It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Kaspersky Anti Virus - Malicious Software?

page: 1
0

log in

join
share:

posted on Dec, 3 2008 @ 06:53 PM
link   
I didn't know quite where to put this, but it seems my Kaspersky Anti-Virus program has been detecting attempts to download malicious software when I visit threads on ATS. I'm assuming it's ads or something...



tinypic.com...


 


Edited title since the malicious URL is not an ATS IP.

[edit on 3-12-2008 by SkepticOverlord]




posted on Dec, 3 2008 @ 09:30 PM
link   
I've been hitting that and several threads for the past 20 minutes, on Windows, with very sensitive anti-virus and firewall settings with no issues.

The IP indicated by Kaspersky is not one of our IP addresses. I also visited the indicated URL:
85.17.238.144/74812/
## IMPORTANT -- members who are not confident in their computer security should not visit that URL ##
The page and server contains dynamic code and delivers blank content for Mac and Linux users.
However, it does indeed attempt to load malicious code through a hidden iFrame.

Can you get the actual Kaspersky logs that indicate the event? It should show what triggered the attempt to hit that URL, and from there we can investigate further.


Also, if you Google the IP, at least one other person has found it to be of malicious intent.
realsecurity.wordpress.com...


[edit on 3-12-2008 by SkepticOverlord]



posted on Dec, 3 2008 @ 09:31 PM
link   
[Removed, per Bills post above.]

[edit on 3.12.2008 by Shugo]



posted on Dec, 3 2008 @ 09:45 PM
link   
I hope Kaspersky is OK. My company just dumped Norton and made Kaspersky our default protection. I can't do my job without my computer.



posted on Dec, 4 2008 @ 01:51 AM
link   
The IP shown is an Netherlands IP.

Click here and run the "test my dns" button, if that gives a vuln hit. Change your dns server, wouldnt hurt to kick your admins an email telling them.

A few DNS servers:

4.2.2.2 (verizon)
209.210.176.8 (sisna)
209.210.176.9 (sisna)



posted on Dec, 4 2008 @ 02:16 AM
link   
The file on that server, 85.17.238.144/74812/, b.php, is not a virus.
Its just messed up code left over from something.
From what I can see something to do with streaming and java likely for some flash ad.
Its not harmful it just gets detected as something unknown because its messed up and incomplete and also tries to make you download it.
Although Firefox didn't even offer to DL it only IE7 did.
You could always complain to the people who own it.
Please send email to "abuse@leaseweb.com" for complaints
regarding portscans, DoS attacks and spam.



new topics

top topics
 
0

log in

join