Beware:
I just accessed the BAA site, and got a notice that said "unable to display content, click here to download necessary component" (paraphrasing) and MS Security Essentials jumped in and said it's a trojan....
It's "TrojanDownloader: Java/exdoer"
Thankfully, the Virus software caught and removed it.
more info here:
http://www.microsoft.com/security/porta ... 2147644716 <http://www.microsoft.com/security/porta ... 2147644716>
DO NOT CLICK ON LINKS TO DOWNLOAD SOFTWARE FROM THE BAA SITE!
[Fixed] Virus on BAA Site Alert!
- Elmo Zoneball
- Posts: 132
- Joined: Sat Aug 22, 2009 3:31 pm
- Organization: SAE
- Graduation Year: 1979
- Location: Bottom of Flagstaff, watching the chute, collecting samples...
[Fixed] Virus on BAA Site Alert!
"I love the smell of solvents in the morning -- they smell like... victory."
- swiftsam
- Site Admin
- Posts: 172
- Joined: Sat Sep 13, 2008 10:33 am
- Organization: Fringe
- Graduation Year: 2004
- Real Name: Sam Swift
- Location: NYC
- Contact:
Re: VIRUS ON BAA SITE ALERT!
Thanks for the warning, I'm looking into it now. If anyone else noticed anything out of the ordinary, please post it here to help me figure out what's going on.
- Elmo Zoneball
- Posts: 132
- Joined: Sat Aug 22, 2009 3:31 pm
- Organization: SAE
- Graduation Year: 1979
- Location: Bottom of Flagstaff, watching the chute, collecting samples...
Re: VIRUS ON BAA SITE ALERT!
It appeared when I clicked on the PiKA news story.
I'm using Firefox 3.6.1.6 on XP SP3....
I'm using Firefox 3.6.1.6 on XP SP3....
"I love the smell of solvents in the morning -- they smell like... victory."
-
- Posts: 8
- Joined: Wed Oct 28, 2009 10:00 pm
- Organization: SigNu
- Graduation Year: 2012
- Real Name: Mike S
Re: VIRUS ON BAA SITE ALERT!
This.Elmo Zoneball wrote:It appeared when I clicked on the PiKA news story.
Took me 2 hours of combing through regedit to clean my computer. Looks like this virus downloads a fake "Total Win 7 Security 2011" onto your compute.
Managed to bypass my antivirus. Posting from FF 4.0.1 on Windows 7.
- swiftsam
- Site Admin
- Posts: 172
- Joined: Sat Sep 13, 2008 10:33 am
- Organization: Fringe
- Graduation Year: 2004
- Real Name: Sam Swift
- Location: NYC
- Contact:
Re: VIRUS ON BAA SITE ALERT!
Thanks to those that quickly let me know that there seemed to be a problem yesterday, and I am super sorry to anyone that got something nasty from our site.
Thanks to people's feedback, I was able to find and remove malicious code and then put the server into a lock-down sort of a mode. We may have to have some down-time as I wipe and rebuild things, but pending any more trouble I think that can wait until things slow down on the site.
Don't hesitate to post here or email admin@cmubuggy.org if you notice anything else amiss.
Thanks to people's feedback, I was able to find and remove malicious code and then put the server into a lock-down sort of a mode. We may have to have some down-time as I wipe and rebuild things, but pending any more trouble I think that can wait until things slow down on the site.
Don't hesitate to post here or email admin@cmubuggy.org if you notice anything else amiss.
-
- Posts: 238
- Joined: Tue Oct 28, 2008 6:40 pm
- Organization: CIA
- Graduation Year: 2000
- Real Name: Shafeeq S
Re: Virus on BAA Site Alert!
Symantec AV is still reporting "Web Attack: Malicious ToolKit Iframe Injection 3" on http://www.cmubuggy.org
http://www.symantec.com/business/securi ... asid=24175
I'm guessing this is the first stage of tricking people into downloading the virus.
http://www.symantec.com/business/securi ... asid=24175
I'm guessing this is the first stage of tricking people into downloading the virus.
- swiftsam
- Site Admin
- Posts: 172
- Joined: Sat Sep 13, 2008 10:33 am
- Organization: Fringe
- Graduation Year: 2004
- Real Name: Sam Swift
- Location: NYC
- Contact:
Re: [Fixed] Virus on BAA Site Alert!
Ok, I thought I had it beat the first time, now I think it's kicked for real, we're back in business.
Again, I am super sorry to those who downloaded something unpleasant from the site, and I appreciate those that alerted me to the problem. If you think you may have clicked "yes" to a plugin/java/extension type of request from your browser while on cmubuggy yesterday or thursday, you should run a virus scan.
If you're the computer/details type, it seems we had a case of the awkwardly-named "jfgjfr5jdfj.vv.cc Malware" which got in through an exploit in wordpress on a different domain on my server. I did a complete wipe of my server, reinstalled everything and carefully copied the content back on, scanning every line of code for the malicious bits. That said, let me know if you see anything funky going on.
Again, I am super sorry to those who downloaded something unpleasant from the site, and I appreciate those that alerted me to the problem. If you think you may have clicked "yes" to a plugin/java/extension type of request from your browser while on cmubuggy yesterday or thursday, you should run a virus scan.
If you're the computer/details type, it seems we had a case of the awkwardly-named "jfgjfr5jdfj.vv.cc Malware" which got in through an exploit in wordpress on a different domain on my server. I did a complete wipe of my server, reinstalled everything and carefully copied the content back on, scanning every line of code for the malicious bits. That said, let me know if you see anything funky going on.
- Elmo Zoneball
- Posts: 132
- Joined: Sat Aug 22, 2009 3:31 pm
- Organization: SAE
- Graduation Year: 1979
- Location: Bottom of Flagstaff, watching the chute, collecting samples...
Re: [Fixed] Virus on BAA Site Alert!
Thanks.
"I love the smell of solvents in the morning -- they smell like... victory."
- janicesg
- Posts: 37
- Joined: Fri Oct 10, 2008 11:49 am
- Organization: Fringe
- 2nd Organization: Sweepstakes
- Graduation Year: 2001
- Real Name: Janice (Golenbock) Schneekloth
- Location: CT/NYC
Re: [Fixed] Virus on BAA Site Alert!
thanks, Sam, for all the work you do on this site, and for how quickly you got it back up and running! Good thing this didn't happen 2 weeks ago!
Janice (Golenbock) Schneekloth
BAA Chairman 2010-2012
Sweepstakes Chair 2002-2004
Fringe Driver 1998-2002
BAA Chairman 2010-2012
Sweepstakes Chair 2002-2004
Fringe Driver 1998-2002
-
- Posts: 238
- Joined: Tue Oct 28, 2008 6:40 pm
- Organization: CIA
- Graduation Year: 2000
- Real Name: Shafeeq S
Re: [Fixed] Virus on BAA Site Alert!
Thanks again, Sam for fixing this, at a time when you have a ton of other important stuff to deal with!