It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Recent Virus/Malware Reports -- and more

page: 1
2

log in

join
share:

posted on Feb, 12 2009 @ 10:22 PM
link   
There was a recent contentious thread about a possible URL appearing somewhere within ATS that launched a stealth downloader... the URL was included in the thread opening post.

The complaint about the URL is correct, though I have not been able to find it while browsing ATS.

However, after going to the URL in Windows (I run a segregated virtual machine), malicious code was indeed downloaded and launched, getting past the detection of two scanners I have installed. Once the malicious download completed, I started getting alerts from AVG.

Other online complaints about the offending URL indicate the malware has possible come from spam email using a DOM object to run the installer. Apparently you only get the alerts about the URL if you're infected.

The thread was removed because the URL was repeated so many times... and I didn't want anyone else hitting it.


We're going to create a new form, similar to our contact form, that will help our members better report suspected malware events while browsing ATS. The form will take you through the steps of gathering as much information as possible so that we can better investigate if there is a problem or not.

The form will submit your report to a private forum for our PC-experts to review and investigate when needed. This way, potentially malicious URL's are not exposed to our entire user-base.


Thanks.




posted on Feb, 12 2009 @ 10:28 PM
link   
Also...

The malicious domain was traced back to a server owner by Peer1.net hosting.

We've initiated an abuse ticket with them, and I've alerted someone I know who works there.

Hopefully the offending machine is shut down soon.



posted on Feb, 12 2009 @ 10:28 PM
link   
I just ran a scan with avg and it didn't pick it up, but I did receive the threat detection. Does this mean I have the virus or not? how can I make sure?

[edit on 12-2-2009 by Schleprock]



posted on Feb, 12 2009 @ 10:31 PM
link   
reply to post by SkepticOverlord
 


Is there anything that we need to do to check and make sure we do not have this?

Semper



posted on Feb, 12 2009 @ 10:35 PM
link   
I clicked that URL a bunch of times- both in Safari and FireFox, and all I got was a blank white page. Was that the virus?



posted on Feb, 12 2009 @ 10:37 PM
link   

Originally posted by Schleprock
how can I make sure?

Being more of a Mac/Linux "guy" myself, I'm not one to ask.

It's a very recent piece of malware, and I suspect the scanner companies will provide updates soon. I have a spam email with the subject line, "Is a Rep1icaWatch really worth it? akpvgo tms" with the domain hidden in the email HTML... nothing will happen as I'm viewing it on a Mac. But this is likely how people are getting it.

The most common way of getting malware is not through web pages or web ads, it's through spam email.



posted on Feb, 12 2009 @ 10:38 PM
link   

Originally posted by stevegmu
Was that the virus?

Yes. If you're on a PC and heard your hard drive working while on that page... you most likely now have the malware. But I'm still not sure what it does. It appears to be currently innocuous, but is probably timed to download a malicious payload some time in the future.



posted on Feb, 12 2009 @ 10:46 PM
link   
I just posted in another thread about getting alerts today. I just got one informing me of a multiple threat detection involving a file:

---malicious domain removed---

Under the Infection column it says:

Exploit MDAC ActiveX code execution(type 165)

I really don't think I'm infected, I don't want to be infected! Everything is running fine and my scans come up with nothing. Everything is updated. I don't know off to do a full computer scan.


[edit on 12-2-2009 by SkepticOverlord]



posted on Feb, 12 2009 @ 11:01 PM
link   
Does any one know the name of the virus so I can be sure to get the right DAT to scan of for it?



posted on Feb, 12 2009 @ 11:04 PM
link   

Originally posted by SkepticOverlord

Originally posted by stevegmu
Was that the virus?

Yes. If you're on a PC and heard your hard drive working while on that page... you most likely now have the malware. But I'm still not sure what it does. It appears to be currently innocuous, but is probably timed to download a malicious payload some time in the future.


No, I'm on a Mac Pro.



posted on Feb, 13 2009 @ 01:15 AM
link   
reply to post by SkepticOverlord
 


Attacking IP address 76.74.156.142
url address: ---malicious URL removed---

High Risk

[edit on 13-2-2009 by SkepticOverlord]



posted on Feb, 13 2009 @ 02:11 AM
link   
It just never seems to end does it. What I dont understand is why these ISP hosts that park these malicious servers on their systems dont detect them and take them down before they become a problem.

Many host providers go to great extent to make sure there is no content spooling off their systems that are illegal or not appropriate. Why cant they catch these cracker jacks of internet chaos then?

For one, just look at that URL. That alone raises a red flag. I mean does it actually take a slide rule to figure out a devious url name like that to being one that could potentially link into a malware server? It sure does to me and I am no network guru. Just some common sense here and that url sends off all the warning horns and lights right off the bat.

There was a time that the only thing to worry about being on the net was getting disconnected or serious lag in a good Quake game. There has to be something that these host providers can do to stop this nonsense.

Sorry if this seems like a rant. Its just getting pathetic with the net these days with all this virus/malware/spyware crap. Ruins the enjoyment and benefit of what the net is supposed to be for.




Cheers!!!!



posted on Feb, 15 2009 @ 12:09 PM
link   
For ATS info, this stupid URL or server or whatever it is, just tried to attack my pc, but Norton blocked it right off the bat.



Now I am not any network guru or web server guru but shouldnt you guys be able to track this down and keep it from spooling through your servers or code or whatever?

It is obviously working its way through the ATS systems, be it the advertising banners or something, but its definately comming through here and no where else. This is the only browser I have open with no other tabs active.

Hope you guys find it and kick its butt because this is definately not good, for both the members and ATS.

,,ps
Just as I was reviewing my post, I noticed some suspicious addresses popping in and out of the address bar at the bottom of the browser and managed to screen capture that too. Link to that capture below.



Not sure if that is normal because I never noticed that before. Providing as much as I can for your info.


Cheers!!!!

[edit on 15-2-2009 by RFBurns]



posted on Feb, 15 2009 @ 12:35 PM
link   
I'm using Firefox. When clicking on thread links, I get this:



Happened to me twice today.

Is this related?



posted on Feb, 15 2009 @ 01:32 PM
link   

Originally posted by RFBurns
It is obviously working its way through the ATS systems,

What makes you so certain about that? Do you have any anti-malware scanner logs that show the event was initiated through an ATS URL, or the URL of one of our advertising networks? If so, please forward it to me.



posted on Feb, 15 2009 @ 01:44 PM
link   
I also got the alarm of high risk attack from Norton - just a couple of hours ago. It said it blocked it. I didn't think to capture the information. If it comes up again then I'll copy it and post it.



posted on Feb, 15 2009 @ 10:37 PM
link   
Can you post the title of the thread so that I can ascertain if I may have been exposed to the link ? It would save me allot of time of having to act like a geeky version of Sherlock Holmes.

I'm running the right utilities. I am setup to log just about everything that happens on my computer and received no warnings but I had a browser problem this morning after initial boot up. I really don't feel like doing a complete reinstall right now.



posted on Feb, 15 2009 @ 10:53 PM
link   
reply to post by FlyersFan
 


I get the same thing; three times so far today. But, Symantec catches it and blocks it from doing anything.

It's gotta be something in the ads, not ATS.



new topics

top topics



 
2

log in

join