SUBSIM Radio Room Forums - View Single Post - FAO NEAL: Reported Attack Site? Anyone else getting this too?

polyfiller · 10-20-10, 02:38 PM

Just to add my epxerience and some structure to the reporting of this issue;

Browser Used : IE V 8.0.6001.18702
Antivirus Used : Avira
Browser protection : IE settings + Spybot S&D

Error / attack reported by : Avira

Message : Threat detected in two temporary internent explorer files (can't repeat just now, will post message when I do). One talked about windows_securitycheck.exe in the temproary internet files folder.

Link Error encountered from : Multiple;

http://www.subsim.com/radioroom/index.php and
http://www.subsim.com/radioroom/forumdisplay.php?f=234

Error occurs each time link is used : NO

Action taken : selected deny access and delete from the Avira pop window and continued to browse the pages.

Now given the above, and other posts I think we can deduce;

1) Issue is NOT isolated to Firefox therefore ...
2) There is an issue (maybe attack, maybe false positive) with content delivered when clicking the links.
3) Given post above about cleaning up computer after impact and my own experiences with a windows securtiy check type attack earlier this year (did not have to re-install, but by golly it took some cleaning up)... I do not intend to test and allow the suspected threat files to execute.
4) OK, because we do not know whether or not this is a false positive or a seriously malicous package, then I think anyone who is turning down their FF security levels to access the site and who is not getting any additional protection / popup messages may be sailing a little too close to the wind.... may therefore be prudent to run some additional malware / antivirus scans on your machines.

On the basis of some experience in this space, and the fact the attack does nto appear each time a link is selected, then it is unlikely to be the core message board content or code. Not many attacks embed themselves in the message board code without attacking every time a link is selected. My best guess here is an advertising link where the advertiser content is infected. I reckon it's just a case of figuring which one.

10-20-10, 02:38 PM	#103
polyfiller Weps Join Date: Sep 2005 Posts: 356 Downloads: 40 Uploads: 0	Just to add my epxerience and some structure to the reporting of this issue; Browser Used : IE V 8.0.6001.18702 Antivirus Used : Avira Browser protection : IE settings + Spybot S&D Error / attack reported by : Avira Message : Threat detected in two temporary internent explorer files (can't repeat just now, will post message when I do). One talked about windows_securitycheck.exe in the temproary internet files folder. Link Error encountered from : Multiple; http://www.subsim.com/radioroom/index.php and http://www.subsim.com/radioroom/forumdisplay.php?f=234 Error occurs each time link is used : NO Action taken : selected deny access and delete from the Avira pop window and continued to browse the pages. Now given the above, and other posts I think we can deduce; 1) Issue is NOT isolated to Firefox therefore ... 2) There is an issue (maybe attack, maybe false positive) with content delivered when clicking the links. 3) Given post above about cleaning up computer after impact and my own experiences with a windows securtiy check type attack earlier this year (did not have to re-install, but by golly it took some cleaning up)... I do not intend to test and allow the suspected threat files to execute. 4) OK, because we do not know whether or not this is a false positive or a seriously malicous package, then I think anyone who is turning down their FF security levels to access the site and who is not getting any additional protection / popup messages may be sailing a little too close to the wind.... may therefore be prudent to run some additional malware / antivirus scans on your machines. On the basis of some experience in this space, and the fact the attack does nto appear each time a link is selected, then it is unlikely to be the core message board content or code. Not many attacks embed themselves in the message board code without attacking every time a link is selected. My best guess here is an advertising link where the advertiser content is infected. I reckon it's just a case of figuring which one.