Unsafe Site Again??

[Rage9]

*infected* with what exactly? Is there still an internet explorer hole where simply viewing a site installs something onto your system?

According to my scanning software they saying:
Exploit:Java/CVE-2008-5353.B
Trojan:Java/Selac.A
Trojan:Java/Classloader.T
Trojan:Java/Bytverify
Trojan:Java/Selac.B
Exploit:Win32/Pdfjsc.EM

Running Firefox 3.6.2 the newest version which was released today.

Tipped me off when I browsed to WF and I had a weird PDF opened up. I was like fuuuuuuccck!

 

[guerilla]

PM admins when you see stuff like this. They are the only ones who can address it.

 

[Corey]

So were they not getting through with OpenX last time?

The last IFRAME exploit was hxxp://tracker.ads.is/stats?counter=43.

 

[kblessinggr]

hxxp://ads.fake-isp.com/stats?counter=43 is what goes into the iframe.

Yes real smart actively linking to it again, its the links that trigger google to flag the site.

 

[BrynYoungblut]

It just f'd up my PC on firefox at about 4:15...was an easy fix in safe mode but a pain in the ass none the less.

 

[Stanley]

PM admins when you see stuff like this. They are the only ones who can address it.

Shoot me or Brandon a PM whenever you see shit like this.

I took it out but I need to investigate how it got through.

 

[kblessinggr]

According to my scanning software they saying:
Exploit:Java/CVE-2008-5353.B
Trojan:Java/Selac.A
Trojan:Java/Classloader.T
Trojan:Java/Bytverify
Trojan:Java/Selac.B
Exploit:Win32/Pdfjsc.EM

Running Firefox 3.6.2 the newest version which was released today.

Tipped me off when I browsed to WF and I had a weird PDF opened up. I was like fuuuuuuccck!

Oh... that explains why I didn't see anything (and didn't see the warning cuz it hasn't downloaded the latest block list yet).

I always have "Java" turned off, its not something NoScript will prevent, its a Java exploit, not Javascript. Usually just updating your system's Java Runtime Environment will fix most of the exploits in the wild. But people seem to update less than they do windows itself.

 

[roclafamilia]

Soo...i'm pretty sure i'm up to date with java on my computer...how would i tell if i got infected?

 

[nvanprooyen]

I scanned with Malwarebytes and it didn't find anything. What did you scan w/ Rage?

 

[Corey]

I always have "Java" turned off, its not something NoScript will prevent, its a Java exploit, not Javascript. Usually just updating your system's Java Runtime Environment will fix most of the exploits in the wild. But people seem to update less than they do windows itself.

NoScript will prevent the IFRAME from loading.

 

[Rage9]

I always have "Java" turned off, its not something NoScript will prevent, its a Java exploit, not Javascript. Usually just updating your system's Java Runtime Environment will fix most of the exploits in the wild. But people seem to update less than they do windows itself.

I have the latest Java Runtime Environment.

 

[BrynYoungblut]

Soo...i'm pretty sure i'm up to date with java on my computer...how would i tell if i got infected?

You wouldn't be able to load any page but the purchase "anti virus" virus software.

 

[mGrunin]

 

[Sonny Forelli]

any OSX concerns?

 

[kblessinggr]

any OSX concerns?

from the trojan details looks like it only affects windows, since the resulting infection can only run on windows.

 

[Jizzlobber]

Yes I had a tab open and didn't quite catch it in time. I saw something was up and shutdown FF with taskmanager. Then did some checks. This one will go after your Malwarebytes and/or virus scanners ability to update itself. So I would check those installations. Also my findings:

Eset Nod32 deleted the JS/Exploit.Agent.NBA trojan.

Malwarebytes picked up the following registry changes:

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cvepjusd (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cvepjusd (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

 

[Garrett]

OsX FTW

 

[Sonny Forelli]

from the trojan details looks like it only affects windows, since the resulting infection can only run on windows.

thanks

(just to be safe I'm sitting here wearing a condom, I'll take it off now)

 

[Rage9]

I scanned with Malwarebytes and it didn't find anything. What did you scan w/ Rage?

The Microsoft Essentials scanner.

 

[ly2 from WF]

god damnit man, I just reformatted this fucker and I didn't get my nod32 installed yet

FUCK