Get this folks...

Glad to oblige...

 

Lol it is much appreciated

Im quite interested to see if there is any more news on it. Call it morbid, but I want to know what effect this malware has had.

 

I would guess that most of the 'effect' was to knock Alwil's credibility. It had the desired effect on me anyway - brought me back here! And I'm happy with what I find...NOD32 AV Beta is running sweetly so far...

 

I find that you just cannot beat NOD... for me anyway. It is always a matter of opinion. I would love to install the beta, but im waiting for the internal error problem to be sorted.

Sorry for the off topic mods!

Anyway, back on topic, its doing the job for me, because it is still there! Surely it should be fixed by now! Just take the forums offline for a bit!

 

It is still infected.

 

Now getting a "404 Not Found" error when attempting to visit. Firefox and IE7.

 

Norton is also showing it as infected.

 

And now (linking from the Avast home page) "Down for Maintenance."

 

Interesting, but I don't see it as hurting their credibility. Maybe their pride, but Avast did detect it right? Even banks and Government sites get hacked. Anyways, it's good to see it reported and it's getting fixed.

 

True...and yes, it did...

 

Thanks JeremyWW, It's good to see Avast caught it. I wish I saw this post earlier so I could try my setup in shadow mode. It's not often one gets to see malware without looking for it. Good find

 

Yep, cheers Jeremy

As has been said, at least now it is being fixed. And maybe they will consider measures to prevent it happening again.

 

Here's a screen capture of mediacount.net:

 

I just had an e-mail from Alwil. It's anonymous - obviously - but states what's happening:

"We found that software used to run forum on our pages is vulnerable and have to be changed/updated (but there is probably no update available for this code inhections exploit). We have to find the best solution to this problem. The forum will be off until the solution will be found."

 

JeremyWW - I am a fairly regular poster on the avast! forum and have not received that email. Given that it was sent anonymously I would question its source.

 

Sorry, my post was confusing - I meant I was quoting it here anonymously. I know precisely who it's from. I was the first one to notify them directly by e-mail last night which is why I've had the dialogue with them. I suggest you e-mail them at 'virus at avast dot com', and ask for an explanation, as I did.

 

It is down for maintenance now.

 

My mistake ...

I emailed one of the developers last evening (without asking for a response) so at least you and I are trying to accomplish the same thing. Its interesting that this attack started at the beginning of the weekend when staff would be low. But I'm sure they'll get it sorted.

 

Visited te link with IE7, Opera and FF.

hxxp://mediacount. net /strong/ 020sdsfg/

I get it with all.

 

mediacount is Storm Worm (WORM/Zhelatin / Nuwar) site.

 

aigle,
Have you tried visiting the site with IE GeSWall'ed (to track the flow of events)?

 

Nothing was executed on my system.
I stopped on this message. GW log is attached.

 

That page is trying to install/run a MDAC component? Interesting.

 

This is really scary.... I hope I wasn't infected.

 

Whilst it might be an embarrassment to have the forum software hacked through a vulnerability, at no time were avast users vulnerable to the attack. As has been said avast detected the infection.

Whilst Firefox and Opera weren't vulnerable to the attach, those with IE or an IE clone, would have had the Web Shield block the attempt to infect.

I too got an email from one of the Alwil team as l too reported it to avast, so it would apear that only those who contacted avast like JeremyWW got an email.