- Status
Hey guys - I inquired about the status, and yes! We’ve found the problem and believe we’ve eradicated it. Thanks for all the feedback and such – it was really helpful.
-dh
-dh
doublehelix":d3n1q8jx said:
The eradication efforts seems to have worked. I've not seen a re-occurance.
Actually, I still think there are issues. When I logged into SDC this morning, I was inundated with virus alerts. I was on for about 2 hours before logging into SDC and the virus detection didn't occur until I entered SDC.
I also got a virus alert, bearack. I'm running a scan and will give Josh the log. So, we're in the process of troubleshooting this. Stay tuned, and apologies for this most recent virus issue.
-dh
-dh
I really hope you guys can get hold of this because SDC is one of the primary sites I chose to visit, however, if my work laptop continues to get attacked, I'll be forced to visit other, more secure sites or quit surfing between algorithm runs all together.
bearack":1oqcw55f said:
Let me add that surfing while at work is barely tolerated, should a site become a "known" infection hazard it'll get blocked by the employer for sure. And I'm sure that applies to many employers.
Mee_n_Mac":17sucbqd said:
Agreed. My last infections I played dumb to prevent SDC from being black listed, however, If I do get infected again, there will be no other options. I can't afford to have down time (with laptop getting reimaged all the time) and my company is flexible with my surfing, considering there are times I'm waiting two hours at a time for a program to complete running.
Please keep me posted with Log Files to my new address: jborglund@techmedianetwork.com. I have a test box that runs 24/7 with a refresh program refreshing every 10 seconds in both IE and Firefox. I have yet to pick anything up with a 10 second refresh over the course of a month. This little box does nothing but re-load pages every ten seconds.
I would like to view some more logs with complete details, including files names that have been dropped. You can block out your usernames if you wish, as that has no relevance to what we are searching. I have been working diligently to help resolve the issue, but have yet to see anything come out yet. Those of you that have submitted your logs, thank you, it has been a great help.
As stated earlier, this is very sporadic, and does not target all, its seems just whatever it can catch.
A tip for those of you that get a pop up. Do not click the X or cancel, let alone the OK button. The developers of the malicious software have gotten sneaky. Usually , the entire pop-up window is now a giant "OK" button, so no matter where you click, it will attempt to install. Right click your task bar, click task manager, then click on the processes tab, right click "iexplore.exe"/Firefox.exe" and click "end Process Tree" This will just kill the browser outright. This is the safest method of removing the pop-up window without risking the chance of it installing malicious software.
Please keep up the community effort in resolving this issue. The more input we have on a problem of this nature, the better chance we have at squashing it.
I would like to view some more logs with complete details, including files names that have been dropped. You can block out your usernames if you wish, as that has no relevance to what we are searching. I have been working diligently to help resolve the issue, but have yet to see anything come out yet. Those of you that have submitted your logs, thank you, it has been a great help.
As stated earlier, this is very sporadic, and does not target all, its seems just whatever it can catch.
A tip for those of you that get a pop up. Do not click the X or cancel, let alone the OK button. The developers of the malicious software have gotten sneaky. Usually , the entire pop-up window is now a giant "OK" button, so no matter where you click, it will attempt to install. Right click your task bar, click task manager, then click on the processes tab, right click "iexplore.exe"/Firefox.exe" and click "end Process Tree" This will just kill the browser outright. This is the safest method of removing the pop-up window without risking the chance of it installing malicious software.
Please keep up the community effort in resolving this issue. The more input we have on a problem of this nature, the better chance we have at squashing it.
CONGRATULATIONS!
I know everyone has worked hard but, it's finally happened.
SDC's forums are now on the "attack site" list:
(click for fullscreen)
That means that just about every browser except IE8 is going to flag the site thanks to http://stopbadware.org/ and Google.
Google's info for SDC's forums does not reflect actually finding any problems. The last scan on the report page was 4/01. Stopbadware.org gets the information from Google so I there's a snafu somewhere.
Check here: http://www.google.com/safebrowsing/diag ... .space.com
Webmaster - Contact Google to request a rescan or that they send an updated correction to stopbadware.org.
Currently, none of SDC's pages are showing up in their own clearing house if one performs a search here:
http://stopbadware.org/home/reportsearch
Their resolver for SDC host AS#s doesn't seem to be working so I don't know if they have been reported or not. (AS6315 (XMISSION), AS4136 (QUALITYTECH))
But, Google reports for these hosts are:
http://www.google.com/safebrowsing/diag ... te=AS:6315
http://www.google.com/safebrowsing/diag ... te=AS:4136
They DO show reports for some hosted sites.
So, somewhere, somebody goofed. Unless, of course, I have some weird bug I don't know about...
PS - It's not my cookies, btw. Just wanted to make that clear. It's still showing up.
I know everyone has worked hard but, it's finally happened.
SDC's forums are now on the "attack site" list:
(click for fullscreen)
That means that just about every browser except IE8 is going to flag the site thanks to http://stopbadware.org/ and Google.
Google's info for SDC's forums does not reflect actually finding any problems. The last scan on the report page was 4/01. Stopbadware.org gets the information from Google so I there's a snafu somewhere.
Check here: http://www.google.com/safebrowsing/diag ... .space.com
Webmaster - Contact Google to request a rescan or that they send an updated correction to stopbadware.org.
Currently, none of SDC's pages are showing up in their own clearing house if one performs a search here:
http://stopbadware.org/home/reportsearch
Their resolver for SDC host AS#s doesn't seem to be working so I don't know if they have been reported or not. (AS6315 (XMISSION), AS4136 (QUALITYTECH))
But, Google reports for these hosts are:
http://www.google.com/safebrowsing/diag ... te=AS:6315
http://www.google.com/safebrowsing/diag ... te=AS:4136
They DO show reports for some hosted sites.
So, somewhere, somebody goofed. Unless, of course, I have some weird bug I don't know about...
PS - It's not my cookies, btw. Just wanted to make that clear. It's still showing up.
Yesterday. I was able to log into the home page with out any issues. but everytime i tried to go to community.. Avg blocked it. two different warnings. i never could get in. today everythings back to normal.
Thanks, guys - we're definitely aware and are working to resolve the problem. And yes, IE works to access the site. When I get an update, I'll pass it on.
Apologies for the hassle. I know how frustrating this can be. I'll be in touch.
-dh
Apologies for the hassle. I know how frustrating this can be. I'll be in touch.
-dh
space.com login reported as a firefox attack site
Firefox (3.6.2 is my current version) has the ability to block reported attack sites, including legit sites that use adverts that have malware. This effort is found at stopbadware.org. Space.com seems to be a reported attack site, which prevents one from logging into the forums. While you can ignore the first warning and thus go on to type in your login info, sending it results in a second warning and ignoring this one results in a space.com DB error which seems to be getting caused by the attack-site blocking.
If IE (7) has similar capacity, it's not getting tripped in my case.
Firefox (3.6.2 is my current version) has the ability to block reported attack sites, including legit sites that use adverts that have malware. This effort is found at stopbadware.org. Space.com seems to be a reported attack site, which prevents one from logging into the forums. While you can ignore the first warning and thus go on to type in your login info, sending it results in a second warning and ignoring this one results in a space.com DB error which seems to be getting caused by the attack-site blocking.
If IE (7) has similar capacity, it's not getting tripped in my case.
From what I can gather, many of the recent attacks of hostageware through advertising can be tracked back to what is now being called:
"Internet Security 2010"
Removal instructions can be found here along with a download for an automated removal tool:
http://www.2-spyware.com/remove-interne ... -2010.html
There are many variants as they are being modified as fast as they can be tracked and neutralized. It's probable its a Russian hacker group that's mobile and very difficult to track.
"Internet Security 2010"
Removal instructions can be found here along with a download for an automated removal tool:
http://www.2-spyware.com/remove-interne ... -2010.html
There are many variants as they are being modified as fast as they can be tracked and neutralized. It's probable its a Russian hacker group that's mobile and very difficult to track.
Smersh":1v17i2f6 said:
I err on the side of extreme cautiousness, using the task manager to shut down Explorer and the involved window.
drwayne":2by2cmcs said:
That's the only way to avoid possible infection - Shut it down using the task manager. Otherwise, clickthru exploits will install it if any action is tried directly on the popup.
That's always been my method as well.
BTW, as a test, I've had the main SDC window up for 2 days straight now with no problems.
BTW, as a test, I've had the main SDC window up for 2 days straight now with no problems.
MeteorWayne":fzb4l1ks said:
Depending upon how the ads are served, you may need to refresh the page to get new ads.
MeteorWayne":1q1dp13s said:
What I've noticed is that it doesn't seem to be much of any issue once your able to enter the site. In my cases, the attack only happens after reentering the site the following day. I don't think running the puter constantly will net any results, yet, I'm guessing at this point.
Granted, I had no issues this morning.
I haven't seen it in a couple of weeks. I wonder if the advertizer who might have been hijacked found
what was going on and corrected it?
what was going on and corrected it?
- Status
TRENDING THREADS
-
-
A video made by me about space and the loneliness in the universe- Started by drakotol
- Replies: 54
-
SETI chief says US has no evidence for alien technology. 'And we never have- Started by Admin
- Replies: 11
-
Latest posts
-
-
Question Recommendations for International Research Competitions- Latest: Andrii Dzygunenko
-
-
-
-
Facebook
Twitter
Instagram