I’m still getting it at work. But not at home.
Okay so I’ve noticed it has a popup now to some mystery page (blank – i close it before it loads).
I got a pop up too. Different site:
http://iijyjcthr.com/ld/ment/
Not much info from Norton or anyother sites after a Google search:
https://safeweb.norton.com/report/show?name=iijyjcthr.com
yup thats the one
Its funny that I stumble onto this thread a couple days late. Im running FF and AVG free. Somehow still got that popup then shortly after reboot got a very nice blue screen stating a critical error just after booting into windows.
Formatted and the problem is gone but its scary to think that a forum could be infected in such a way.
I clicked a link one time and something popped up from Norton saying removing threats…
I don’t rmb what it was called, but I rmb it being a trojan though.
I realize I did not take enough precautionary actions that I should have which resulted in this mess.
A few things to note.
-
Our forum is running on 3.7.1
-
vBulletin recentlly released a new build (3.8.1) that fixes an exploit that is likely the cause of this all happening in the first place. More on this here
-
What the above hijack to our scripts did is it injected Javascript code which caused any click in the browser to open a new window that takes you to a URL that launched the attack.
The attack is caused by a recent PDF exploit, as seen here.
In a few moments i will be patching SON to latest build. Hopefully this keeps us clean (even though we’ve been safe for a few days now since I manually removed the problem)
I got this in the afternoon
same here, it’s the same thing happening again…:\
Please report which page you were on if it’s still happening to you. The page will be shown in the URL (eg. forums/showthread.php, forums/index.php, etc.)
I’m running in circles here looking for something that doesn’t exist. Help me out.
bahah thats what ya’ll get for using windows
No problems at all for me I’m using debian linux and mac osx.
Today.
Everyone getting these needs to do a full scan on their system.
The trojan might have been on your box already and you are using an infected version of Internet Explorer.
I have been using FF lately and haven’t had any problems.
Gonad, I was using FF when it came up.
Seems ok right now…
yeah, this is NOT a browser issue
it’s actually a pretty serious problem
it involves PDFs and an exploit found in unpatched versions of adobe reader/acrobat
SON was just the launching platform, since it serves visitors a redirect to the exploit
why /how SON got compromised in that way is currently being looked into
in the mean time, UPDATE YOUR ADOBE READER / ACROBAT
I personally use FoxIt Reader ( super fast, and it doesn’t stay in memory like Acrobat :ugh: ). Google it and download it. I believe Foxit resolved the exploit issue.
Just because I find Mac users elitests
APPLE
128GB Solid State Drive [Add $450.00]
256GB Solid State Drive [Add $900.00]DELL
Ultra Performance: 128GB Solid State Drive [add $270 or $6/month1]
Ultra Performance: 256GB Solid State Drive [add $430 or $11/month1]
http://store.apple.com/us/configure/MB419LL/A?mco=NDE4Mzg5MA
Memory
* 4GB 1066MHz DDR3 SDRAM - 2x2GB
* 8GB 1066MHz DDR3 SDRAM - 2x4GB [Add $1,000.00]
(And that’s not an additional 8GB ram - it’s going from 4GB to 8GB
To add to Gonad’s reply…
he speaks the truth. i work in these facilities installing infrastructure. it’s literally giant rooms filled with row upon row, stack upon stack of servers and crap.
i don’t know shit about computers, i just install support racks and stuff. but those places kinda freak me out in a way. Big Brother is watching!
PS i never once got any of these pop-ups or redirects or trojans or anything being mentioned in this thread. today was the first i’d heard of it! and i check SON daily. shrugs
Yep same here. FF and IE.