NOTICE: Possible trojan on C&F
- Dale
- The Landlord
- Posts: 10293
- Joined: Wed May 16, 2001 6:00 pm
- Please enter the next number in sequence: 1
- Location: Chiff & Fipple's LearJet: DaleForce One
- Contact:
NOTICE: Possible trojan on C&F
A few minutes ago I got an email from a user who believes she picked up the trojan Bloodhound 131 on this forum. I've asked Rich to look into it. At this point, I can't be sure if the problem rests in the forum code. I don't know enough about this at this point to tell you much more. I believe it may be true that this only affects Windows users using IE, but I'm not sure. In the meantime, you may want to stay off the board for awhile, or you may want to be sure you're antivirus stuff is updated and proceed. I'll keep you posted. As a precaution, I'm going to create a thread on the external poli board and I'll post an update there when I learn more about it. Those of you who want to stay off this board until the possible problem is resolved can check that forum and get updates.
I may be overreacting, but given my ignorance about this, seems like a good idea.
http://cnfpoli.informe.com/
I may be overreacting, but given my ignorance about this, seems like a good idea.
http://cnfpoli.informe.com/
- crookedtune
- Posts: 4255
- Joined: Sun Jan 08, 2006 7:02 pm
- antispam: No
- Please enter the next number in sequence: 8
- Location: Raleigh, NC / Cape Cod, MA
- Joseph E. Smith
- Posts: 13780
- Joined: Sat Mar 06, 2004 2:40 pm
- antispam: No
- Location: ... who cares?...
- Contact:
- gonzo914
- Posts: 2776
- Joined: Thu May 16, 2002 6:00 pm
- Please enter the next number in sequence: 1
- Location: Near the squiggly part of Kansas
Trend Micro Office scan says it's EXPL_EXECOD.A I get a virus alert when I bring up a chiff page.
Last edited by gonzo914 on Sat Apr 07, 2007 9:19 am, edited 1 time in total.
Crazy for the blue white and red
Crazy for the blue white and red
And yellow fringe
Crazy for the blue white red and yellow
Crazy for the blue white and red
And yellow fringe
Crazy for the blue white red and yellow
Bloodhound is a trojan that uses an exploit in Microsoft' animated cursors. It has been all over the news this week.
I haven't seen any use of animated cursors on this site.
Info from Symantec
"Bloodhound.Exploit.131 is a heuristic detection for a zero-day vulnerability affecting Microsoft Animated Cursor (ANI) file parsers (as described in Bugtraq ID 23194). The exploit can be triggered by viewing an HTML page referencing an ANI file in a vulnerable version of Internet Explorer.
Applies to: Internet Explorer 6, Internet Explorer 7"
Microsoft have already released a patch to cover the hole.
Mukade
I haven't seen any use of animated cursors on this site.
Info from Symantec
"Bloodhound.Exploit.131 is a heuristic detection for a zero-day vulnerability affecting Microsoft Animated Cursor (ANI) file parsers (as described in Bugtraq ID 23194). The exploit can be triggered by viewing an HTML page referencing an ANI file in a vulnerable version of Internet Explorer.
Applies to: Internet Explorer 6, Internet Explorer 7"
Microsoft have already released a patch to cover the hole.
Mukade
- raindog1970
- Posts: 1175
- Joined: Tue Jun 26, 2001 6:00 pm
- antispam: No
- Please enter the next number in sequence: 12
- Location: Sparta, Tennessee
I had to remove that very trojan from my PC twice yesterday before I downloaded the security update from Microsoft.
I wondered where I kept picking it up, as I only visited Hotmail, CNN, TV Guide Online, and here.
I wondered where I kept picking it up, as I only visited Hotmail, CNN, TV Guide Online, and here.
Regards,
Gary Humphrey
♪♣♫Humphrey Whistles♫♣♪
[Raindogs] The ones you see wanderin' around after a rain. Ones that can't find their way back home. See the rain washes off the scent off all the mail boxes and the lamposts, fire hydrants. – Tom Waits
Gary Humphrey
♪♣♫Humphrey Whistles♫♣♪
[Raindogs] The ones you see wanderin' around after a rain. Ones that can't find their way back home. See the rain washes off the scent off all the mail boxes and the lamposts, fire hydrants. – Tom Waits
- greenspiderweb
- Posts: 1974
- Joined: Sat Jan 24, 2004 5:23 pm
- antispam: No
- Please enter the next number in sequence: 10
- Location: SE PA near Philly
Or at least a good Virus Protection software-McAfee picked the trojan up for me 3 times yesterday as I was trying to access Chiff, and my updates on Windows are automatic, so that update should have been already in place, but I guess it wasn't.Dale wrote:In the meantime, Firefox is probably a good idea.
Glad to see we're back in business now!
~~~~
Barry
Barry
I think it's highly suspicious that this sort of thing should come right after everyone was discussing antivirus software . . . hmmm . . .
My Symantec blocked it three times yesterday. It attempted to enter my system every time I clicked on a new thread.
Look:
Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KX2V0LAJ\ifr[1].htm
Risk category: Virus
Overall Risk Impact: High
Click for more information about this risk : Downloader
Action taken: Blocked
Discovered: June 8, 2001
Updated: February 13, 2007 11:50:11 AM
Type: Trojan Horse
Infection Length: varies
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Downloader connects to the Internet and downloads other Trojan horses or components.
Downloader does the following:
Goes to a specific Web or FTP site that its author created and attempts to download new Trojans, viruses, worms, or their components.
After the Trojan downloads the files, it executes them.
Note: Virus definitions dated June 1, 2006 or earlier may detect this threat as Download.Trojan.
ProtectionVirus Definitions (LiveUpdate™ Weekly) June 13, 2001
Virus Definitions (Intelligent Updater) June 11, 2001
Threat AssessmentWildWild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
DamageDamage Level: Low
DistributionDistribution Level: Low
Downloader does the following:
Goes to a specific Web or FTP site that its author created and attempts to download new Trojans, viruses, worms, or their components.
After the Trojan downloads the files, it executes them.
My Symantec blocked it three times yesterday. It attempted to enter my system every time I clicked on a new thread.
Look:
Source: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KX2V0LAJ\ifr[1].htm
Risk category: Virus
Overall Risk Impact: High
Click for more information about this risk : Downloader
Action taken: Blocked
Discovered: June 8, 2001
Updated: February 13, 2007 11:50:11 AM
Type: Trojan Horse
Infection Length: varies
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Downloader connects to the Internet and downloads other Trojan horses or components.
Downloader does the following:
Goes to a specific Web or FTP site that its author created and attempts to download new Trojans, viruses, worms, or their components.
After the Trojan downloads the files, it executes them.
Note: Virus definitions dated June 1, 2006 or earlier may detect this threat as Download.Trojan.
ProtectionVirus Definitions (LiveUpdate™ Weekly) June 13, 2001
Virus Definitions (Intelligent Updater) June 11, 2001
Threat AssessmentWildWild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
DamageDamage Level: Low
DistributionDistribution Level: Low
Downloader does the following:
Goes to a specific Web or FTP site that its author created and attempts to download new Trojans, viruses, worms, or their components.
After the Trojan downloads the files, it executes them.
Cotelette d'Agneau