Alfa Pages

Eddie W · Posted: Thu Jan 20, 2005 10:01 am Post subject: Frightening Experience

Hi guys, yesterday I logged into the chatroom for a quick browse when all hell broke loose. I got weird headings and couldn't get to the forum index itself. Our Norton Antivirus kicked in and fought a Matrix style running battle with a virus called Bloodhound Exploit 18.
The virus kept opening new windows on the forum and Norton was shutting them down as quick as they appeared . I was helpless, as soon as I tried to shut the window the virus removed the option and was trying to download at the same time. I couldn't even log off as that was prevented too.
Fortunately Norton( cheer, cheer, cheer) was fighting the battle for me.
After what seemed like ages it gave the all clear. I had to close 8 windows that had been opened in the battle.
Has anybody ever had a similar experience? I found it it bloody scary.(no pun intended)
Regards Eddie
_________________
A LITTLE FURTHER A LITTLE FASTER

Keith Not Logged In · Guest

Hi

Yes, somehow our web space got screwed up, with just about every php or html file screwed up. Something basically stuck a pair IFRAME tags at the top of each of them, calling a pair of php modules (and each page on here could have several php modules). These modules seem to have been designed to cause a buffer problem with IE (you are fine with Opera, you just get the screwed up formatting), a known problem which I am not sure if M$ have fixed yet. I have got rid of all the ones I can find, but am still not 100% confident. I will probably do a major upgrade in the next couple of days.

Not a clue how this has happened. Both the machines we use for updating anything on this server scanned clean (and both are running Norton).

Sorry about all this. If anyone can tell me when they first had the problem then I would like to know.

All the best

keith

paulhide · Posted: Thu Jan 20, 2005 10:20 am Post subject:

Yep definite problems yesterday as I assume for everyone else as there were no posts put up. Was it definitely a virus though? Just got a white series two 1700 up and running for £250 for my girlfriend through AROC 33 registrar Dave Peters to add to my other three. These cars are seriously good value.
_________________
Owner's Club 33 Registrar. Now from P4 & S2 1.7 QV
http://www.alfa-pages.co.uk/viewtopic.php?t=5188

Admin · Posted: Thu Jan 20, 2005 11:33 am Post subject:

Hi

The problem with the board was virus related, but not sure how it got there.

As far as we can make out the Bloodhound virus is designed to cause buffer problems with IE, and then possibly result in control of that PC being given to a 3rd party. Once with this control they could access functions on the PC (possibly including the ftp client) and use that to update files on the server.

One thing that is noticeable is that the date / time stamps of the corrupted files on the server had not been changed.

Not sure about Firefox users but with Opera it still worked fine (I generally use Opera).

All the best

Keith

Laki · Alfasud Joined: 06 Sep 2004 Posts: 74 Location: Ljubjana

Norton is worth sh*t ...Use quickheal nad pest Patrol ....curently best combination. I am working in comp. company and we get a lot of PC with simular problems....oh or you could use bitdefender
_________________
-- ALFA ROMEO 33 Q4 --

Ben_nz · Posted: Fri Jan 21, 2005 7:28 am Post subject:

Eddie rang me at work to warn me about the virus on the forum, and when I got home I visited it anyway. There was obviously something wrong, lots of gobbledygook at the top of every page, but I wasn't attacked - I use Opera. Cool

I learnt a while ago that trusting Internet Explorer (or Microsoft in general) makes trusting an Alfa Romeo look like an entirely sensible idea.

chrisc not logged in · Guest

There is a recent virus going around attacking phpbb boards that is probably the one mentioned. The fix is to use the latest version of phpbb