Get this folks...

Discussion in 'malware problems & news' started by JeremyWW, Aug 24, 2007.

Thread Status:
Not open for further replies.
  1. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    And where will the next vulnerability be David? If they can hack the forum, what else can they hack...? I am not 'attacking' Alwil here - I've not yet heard of this happening to a 'Security Company' - my confidence is down. I am not currently running Avast!

    In my view they should now send a 'mass mail shot' to every Forum user with a brief but understandable explanation.

    Jeremy
     
  2. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    This was my experience when attempting to visit the forum using IE; the Avast webshield blocked it.

    Personally my confidence in Avast is unchanged. So the forum had a vulnerability, OK, not the best, but look at (a) how quickly it was fixed, and (b) the somewhat ironic fact of the associated AV being able to block it.

    Remember when Castlecops was down not so long ago following a large DOS attack. Hardly a security company, but really at least as serious a contender in the anti-malware brigade as any AV vendor, I would think.

    I do agree the avast team should send a mass email to the forum users.
     
  3. bob3160

    bob3160 Registered Member

    Joined:
    Jan 23, 2006
    Posts:
    18
    Location:
    USA
    It wasn't avast! or Alwil that had a vulnerability.
    It was the forum software that had a problem.
    It was avast! that stopped the vulnerability from infecting the members system.

    The only thing they need to do is post an explanation on either their website or the forum itself. IMHO :)
     
  4. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782

    I agree.
     
  5. DavidR

    DavidR Registered Member

    Joined:
    Sep 28, 2005
    Posts:
    6
    Location:
    United Kingdom
    Well I don't speculate on what the next vulnerability might be in the Simple Machines forum software, considering this is the first occasion this has happened in the three and a half years I have been on the forums. Even though the iframe injection was there in the PHP forum software, avast did after all detect it with the web shield so it was intercepted before it got on to any users system.

    I'm not in favour of mass mailings, you would have to send an email to 34,684 members, the current number and not all of those will be active and those that are will probably be aware of it.

    So I too feel a notification in the forums would suffice.
     
  6. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    site's back up. :D
     
  7. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    OK, Agree. Mass email would be a bit ott I guess.
     
  8. MrFlibble

    MrFlibble Registered Member

    Joined:
    Feb 8, 2006
    Posts:
    6
    avast! detected the exploit served up to IE users, but not that fed to Firefox users.

    ~Virustotal results removed per forum policy....Bubba~

    Aigle, who reported the shellcode.gen malware on the site previously, was using AntiVir, one of few AV's to detect this. The exploit doesn't seem to affect current versions of Firefox, so up-to-date users will not have been infected, but may find the malware in their Firefox cache in later scans (for example with AVG Anti-Spyware) or their own AV if and when the malware is added.
     
    Last edited by a moderator: Aug 26, 2007
  9. MrFlibble

    MrFlibble Registered Member

    Joined:
    Feb 8, 2006
    Posts:
    6
    Ok, 'scuse my ignornace, but where exactly can I find this rule that I can't post Virus Total results??
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    https://www.wilderssecurity.com/showthread.php?t=180057
     
  11. MrFlibble

    MrFlibble Registered Member

    Joined:
    Feb 8, 2006
    Posts:
    6
    Thank you.

    I would suggest that it would be a common courtesy to new users to point out such rulings when imposing them.

    In this particular case, I think to apply that rule was silly, because I was not trying to point score about which AV is better or worse than another, but to inform other forum members about the nature of the malware infecting the avast ! website for a short period, to raise the issue of whether Firefox users might have been at risk from malware specifically served up to Firefox users and to let forum members know that they might detect malware in their browser cache with subsequent scans by other products, and indeed might be at risk of having been infected if they were using an out-of-date an vulnerable browser.

    What was the nature of the Trojan? Which browsers was it targeted at? What exploits did it use? Which other commonly used anti-malware programs might detect this malware?

    These are questions that without the Virus Total information cannot be answered, so anybody interested will just have to trundle over to the avast! forum were the same results are still available.
     
  12. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    621
    Just for your information, the Firefox script that was present on the hacked forum was just a downloader of a malicious executable. That executable was being detected by avast, though - so the situation was quite similar to the IE case (no danger).

    Fortunately.

    Thanks,
    Vlk
     
  13. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    The moral of this tale is to don't go to forums or you will catch a communicable virus. :D ;) :rolleyes:
     
  14. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    :D :D :D roflol....good one!!!
     
  15. Straight Shooter

    Straight Shooter Registered Member

    Joined:
    Jun 13, 2006
    Posts:
    108
    I distinctly remember something about Kaspersky being hacked once...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.