View previous topic :: View next topic |
Author |
Message |
Eddie W Alfa 33
Joined: 31 Jul 2003 Posts: 375 Location: new zealand
|
Posted: Thu Jan 20, 2005 10:01 am Post subject: Frightening Experience |
|
|
Hi guys, yesterday I logged into the chatroom for a quick browse when all hell broke loose. I got weird headings and couldn't get to the forum index itself. Our Norton Antivirus kicked in and fought a Matrix style running battle with a virus called Bloodhound Exploit 18.
The virus kept opening new windows on the forum and Norton was shutting them down as quick as they appeared . I was helpless, as soon as I tried to shut the window the virus removed the option and was trying to download at the same time. I couldn't even log off as that was prevented too.
Fortunately Norton( cheer, cheer, cheer) was fighting the battle for me.
After what seemed like ages it gave the all clear. I had to close 8 windows that had been opened in the battle.
Has anybody ever had a similar experience? I found it it bloody scary.(no pun intended)
Regards Eddie _________________ A LITTLE FURTHER A LITTLE FASTER |
|
Back to top |
|
|
Keith Not Logged In Guest
|
Posted: Thu Jan 20, 2005 10:19 am Post subject: |
|
|
Hi
Yes, somehow our web space got screwed up, with just about every php or html file screwed up. Something basically stuck a pair IFRAME tags at the top of each of them, calling a pair of php modules (and each page on here could have several php modules). These modules seem to have been designed to cause a buffer problem with IE (you are fine with Opera, you just get the screwed up formatting), a known problem which I am not sure if M$ have fixed yet. I have got rid of all the ones I can find, but am still not 100% confident. I will probably do a major upgrade in the next couple of days.
Not a clue how this has happened. Both the machines we use for updating anything on this server scanned clean (and both are running Norton).
Sorry about all this. If anyone can tell me when they first had the problem then I would like to know.
All the best
keith |
|
Back to top |
|
|
paulhide P4
Joined: 20 Dec 2003 Posts: 1607 Location: Oh Beautiful Billingham
|
Posted: Thu Jan 20, 2005 10:20 am Post subject: |
|
|
Yep definite problems yesterday as I assume for everyone else as there were no posts put up. Was it definitely a virus though? Just got a white series two 1700 up and running for £250 for my girlfriend through AROC 33 registrar Dave Peters to add to my other three. These cars are seriously good value. _________________ Owner's Club 33 Registrar. Now from P4 & S2 1.7 QV
http://www.alfa-pages.co.uk/viewtopic.php?t=5188 |
|
Back to top |
|
|
Admin Site Admin
Joined: 19 Feb 2003 Posts: 1223 Location: Stafford, UK
|
Posted: Thu Jan 20, 2005 11:33 am Post subject: |
|
|
Hi
The problem with the board was virus related, but not sure how it got there.
As far as we can make out the Bloodhound virus is designed to cause buffer problems with IE, and then possibly result in control of that PC being given to a 3rd party. Once with this control they could access functions on the PC (possibly including the ftp client) and use that to update files on the server.
One thing that is noticeable is that the date / time stamps of the corrupted files on the server had not been changed.
Not sure about Firefox users but with Opera it still worked fine (I generally use Opera).
All the best
Keith |
|
Back to top |
|
|
Laki Alfasud
Joined: 06 Sep 2004 Posts: 74 Location: Ljubjana
|
Posted: Thu Jan 20, 2005 3:41 pm Post subject: |
|
|
Norton is worth sh*t ...Use quickheal nad pest Patrol ....curently best combination. I am working in comp. company and we get a lot of PC with simular problems....oh or you could use bitdefender _________________ -- ALFA ROMEO 33 Q4 --
|
|
Back to top |
|
|
Ben_nz Gold Cloverleaf
Joined: 30 Sep 2003 Posts: 575 Location: Auckland, New Zealand
|
Posted: Fri Jan 21, 2005 7:28 am Post subject: |
|
|
Eddie rang me at work to warn me about the virus on the forum, and when I got home I visited it anyway. There was obviously something wrong, lots of gobbledygook at the top of every page, but I wasn't attacked - I use Opera.
I learnt a while ago that trusting Internet Explorer (or Microsoft in general) makes trusting an Alfa Romeo look like an entirely sensible idea. |
|
Back to top |
|
|
chrisc not logged in Guest
|
Posted: Fri Jan 21, 2005 11:16 am Post subject: phpbb virus |
|
|
There is a recent virus going around attacking phpbb boards that is probably the one mentioned. The fix is to use the latest version of phpbb |
|
Back to top |
|
|
|