• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: Forum Virus

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Forum Virus"

Collapse

  • Paddy
    replied
    Originally posted by OwlHoot View Post
    Why on Earth would anyone hijacked and redirected to a site in that way have the faintest inclination to buy anything there? Surely that's the opposite of what any rational person would want.

    It's the e-equivalent of being grabbed in the street konked on the head and hustled half stunned into a crappy junk shop, where they then release you and expect you to start looking around and buying things.
    That happened to my mum in Singapore. She was booked on a sightseeing coach trip of the city. Ten minutes before departure she got a phone call saying “Croach tour cransseled, have car for you take you to sites. She was taken to a crap fashion shop for a hard sell and it was then she realised she had been taken for a ride. She left and went back to the hotel. So much for security a Raffles.

    Leave a comment:


  • TimberWolf
    replied
    Originally posted by administrator View Post
    tulipe, sorry TimberWolf Did mbam clean it OK? Hope you didn't have to reinstall or anything.

    Yes, this was the same iframe kind of hack that is being used on the Wordpress sites but it was calling a page from an Indian site and I am certain this was just a page that would trigger the Trojan payload that would check the browser etc on your machine to see if it could be hacked at all. Very easy to hit on a site that has been hacked and get infected. As others in this thread said - try Avast, it was the only AV that detected it.
    It was a symptomless infection on my machine as far as I know - I didn't know I'd been infected, but ran that antimalware software you mentioned anyway, and it detected and deleted it. I assume it's gone now.

    Leave a comment:


  • administrator
    replied
    shit:e, sorry TimberWolf Did mbam clean it OK? Hope you didn't have to reinstall or anything.

    Yes, this was the same iframe kind of hack that is being used on the Wordpress sites but it was calling a page from an Indian site and I am certain this was just a page that would trigger the Trojan payload that would check the browser etc on your machine to see if it could be hacked at all. Very easy to hit on a site that has been hacked and get infected. As others in this thread said - try Avast, it was the only AV that detected it.

    Leave a comment:


  • TimberWolf
    replied
    Who got infected? I did. And when I ran the anti malware software admin recommended, that was the only malware found. So in all my years of browsing on this PC and all the dodgy sites that I must have accidentally strayed across, seemingly CUK was the only one to infect me. How odd.

    I'm a bit disappointed that it's still so easy to become infected, just by viewing a webpage.

    Leave a comment:


  • OwlHoot
    replied
    Originally posted by NickFitz View Post
    Interesting article:
    "Cyber criminals have opened an online store offering website operators increased traffic by hijacking other websites.
    "The Russia-based web shop injects hidden iframes into pages of legitimate, unsuspecting websites to redirect visitors to a buyer's URL."
    Why on Earth would anyone hijacked and redirected to a site in that way have the faintest inclination to buy anything there? Surely that's the opposite of what any rational person would want.

    It's the e-equivalent of being grabbed in the street konked on the head and hustled half stunned into a crappy junk shop, where they then release you and expect you to start looking around and buying things.

    Leave a comment:


  • Sysman
    replied
    According to El Reg, there's a virus using iFrames to attack out of date Wordpress sites

    The link points to a page on compromised WordPress sites (the sites appear legitimate to spam filters) that includes a hidden iFrame, which loads the Phoenix exploit kit from a Russian-hosted server.

    Arriving at the page puts surfers in the firing line of a page that attempts exploit multiple vulnerabilities in Microsoft Internet Explorer, Adobe PDF, Flash and Oracle Java. The attack is ultimately designed to distribute a information-harvesting Trojan, dubbed Cridex-B.
    I think someone up-thread mentioned they'd seen Java load in response to the nasty that was briefly here on CUK. Maybe it's a variation on the same attack...

    From the comments on the El Reg article

    I'm totally down with you on the plug-ins and widgets, though. There's a number of blogs out there whose content I really enjoy -- some WordPress-powered, some on Blogger -- but which I hardly ever visit because they're so heavily infested with plug-ins and widgets that they take forever to load and often cause my browser to totally gag, crap its drawers and fall over.
    The moral of that is to keep the number of plugins you use down to the minimum you need, and that applies to all CMS products, not just Wordpress. I am subscribed to the Drupal Security alerts for example, and the regular reports of vulnerabilities in Drupal modules is a gentle reminder to keep the attack surface as low as I can.

    Leave a comment:


  • TheFaQQer
    replied
    Originally posted by Sysman View Post
    Good catch.

    The Wordpress readme.html is accessible to the outside world and mine was announcing 3.3 until I applied the latest update.

    3.3.1 came out in early January and did contain some security fixes.
    I finally found what was letting my blog be hacked repeatedly (I think!), and signed up to some security newsletters.

    I also installed Sucuri Scanner which was what warned me about the readme.html file.

    Of course, doing a Google search for *.php~ is a good one, which reveals some interesting ways to get into websites.

    Leave a comment:


  • Sysman
    replied
    Originally posted by TheFaQQer View Post
    If you are on Wordpress, make sure that you remove the readme file as well. Wonder if vBulletin has the same kind of thing.
    Good catch.

    The Wordpress readme.html is accessible to the outside world and mine was announcing 3.3 until I applied the latest update.

    3.3.1 came out in early January and did contain some security fixes.

    Leave a comment:


  • TheFaQQer
    replied
    Originally posted by Sysman View Post
    I once Googled for a something like "Wordpress x.y" and came up with gazillions of hits. The "perps" probably have that sort of thing automated.
    If you are on Wordpress, make sure that you remove the readme file as well. Wonder if vBulletin has the same kind of thing.

    Leave a comment:


  • Sysman
    replied
    Originally posted by administrator View Post
    I now know about the VBulletin patch system as well so fingers crossed we won't get a VB specific again.
    Do VBulletin offer patch notifications or security alerts by mail or RSS? I find this sort of thing from other vendors pretty useful for making you jump when you should.

    Originally posted by administrator View Post
    We don't output the VB version at the bottom of the site like a lot of forums do to try and make life difficult for people who do take advantage of these exploits. This is the first time in the almost sever years that I have been running the forum that we have had it hit. I won't tempt fate by saying any more
    I once Googled for a something like "Wordpress x.y" and came up with gazillions of hits. The "perps" probably have that sort of thing automated.

    Leave a comment:


  • AtW
    replied
    Hmmm: http://dictionary.reference.com/browse/virus

    "3. a corrupting influence on morals or the intellect; poison."

    Leave a comment:


  • TheFaQQer
    replied
    Originally posted by cojak View Post
    You're on twitter?!?

    I'm not sure about the facebook page I know there's a Facebook group, but that's just for CUK evening photo's and the only people allowed on that need to be in the photos or have taken them...
    There's two FB groups - CUK and CUK photos.

    God only knows who looks after them these days - used to be me. Maybe RH and Gonzo???

    I created the CUK photos one, but I'm not a member of the group any more, so don't know who looks after it.

    I think Zara created the LinkedIn page, but again I'm not sure.

    Leave a comment:


  • NickFitz
    replied
    Originally posted by cojak View Post
    You're on twitter?!?
    https://twitter.com/itcontracting

    Leave a comment:


  • administrator
    replied
    Originally posted by cojak View Post
    You're on twitter?!?

    I'm not sure about the facebook page I know there's a Facebook group, but that's just for CUK evening photo's and the only people allowed on that need to be in the photos or have taken them...
    Yeah have been for a while but don't really do much on there apart from tweet the news as it comes out. Trying to do more but I don't tend to have time to put any real effort in to it

    Will look at setting up a FB fan page or whatever it is. Although I don't even have time to look at what friends and relatives get up to on FB so don't hold your breath on that one...

    Leave a comment:


  • d000hg
    replied
    There's a LinkedIn group, I'd no idea there was a FB page.

    Leave a comment:

Working...
X