Did anyone get a popup alert yesterday, 01/24/08? I got an alert that Avast had detected, and stopped a virus from SGF. It happened two times last nite about 6:30 PM, EST.
Bill
Virus alert!!
Moderator: Wiz Feinberg
-
Bill Ford
- Posts: 3862
- Joined: 13 Dec 1999 1:01 am
- Location: Graniteville SC Aiken
- State/Province: -
- Country: United States
Virus alert!!
Bill Ford S12 CLR, S12 Lamar keyless, Misc amps&toys Sharp Covers
Steeling for Jesus now!!!
Steeling for Jesus now!!!
-
John Roche
- Posts: 2212
- Joined: 2 Feb 2006 1:01 am
- Location: England
- State/Province: -
- Country: United States
-
Bill Ford
- Posts: 3862
- Joined: 13 Dec 1999 1:01 am
- Location: Graniteville SC Aiken
- State/Province: -
- Country: United States
-
Wiz Feinberg
- Posts: 6117
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
- State/Province: Michigan
- Country: United States
Bill, or other members of the SGF. Anytime you get a warning about a virus, or other malware, that has been intercepted by your security program from any of our forums, please copy the details and post them on this forum, and/or in the Feedback forum. This is especially important if your security alert mentions a JavaScript Exploit!
I need as much detail as possibe, including the following:
The reason for all these questions is related to a rootkit threat that is in the wild, infecting Linux distros and most versions of Apache web servers with exploits, aimed mostly (but not exclusively) at Internet Explorer users who visit the exploited websites. I am currently investigating these threats and will post more information about them soon.
In the meanwhile, If you use Firefox you can install the NoScript add-on. Internet Explorer users can disable "Active Scripting" for the Internet Zone, then place your online banking sites in the Trusted Sites Zone and increase the level of security of that zone to "Medium."
I need as much detail as possibe, including the following:
- The exact name of the virus, malware, or exploit
- The make and version of the security application that detected the threat
- The time and date this occurred
- The sub-section of the SGF where this happened
- The brand and version number of your browser
- Do you have any browser add-ons that disable certain scripting and which alerted you to the threat?
- Was the threat successful in invading your computer, or was it blocked?
- If it infected your computer, what application did you use to remove it and what name and filenames were given to the threat?
- Can you reproduce this attack by revisiting that particular page, or forum section?
The reason for all these questions is related to a rootkit threat that is in the wild, infecting Linux distros and most versions of Apache web servers with exploits, aimed mostly (but not exclusively) at Internet Explorer users who visit the exploited websites. I am currently investigating these threats and will post more information about them soon.
In the meanwhile, If you use Firefox you can install the NoScript add-on. Internet Explorer users can disable "Active Scripting" for the Internet Zone, then place your online banking sites in the Trusted Sites Zone and increase the level of security of that zone to "Medium."
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog