Mark H Posted May 12, 2006 Share Posted May 12, 2006 It looks as though this site was attacked using an exploit. This allowed them to to upload some code to insert a link to a site containing a trojan downloader. 99% of the files are now gone and I think the exploit is now closed. Please post to this thread if you notice anything odd. If you want to be 100% safe it wouldnt hurt to run a virus scan on your pc, a free online one is based here: http://housecall.trendmicro.com/ I will post more later but as you can guess I'm kinda busy right now BTW - The wiki will be down while I upgrade it. Link to comment Share on other sites More sharing options...
Martin R Posted May 12, 2006 Share Posted May 12, 2006 You are certainly on the ball Mark. I was on MLOC at about 7pm when my Norton anti virus detected a Trojan horse apparently. The computer started doing a few odd things. I turned it off and back on and run a virus scan. The Norton has deleted it now apparently. I though you were on the case as MLOC was then down. Link to comment Share on other sites More sharing options...
Steve R Posted May 12, 2006 Share Posted May 12, 2006 Thxs Beefcake for the info. Got to admit I've had few trojans found on my PC over the last week aswell. Just upgraded my Norton tonight too but old version seemed to find it fine. Link to comment Share on other sites More sharing options...
Tango190 Posted May 12, 2006 Share Posted May 12, 2006 Avast picked up something and knobbed it off about .... 4pm to 6pm whatever my last session was. Something to do with an advert Mark ?? Bob Link to comment Share on other sites More sharing options...
Mark H Posted May 12, 2006 Author Share Posted May 12, 2006 Yep thats the one, the site they pointed to was this: Domain Name: TRAFF4ALL.BIZDomain ID: D12492352-BIZ Sponsoring Registrar: ONLINENIC, INC. D/B/A CHINA-CHANNEL.COM Sponsoring Registrar IANA ID: 82 Domain Status: ok Registrant ID: OLNIC26296630 Registrant Name: D B Kog Registrant Organization: D B Kog Registrant Address1: Pobedi -3 Registrant City: Omsk Registrant State/Province: Omsk Registrant Postal Code: 4214523 Registrant Country: Russian Federation Registrant Country Code: RU Registrant Phone Number: +7.3412453452 Registrant Facsimile Number: +7.3412453452 Registrant Email: [email protected] Administrative Contact ID: OLNIC26296630 Administrative Contact Name: D B Kog Administrative Contact Organization: D B Kog Administrative Contact Address1: Pobedi -3 Administrative Contact City: Omsk Administrative Contact State/Province: Omsk Administrative Contact Postal Code: 4214523 Administrative Contact Country: Russian Federation Administrative Contact Country Code: RU Administrative Contact Phone Number: +7.3412453452 Administrative Contact Facsimile Number: +7.3412453452 Administrative Contact Email: [email protected] Billing Contact ID: OLNIC26296630 Billing Contact Name: D B Kog Billing Contact Organization: D B Kog Billing Contact Address1: Pobedi -3 Billing Contact City: Omsk Billing Contact State/Province: Omsk Billing Contact Postal Code: 4214523 Billing Contact Country: Russian Federation Billing Contact Country Code: RU Billing Contact Phone Number: +7.3412453452 Billing Contact Facsimile Number: +7.3412453452 Billing Contact Email: [email protected] Technical Contact ID: OLNIC26296630 Technical Contact Name: D B Kog Technical Contact Organization: D B Kog Technical Contact Address1: Pobedi -3 Technical Contact City: Omsk Technical Contact State/Province: Omsk Technical Contact Postal Code: 4214523 Technical Contact Country: Russian Federation Technical Contact Country Code: RU Technical Contact Phone Number: +7.3412453452 Technical Contact Facsimile Number: +7.3412453452 Technical Contact Email: [email protected] Name Server: NS2.ALLCOUNT.NET Name Server: NS1.GAME4ALL.BIZ Created by Registrar: ONLINENIC, INC. D/B/A CHINA-CHANNEL.COM Last Updated by Registrar: ONLINENIC, INC. D/B/A CHINA-CHANNEL.COM Domain Registration Date: Sat Feb 18 11:33:52 GMT 2006 Domain Expiration Date: Sat Feb 17 23:59:59 GMT 2007 Domain Last Updated Date: Thu May 11 18:10:39 GMT 2006 >>>> Whois database was last updated on: Fri May 12 22:27:53 GMT 2006 <<<< NeuLevel, Inc., the Registry Operator for .BIZ, has collected this information for the WHOIS database through an ICANN-Accredited Registrar. This information is provided to you for informational purposes only and is designed to assist persons in determining contents of a domain name registration record in the NeuLevel registry database. NeuLevel makes this information available to you "as is" and does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data: (1) to allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone; (2) in contravention of any applicable data and privacy protection acts; or (3) to enable high volume, automated, electronic processes that apply to the registry (or its systems). Compilation, repackaging, dissemination, or other use of the WHOIS database in its entirety, or of a substantial portion thereof, is not allowed without NeuLevel's prior written permission. NeuLevel reserves the right to modify or change these conditions at any time without prior or subsequent notification of any kind. By executing this query, in any manner whatsoever, you agree to abide by these terms. NOTE: FAILURE TO LOCATE A RECORD IN THE WHOIS DATABASE IS NOT INDICATIVE OF THE AVAILABILITY OF A DOMAIN NAME. Link to comment Share on other sites More sharing options...
Martin R Posted May 12, 2006 Share Posted May 12, 2006 D B Kog in the Russian Federation Its a long way to send the boys round Link to comment Share on other sites More sharing options...
Mark H Posted May 12, 2006 Author Share Posted May 12, 2006 The FAQ wiki is back up and running now Link to comment Share on other sites More sharing options...
Simon V Posted May 13, 2006 Share Posted May 13, 2006 Yep, my weekly viruscan on McAfee picked up my infection too - file deleted. Cheers Mark. Link to comment Share on other sites More sharing options...
ankh Posted May 13, 2006 Share Posted May 13, 2006 Bummer, Can anyone tell me what the Trojan was and it's target OS (I assume just Windows). Thx. Rich Link to comment Share on other sites More sharing options...
Mark H Posted May 13, 2006 Author Share Posted May 13, 2006 It was a Microsoft Windows only trojan. More details here: http://securityresponse.symantec.com/avcen...byteverify.html If you had a patched Windows it wouldnt be affected even if the trojan downloaded as Microsoft released a patch for the exploit used back in April. Link to comment Share on other sites More sharing options...
MattyB Posted May 13, 2006 Share Posted May 13, 2006 My forum was hit with the same thing too. I had an Admin user called "Wax" created, all templates were modified with a forwarding <iframe> entry and ever single user was emailed and PM'd with the link to the virus. Nasty bugger. Link to comment Share on other sites More sharing options...
Steve J Posted May 13, 2006 Share Posted May 13, 2006 Got hit by this yesterday about 3pm. Wa replying on a thread using my company laptop when all hell broke loose. End result is that it's deleted my SOPHOS antivirus and killed off Outlook. I can't use my laptop now till I can get it into the office for IT to look at. No work on Monday then Link to comment Share on other sites More sharing options...
Mark H Posted May 13, 2006 Author Share Posted May 13, 2006 heh glad we could be of service Serves them right for giving you such duff antivirus software and not keeping Windows updated Matty B, luckily what we had wasnt as serious as that. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.