OT Virus warning (solved?)
-
-
- Max Miecchi
- Elite Rocketeer
- Posts: 905
- Thanks: 0
- MediaWorks
-
Surfing around I entered the site h..p://www.studentsdesign.de.
Pay attention! The redirect file go.html (pointing to JoomlaMarket) contains a Trojan Downloader!
The only Antivirus that intercepts it is AVG. - Last Edit: 16 years 10 months ago by Max Miecchi.
-
MediaWorks Worldwide
MediaWorks Italia
Communication, Crossmedia, Advertising, IT. Visual, Graphic and Web Design.
-
-
-
- Max Miecchi
- Elite Rocketeer
- Posts: 905
- Thanks: 0
- MediaWorks
- The link was autocreating, now I have changed it anyway. I know that some members are visiting other Joomla! templates sites to compare, I just wanted to avoid them problems.
- Last Edit: 16 years 10 months ago by Max Miecchi.
-
MediaWorks Worldwide
MediaWorks Italia
Communication, Crossmedia, Advertising, IT. Visual, Graphic and Web Design.
-
-
-
- Mack
- Elite Rocketeer
- Posts: 535
- Thanks: 0
- Since you've already been to the site, you might want to drop a note to the webmaster there. It's very possible they are a victim, not a culprit. Someone may have found a hole in the security and put it there without them knowing. I've run across these before, dropped a note in the contact form and was thanked by the admin for letting them know.
- Last Edit: 16 years 11 months ago by Mack.
-
-
-
- Max Miecchi
- Elite Rocketeer
- Posts: 905
- Thanks: 0
- MediaWorks
-
Mack wrote:
Since you've already been to the site, you might want to drop a note to the webmaster there. It's very possible they are a victim, not a culprit. Someone may have found a hole in the security and put it there without them knowing. I've run across these before, dropped a note in the contact form and was thanked by the admin for letting them know.
The first time I entered the page I was redirected to JoomlaMarket, then to StudentsDesign. The agent was on both redirections: who is the owner of the domain? I did a search on whois.de but the owner is hidden. - Last Edit: 16 years 11 months ago by Max Miecchi.
-
MediaWorks Worldwide
MediaWorks Italia
Communication, Crossmedia, Advertising, IT. Visual, Graphic and Web Design.
-
-
-
- James Spencer
- Preeminent Rocketeer
- Posts: 46340
- Thanks: 50
- Kinda reminds me of news.zdnet.com/2100-1009_22-6223836.html
- James Spencer / Developer & Support / Hull, UK
-
-
-
- Mack
- Elite Rocketeer
- Posts: 535
- Thanks: 0
-
James S! wrote:
Kinda reminds me of news.zdnet.com/2100-1009_22-6223836.htmlWindows Explorer, one of the most crucial components of Microsoft's operating system, was quarantined earlier this week after being falsely identified as malicious code by an antivirus company.
Now if we could only get all the virus companies to classify Internet Explorer as "malicious code" we'd be making some progress.
-
-
-
- Max Miecchi
- Elite Rocketeer
- Posts: 905
- Thanks: 0
- MediaWorks
-
The virus is identified as a JS/Downloader.Agent. It's a Trojan Horse that downloads malicious files from Web sites and executes them.
The heuristic was not set, it was simply intercepted and recognized as an infection. - Last Edit: 16 years 11 months ago by Max Miecchi.
-
MediaWorks Worldwide
MediaWorks Italia
Communication, Crossmedia, Advertising, IT. Visual, Graphic and Web Design.
-
-
-
- Max Miecchi
- Elite Rocketeer
- Posts: 905
- Thanks: 0
- MediaWorks
- -
- Last Edit: 15 years 11 months ago by Max Miecchi.
-
MediaWorks Worldwide
MediaWorks Italia
Communication, Crossmedia, Advertising, IT. Visual, Graphic and Web Design.
-
-
-
- Max Miecchi
- Elite Rocketeer
- Posts: 905
- Thanks: 0
- MediaWorks
-
Well, something very, very strange is happening.
Yesterday I was posting the same virus warning at Joomla.org forum.
First the post was removed by one of the moderators. Then I reposted it to another subforum, and one of the administrators took it seriously, so it was moved to the security forum.
Later I tried to login again at Joomla.org forum: after a few minutes my IP (visible only by modetarors and administrators) was attacked by a process that was taking full control of my computer, so that I had to force the shutdown. It created a bunch of files in my Temporary Internet Folder. AVG was identifying some of them as potentially dangerous but was not able to delete them. I could delete the temporary files only restarting the computer in safe mode.
Then I went again to the forum, creating another account. For 2 hours I didn't have any problem. So I posted a report about what happened in the SAME security forum. Again, after 5 minutes, my IP was attacked (it's a dynamic IP, so if I restart my router it changes everytime).
Same kind of attack.
Again, I created another account and posted a NEW report about this situation.
Well, today, blocking the cookies and all the script from that site, simply entering the forum at joomla.org without logging in, but with the same IP of yesterday, I got a JS/Psyme virus, coming from an external site (vertuslkj.com/check).
I have no intention to use that forum again for some time, so I please if someone is in contact with joomla.org administrators, warn them about a potential internal danger.
P.S.: I didn't and don't have any kind of problems remaining connected for weeks and visiting hundreds of other sites. - Last Edit: 16 years 11 months ago by Max Miecchi.
-
MediaWorks Worldwide
MediaWorks Italia
Communication, Crossmedia, Advertising, IT. Visual, Graphic and Web Design.
-
Time to create page: 0.060 seconds