We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Virus Alert - Trojan posted on MSE
Options

Amilucky?
Posts: 13,794 Forumite


VIRUS ALERT!!!
just a heads up if anyone has clicked on any of the "Download Buyer" threads posted on the Competitions Time Forum
E: dupe Win £5,000 software prizes - daily winners (Advent) posted 02/12
E: Win £5,000 software prizes - daily winners (Advent) posted 02/12
the threads have now been removed after I reported it
there was a hidden image file and script in the threads which contained a link to the following
HTML/Iframe.B.Gen virus which is a trojan
The IFrame.B.Gen virus is mostly in the HTML or PHP code.... we cannot see it because it's hidden - mostly this wirus is a hyperlink to some web-page in china
details of the virus can be found here
http://sunbeltsecurity.com/threatdis...7BE18ED199BC9B
if you have clicked on the links in the threads you might be infected please run anti-virus on you computer to check for infection
[STRIKE]this appears to be another serious breach of MSE security as the thread was active since the 2nd of December[/STRIKE]
it makes me wonder does MSE scan the threads on the forums for virus's and Trojans and malicious links and if they do why was the link to the Trojan on the thread for nearly 5 day's and not picked up by there software and deleted :mad:
just a heads up if anyone has clicked on any of the "Download Buyer" threads posted on the Competitions Time Forum
E: dupe Win £5,000 software prizes - daily winners (Advent) posted 02/12
E: Win £5,000 software prizes - daily winners (Advent) posted 02/12
the threads have now been removed after I reported it

there was a hidden image file and script in the threads which contained a link to the following
HTML/Iframe.B.Gen virus which is a trojan
The IFrame.B.Gen virus is mostly in the HTML or PHP code.... we cannot see it because it's hidden - mostly this wirus is a hyperlink to some web-page in china
details of the virus can be found here
http://sunbeltsecurity.com/threatdis...7BE18ED199BC9B
if you have clicked on the links in the threads you might be infected please run anti-virus on you computer to check for infection
[STRIKE]this appears to be another serious breach of MSE security as the thread was active since the 2nd of December[/STRIKE]
it makes me wonder does MSE scan the threads on the forums for virus's and Trojans and malicious links and if they do why was the link to the Trojan on the thread for nearly 5 day's and not picked up by there software and deleted :mad:
0
Comments
-
This appears to be more serious than I first thought as the HTML/Iframe.B.Gen virus\Trojan appears to be associated with HACKERS!
interesting post here
http://www.todleho.com/ppl/blog/view/id_162/title_Got-infected-with-%22HTML-Iframe-B-Gen-virus%22-but/
Hmm! I wonder if there any more malicious links that have been inserted into HTML or PHP code on MSE that have not been detected0 -
Why would that be a breach of MSE security?
Any (non new) member can post a link to any external site that they wish. It's not MSE's responsibility to vet and virus scan every external site that may have a link posted to it. Plus I can't imagine it would be practical to do so, even if possible.
If you see a link that leads to somewhere dubious or potentially harmful, then please report it so it can be removed.Free/impartial debt advice: National Debtline | StepChange Debt Charity | Find your local CAB
IVA & fee charging DMP companies: Profits from misery, motivated ONLY by greed0 -
Why would that be a breach of MSE security?
Because the malicious link and code was hidden in the MSE thread links HTML or PHP code and cannot be seen by MSEr's but only detected by Anti-virus software
and it appears to be an iframe injection script virus/trojan and is associated with stealing FTP passwords and user-names0 -
Because the malicious link and code is hidden and cannot be seen by MSEr's but only detected by Anti-virus software
I've looked at the Google cache of the removed post, and there is no hidden link to a trojan or iframe exploit in the BBcode post source or resulting HTML
However, even if there was, it's not a security breach of MSE.
The image used by the person for the software box was grabbed from a warez site. So that is probably what a confused virus scanner is picking up? Not actually anything harmful itself.
As said, anyone can post a link. If you see one you think is dodgy, then report it.Free/impartial debt advice: National Debtline | StepChange Debt Charity | Find your local CAB
IVA & fee charging DMP companies: Profits from misery, motivated ONLY by greed0 -
I've looked at the Google cache of the removed post, and there is no hidden link to a trojan or iframe exploit in the BBcode post source or resulting HTML
However, even if there was, it's not a security breach of MSE.
The image used by the person for the software box was grabbed from a warez site. So that is probably what a confused virus scanner is picking up? Not actually anything harmful itself.
As said, anyone can post a link. If you see one you think is dodgy, then report it.
What image? there is no image in the cached file and the link that they posted to http://www.downloadbuyer.com/advent is ok
the malicious link was hidden in the MSE post0 -
Yes there is an image.
The image that they used for the software box was this:
[noparse]http://warezfans.com/images/netobjects-fusion-11-ultimate-edition.jpg[/noparse]
There are also 2 other image links in the post that fail to display as the url hasn't been formatted properly.
Not because they are malicious, but as whoever posted the thread clearly messed them up and started again but didn't erase the failed link.
There is no "hidden" malicious link.Free/impartial debt advice: National Debtline | StepChange Debt Charity | Find your local CAB
IVA & fee charging DMP companies: Profits from misery, motivated ONLY by greed0 -
Free/impartial debt advice: National Debtline | StepChange Debt Charity | Find your local CAB
IVA & fee charging DMP companies: Profits from misery, motivated ONLY by greed0 -
Yes there is an image.
The image that they used for the software box was this:
[noparse]http://warezfans.com/images/netobjects-fusion-11-ultimate-edition.jpg[/noparse]
There are also 2 other image links in the post that fail to display as the url hasn't been formatted properly.
Not because they are malicious, but as whoever posted the thread clearly messed them up and started again but didn't erase the failed link.
There is no "hidden" malicious link.
Ok thanks Ferni
guess that I couldn't see the image because my Anti-Virus blocked it
apologies for jumping to conclusions but I guess it's better to be safe than sorry
I will strike out the part in my post[STRIKE]this appears to be another serious breach of MSE security as the thread was active since the 2nd of December[/STRIKE]0 -
Oh, agreed. It's better that a false positive is reported rather than your virus scanner missing something that it should have picked up.
It was mainly the "security breach" claim that I was objecting to.
Rather than what this appears to be, which is just someone grabbing some images/links from a dodgy site in their haste to post the comp.Free/impartial debt advice: National Debtline | StepChange Debt Charity | Find your local CAB
IVA & fee charging DMP companies: Profits from misery, motivated ONLY by greed0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards