A site to share your favorite websites, music, videos, blogs, myspaces, and news. All content is user submitted and voted on by the users. All you have to do is sign up for free and start posting your favorite content. Go to http://www.ytudfo.us
Warning: Trojan
heh yeah reported a while ago…
edit: heh, i geuss not…
what we can’t posts other sites here for ppl to look at?
Posting links to other wesites is fine, however, the site you posted tries to install a trojan. That is not cool.
There’s no trojan on my site, your computer may be mistaking my php scripts as a trojan, idk.
lol. Didn’t notice. I have a mac…
Yeah, but seriously. If there is a trojan installer, this isn’t cool.
Jacob
I have restored this thread. I also use a Mac and therefore do not see Trojans. I did however go to the site using my PC and found no issues. Sorry for the rush to act.
I’m just wondering why those people thought it had a trojan…
Norton Antivirus stopped an attack from your site. The domain for the trojan is 86.39.128.144 and is considered a high threat for PC’s. That is where we are getting that idea.
EDIT: I just went back to the site and Norton did not react again. I am guessing that whatever it is only happens every now and then.
Well, I emailed my host, hopefully they’ll be able to fix this problem.
Just so you know…
McAfee also throws up a serious warning, giving me the following information:
Potential Malicious ANI File Detected, Exploit-ANIfile.c
Potential Unsafe Script Detected, JS/Exploit-BO.gen
Seems like these are all proactive types of warnings/protections, there are very few actual exploits in the wild for the types of operating system vulnerabilities being detected. However, I would remove the offending files/scripts as it will deter people from visiting your site.
-Danny
I have no access to those files, I didn’t put them on there, it must be a problem with my site host, i emailed them and right now they’re contacting their system administrator.
from my host…
We have conducted a detailed investigation on how a windows based trojan
could infect a Linux based web server and wish to explain in detail what
happens and what’s the current status of your web site.
Linux and Windows are two entirely different operating systems, with
different architecture, file system, etc., but to put something in common
between them let’s say that both have executable files. Those are entirely
different types of files from the one system to the other.
Windows executables cannot be run on linux based machines. If they are
execute they will not produce any meaningful result. What Windows virus and
trojans do is to try and invect and Windows binary (executable).
When run, the infected binary does its nasty things and eventually spreads
through the network in an active internet connection is found.
The Windows binaries cannot be run and executed on Linux based machine and
thus have no effect.
Now back to the problem - as I’ve mentioned we’ve done an investigation and
it turns out that the issue is connected to a virus, for the Windows
operating system. Detailed information about the virus can be found at:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=62158
We did some tests with Windows based machines and it turned out that
machines that have not been updated with the latest patches from the
microsoft web site are susceptible to this virus. We then updated the test
machine and the same behaviour was not observed. During the past 24 hours
we’ve had a few other cases with similar sympthoms to your case.
We downloaded the file from the remote server that actually holds the virus
and upond testing it, it confirmed our observations:
$ wget -S http://86.39.128.144/download/167212/file.jpg
$ file file.jpg
file.jpg: RIFF (little-endian) data, animated cursor
What’s the most odd thing in the whole situation is that even a Linux based
desktop will display the text in the top left corner of the page as well.
After a refresh of the page though the text disappears. We’ve run antivirus
scan on all the machine but we were unable to find event a hint of a virus
on any of the servers. We’ve determined that the virus is actually a
javascript insert into the page. It does nothing malicious but display the
ugly text in the top left corner of the page.
Unfortunately we still don’t have a permanent solution on how to prevent
this. We are continuing our investigation and have also asked for support
the RedHat developers. We hope that we will be able to fix the problem in
the next 24 - 48 hours.