Jump to content

DRAGONMOUNT

A WHEEL OF TIME COMMUNITY

DON'T GO TO OUR HOME!!! ROKA!!!


Canukistani

Recommended Posts

  • 2 weeks later...

I get this:

 

2/28/2008 3:04:04 PM:

 

HTML/TrojanClicker.IFrame.AG trojan connection terminated - quarantined LAPTOP\Admin

 

Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

 

stupid viruses. Y'all should get your computers checked.

Link to comment
Share on other sites

You know what, CP's right.

 

It looks like someone managed to inject code into the page calling for the browser to open a malicious website and try to hack the visitor's computer. The malicious site itself has been taken offline, but the harmless code injection residue is still around, and CP's anti-virus caught it.

 

Apparently what infected the SG website (among many others on the Internet) is being called the Argentina Attack, since the malicious website was based in Argentina.

 

This is the URL that gets injected into the web pages:

 

usuarios.arnet.com.ar/alvarezluque/morgan.html

 

Of course, it is now offline, but I still de-linkified it. Apparently that particular server houses many users of questionable scruples, so I wouldn't recommend browsing around or you might find another with viruses or malware attached.

 

This is the Google search that yields information about the attack and possibilities for fixing the server:

 

http://www.google.com/search?q=usuarios.arnet.com.ar%2Falvarezluque

 

This is a page that talks about a WordPress plugin that may have been one method the hacker used to infect websites. It's possible the SG website has a similarly vulnerable plugin if it runs off WordPress:

 

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2007-05/msg00010.html

 

It is highly recommended that the server admin check the PHP files, any CMS system files and their plugins, and the database itself to try to find where this code is getting injected from and clean it.

 

Failing surgical removal, other admins have had to request a rollback to a previous site/database backup in order to get rid of the problem.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...