Threat found !


Recommended Posts

Symantec AntiVirus popped an alert when i opened neowin.net :o

like this:

--------------------------------------------------------

Scan type: Auto-Protect Scan

Event: Threat Found!

Threat: Bloodhound.Exploit.6

File: G:\WinXP Program Files\Opera7\profile\cache4\opr00HE5.htm

Location: Quarantine

Action taken: Quarantine succeeded : Access denied

Date found: 2004.8.22 18:26:07

---------------------------------------------------------

i thought it was a mistake so i deleted this file and cleaned up my opera & IE cache , then i reboot.

but when open neowin.net, things happen again !!!

could someone tell why ? Neowin is hacked ?

Link to comment
Share on other sites

any other AV. norton screwed u pso many pcs. alot ofd my friends pcs died only because they used norton products.

Link to comment
Share on other sites

Moved to SFI

It's not Neowin; for one, we don't use .htm pages, because everything is scripted with PHP... <- This is wrong :whistle:

Edited by gameguy
Link to comment
Share on other sites

i hate norton av its a ram hog

Congratulations, now stay on topic. What's the point of giving your opinion on something if it doesn't help solve the problem?

Link to comment
Share on other sites

Moved to SFI

It's not Neowin; for one, we don't use .htm pages, because everything is scripted with PHP...

i dont know, i searched in opera's cache, i didnt found any *.php files, but only *.js, *.htm, *.ico...

Link to comment
Share on other sites

Moved to SFI

It's not Neowin; for one, we don't use .htm pages, because everything is scripted with PHP...

what is SF1 ? :blink: an antivirus software ?

Link to comment
Share on other sites

All files outputted through HTML (whether they use server side scripting or not) are cached as .htm/.html files (dependant on browser). So the threat most probably did come from neowin. Probably an ad, or maybe a thread which contained refrences to a virus?

Link to comment
Share on other sites

Yeah, gameguy is in-correct in saying we dont send out html :)

On a side note; Norton is very resource intensive. McAfee is quite good; the Zone Labs (thing zone alarm) solution is good. There is a free option which works very well - http://www.grisoft.com/us/us_index.php

More info on the virus (trojan, actually) you saw : http://securityresponse.symantec.com/avcen....exploit.6.html

Bloodhound.Exploit.6 is a heuristic detection for exploits of a Microsoft Internet Explorer vulnerability. This vulnerability was discovered in February 2004.

The vulnerability results from the incorrect handling of HTML files embedded in CHM files. (CHM is the Microsoft-compiled HTML help format.)

Probably not going to hurt you if you use opera then is it :)

Link to comment
Share on other sites

any other AV. norton screwed u pso many pcs. alot ofd my friends pcs died only because they used norton products.

So what anti-virus software should I use? And is there a free one?

Link to comment
Share on other sites

guys its all html.

once the php does its thing it sends the output code.... HTML to the member.

and it most likely sits in the user cache as either a .htm file or something with no extension.

Link to comment
Share on other sites

there is a free one: bitdefender.com

free updates and all. wouldn't use anything else. even skinnable.

Hmm..what's the use of having a 'skinnable' AV?

Am I missing something?

AV just sits quietly hidden away, doing it's job, ...doesn't it?

And as far as free ones go, I have only used Grisoft AVG, and it seems to do it's job very well. I aint knocking bitdefender btw, it is probably very good, .............

but skinnable?

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.