Son launching Trojans? Apps?

I’m still getting it at work. But not at home.

Okay so I’ve noticed it has a popup now to some mystery page (blank – i close it before it loads).

I got a pop up too. Different site:

http://iijyjcthr.com/ld/ment/

Not much info from Norton or anyother sites after a Google search:

https://safeweb.norton.com/report/show?name=iijyjcthr.com

yup thats the one

Its funny that I stumble onto this thread a couple days late. Im running FF and AVG free. Somehow still got that popup then shortly after reboot got a very nice blue screen stating a critical error just after booting into windows.

Formatted and the problem is gone but its scary to think that a forum could be infected in such a way.

I clicked a link one time and something popped up from Norton saying removing threats…
I don’t rmb what it was called, but I rmb it being a trojan though.

I realize I did not take enough precautionary actions that I should have which resulted in this mess.

A few things to note.

  • Our forum is running on 3.7.1

  • vBulletin recentlly released a new build (3.8.1) that fixes an exploit that is likely the cause of this all happening in the first place. More on this here

  • What the above hijack to our scripts did is it injected Javascript code which caused any click in the browser to open a new window that takes you to a URL that launched the attack.

The attack is caused by a recent PDF exploit, as seen here.

In a few moments i will be patching SON to latest build. Hopefully this keeps us clean (even though we’ve been safe for a few days now since I manually removed the problem)

I got this in the afternoon

http://iijyjcthr.com/cgi-bin/index.cgi?mentat

same here, it’s the same thing happening again…:\

Please report which page you were on if it’s still happening to you. The page will be shown in the URL (eg. forums/showthread.php, forums/index.php, etc.)

I’m running in circles here looking for something that doesn’t exist. Help me out.

bahah thats what ya’ll get for using windows :stuck_out_tongue:

No problems at all for me I’m using debian linux and mac osx.

http://for777daily.com/479/

Today.

Everyone getting these needs to do a full scan on their system.

The trojan might have been on your box already and you are using an infected version of Internet Explorer.

I have been using FF lately and haven’t had any problems.

Gonad, I was using FF when it came up.

Seems ok right now…

yeah, this is NOT a browser issue

it’s actually a pretty serious problem

it involves PDFs and an exploit found in unpatched versions of adobe reader/acrobat

SON was just the launching platform, since it serves visitors a redirect to the exploit

why /how SON got compromised in that way is currently being looked into

in the mean time, UPDATE YOUR ADOBE READER / ACROBAT

Updated Adobe, scanned entire system.

Still got:

http://bgiyjcthr.com/cgi-bin/index.cgi?mentat

I personally use FoxIt Reader ( super fast, and it doesn’t stay in memory like Acrobat :ugh: ). Google it and download it. I believe Foxit resolved the exploit issue.

Just because I find Mac users elitests :rofl:

APPLE
128GB Solid State Drive [Add $450.00]
256GB Solid State Drive [Add $900.00]

DELL
Ultra Performance: 128GB Solid State Drive [add $270 or $6/month1]
Ultra Performance: 256GB Solid State Drive [add $430 or $11/month1]

http://store.apple.com/us/configure/MB419LL/A?mco=NDE4Mzg5MA

Memory
* 4GB 1066MHz DDR3 SDRAM - 2x2GB
* 8GB 1066MHz DDR3 SDRAM - 2x4GB [Add $1,000.00]

(And that’s not an additional 8GB ram - it’s going from 4GB to 8GB

To add to Gonad’s reply…

he speaks the truth. i work in these facilities installing infrastructure. it’s literally giant rooms filled with row upon row, stack upon stack of servers and crap.

i don’t know shit about computers, i just install support racks and stuff. but those places kinda freak me out in a way. Big Brother is watching!

PS i never once got any of these pop-ups or redirects or trojans or anything being mentioned in this thread. today was the first i’d heard of it! and i check SON daily. shrugs

Yep same here. FF and IE.