Virus Alert - Trojan posted on MSE

Amilucky?

VIRUS ALERT!!!

just a heads up if anyone has clicked on any of the "Download Buyer" threads posted on the Competitions Time Forum

E: dupe Win £5,000 software prizes - daily winners (Advent) posted 02/12

E: Win £5,000 software prizes - daily winners (Advent) posted 02/12

the threads have now been removed after I reported it

there was a hidden image file and script in the threads which contained a link to the following
HTML/Iframe.B.Gen virus which is a trojan

The IFrame.B.Gen virus is mostly in the HTML or PHP code.... we cannot see it because it's hidden - mostly this wirus is a hyperlink to some web-page in china

details of the virus can be found here
http://sunbeltsecurity.com/threatdis...7BE18ED199BC9B

if you have clicked on the links in the threads you might be infected please run anti-virus on you computer to check for infection

[STRIKE]this appears to be another serious breach of MSE security as the thread was active since the 2nd of December[/STRIKE]

it makes me wonder does MSE scan the threads on the forums for virus's and Trojans and malicious links and if they do why was the link to the Trojan on the thread for nearly 5 day's and not picked up by there software and deleted :mad:

Amilucky?

This appears to be more serious than I first thought as the HTML/Iframe.B.Gen virus\Trojan appears to be associated with HACKERS!

interesting post here
http://www.todleho.com/ppl/blog/view/id_162/title_Got-infected-with-%22HTML-Iframe-B-Gen-virus%22-but/

Hmm! I wonder if there any more malicious links that have been inserted into HTML or PHP code on MSE that have not been detected

fermi

Why would that be a breach of MSE security?

Any (non new) member can post a link to any external site that they wish. It's not MSE's responsibility to vet and virus scan every external site that may have a link posted to it. Plus I can't imagine it would be practical to do so, even if possible.

If you see a link that leads to somewhere dubious or potentially harmful, then please report it so it can be removed.

Amilucky?

fermi wrote: »

Why would that be a breach of MSE security?

Because the malicious link and code was hidden in the MSE thread links HTML or PHP code and cannot be seen by MSEr's but only detected by Anti-virus software

and it appears to be an iframe injection script virus/trojan and is associated with stealing FTP passwords and user-names

fermi

Amilucky? wrote: »

Because the malicious link and code is hidden and cannot be seen by MSEr's but only detected by Anti-virus software

I've looked at the Google cache of the removed post, and there is no hidden link to a trojan or iframe exploit in the BBcode post source or resulting HTML

However, even if there was, it's not a security breach of MSE.

The image used by the person for the software box was grabbed from a warez site. So that is probably what a confused virus scanner is picking up? Not actually anything harmful itself.

As said, anyone can post a link. If you see one you think is dodgy, then report it.

Amilucky?

fermi wrote: »

I've looked at the Google cache of the removed post, and there is no hidden link to a trojan or iframe exploit in the BBcode post source or resulting HTML

However, even if there was, it's not a security breach of MSE.

The image used by the person for the software box was grabbed from a warez site. So that is probably what a confused virus scanner is picking up? Not actually anything harmful itself.

As said, anyone can post a link. If you see one you think is dodgy, then report it.

What image? there is no image in the cached file and the link that they posted to http://www.downloadbuyer.com/advent is ok

the malicious link was hidden in the MSE post

fermi

Yes there is an image.

The image that they used for the software box was this:

[noparse]http://warezfans.com/images/netobjects-fusion-11-ultimate-edition.jpg[/noparse]

There are also 2 other image links in the post that fail to display as the url hasn't been formatted properly.

Not because they are malicious, but as whoever posted the thread clearly messed them up and started again but didn't erase the failed link.

There is no "hidden" malicious link.

fermi

Amilucky?

fermi wrote: »

Yes there is an image.

The image that they used for the software box was this:

[noparse]http://warezfans.com/images/netobjects-fusion-11-ultimate-edition.jpg[/noparse]

There are also 2 other image links in the post that fail to display as the url hasn't been formatted properly.

Not because they are malicious, but as whoever posted the thread clearly messed them up and started again but didn't erase the failed link.

There is no "hidden" malicious link.

Ok thanks Ferni

guess that I couldn't see the image because my Anti-Virus blocked it

apologies for jumping to conclusions but I guess it's better to be safe than sorry

I will strike out the part in my post

[STRIKE]this appears to be another serious breach of MSE security as the thread was active since the 2nd of December[/STRIKE]

Best of Luck

fermi

Oh, agreed. It's better that a false positive is reported rather than your virus scanner missing something that it should have picked up.

It was mainly the "security breach" claim that I was objecting to.

Rather than what this appears to be, which is just someone grabbing some images/links from a dodgy site in their haste to post the comp.