojan payload that would check the browser etc on your machine to see if it could be hacked at all. Very easy to hit on a site that has been hacked and get infected. As others in this thread said - try Avast, it was the only AV that detected it.

Who got infected? I did. And when I ran the anti malware software admin recommended, that was the only malware found. So in all my years of browsing on this PC and all the dodgy sites that I must have accidentally strayed across, seemingly CUK was the only one to infect me. How odd.

I'm a bit disappointed that it's still so easy to become infected, just by viewing a webpage.

Why on Earth would anyone hijacked and redirected to a site in that way have the faintest inclination to buy anything there? Surely that's the opposite of what any rational person would want.

It's the e-equivalent of being grabbed in the street konked on the head and hustled half stunned into a crappy junk shop, where they then release you and expect you to start looking around and buying things.

According to El Reg, there's a virus using iFrames to attack out of date Wordpress sites

I think someone up-thread mentioned they'd seen Java load in response to the nasty that was briefly here on CUK. Maybe it's a variation on the same attack...

From the comments on the El Reg article

The moral of that is to keep the number of plugins you use down to the minimum you need, and that applies to all CMS products, not just Wordpress. I am subscribed to the Drupal Security alerts for example, and the regular reports of vulnerabilities in Drupal modules is a gentle reminder to keep the attack surface as low as I can.

I finally found what was letting my blog be hacked repeatedly (I think!), and signed up to some security newsletters.

I also installed Sucuri Scanner which was what warned me about the readme.html file.

Of course, doing a Google search for *.php~ is a good one, which reveals some interesting ways to get into websites.

Good catch.

The Wordpress readme.html is accessible to the outside world and mine was announcing 3.3 until I applied the latest update.

3.3.1 came out in early January and did contain some security fixes.

If you are on Wordpress, make sure that you remove the readme file as well. Wonder if vBulletin has the same kind of thing.

Do VBulletin offer patch notifications or security alerts by mail or RSS? I find this sort of thing from other vendors pretty useful for making you jump when you should.

I once Googled for a something like "Wordpress x.y" and came up with gazillions of hits. The "perps" probably have that sort of thing automated.

Hmmm: http://dictionary.reference.com/browse/virus

"3. a corrupting influence on morals or the intellect; poison."

There's two FB groups - CUK and CUK photos.

God only knows who looks after them these days - used to be me. Maybe RH and Gonzo???

I created the CUK photos one, but I'm not a member of the group any more, so don't know who looks after it.

I think Zara created the LinkedIn page, but again I'm not sure.

https://twitter.com/itcontracting

Yeah have been for a while but don't really do much on there apart from tweet the news as it comes out. Trying to do more but I don't tend to have time to put any real effort in to it

Will look at setting up a FB fan page or whatever it is. Although I don't even have time to look at what friends and relatives get up to on FB so don't hold your breath on that one...

There's a LinkedIn group, I'd no idea there was a FB page.