GTA

General Discussion To Gateway To Airguns => Back Room => : Mebits December 01, 2009, 10:43:40 AM

: Hacker?
: Mebits December 01, 2009, 10:43:40 AM

I'm not going to direct traffic elsewhere, but there's another airgun forum which appears to have been hacked and my security software advises me that they are now an "attack site".

Does anyone have the 411? I hate to see this happen to anyone.

Actually, upon further review, if you're running XP, you don't want to go to any "attack site". I'm providing the name of the site so you can avoid it until they get figured out. If the mods have an issue, feel free to delete. It's airgunadvice.net.

M

: RE: Hacker?
: TCups December 01, 2009, 10:57:28 AM

Have I mentioned lately how much I love Mac OS-X and Safari 4.0.3?

: RE: Hacker?
: RedFeather December 01, 2009, 01:26:04 PM

The other day I had McAfee flag a couple of trojans. Wonder if I picked them up over there? Thanks for the heads-up!

: Re: Hacker?
: Mebits December 01, 2009, 02:50:40 PM

Something is going around the 'net. We've had a number of our users affected over on my site. Nasty stuff. I'm trying to get up to speed but it's too new.

Heads up. XP is the worry point right now.

: Re: Hacker?
: KK0605 December 02, 2009, 02:23:00 AM

Well, I know a thing bout computers, (My favorite platform is Mac, but my favorite Windows is still XP, and mine is faster than any Vista I tried) and I have tried and tested many anti-virus programs (AVG, Kaspersky, Avira, Eset (the best hands down) ) on site I know,  I don't have anything here or Yellow. I'll watch out though! I do get the "Attack Site" warning from Google on that site, but I laugh at danger! LOL

: Re: Hacker?
: KK0605 December 02, 2009, 02:26:32 AM

Here is the reason Google put up the Attack Site warning:

"What is the current listing status for airgunadvice.net?

    Site is listed as suspicious - visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

    Of the 32 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-12-01, and the last time suspicious content was found on this site was on 2009-12-01.

    Malicious software includes 1 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

    Malicious software is hosted on 2 domain(s), including myalbumshare.net/, scan-file-clear.com/.

    1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including trafficmagnat.com/.

    This site was hosted on 1 network(s) including AS32392 (OPENTRANSFER).

Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, airgunadvice.net did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.

How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message."

So, someone else could have posted the "malicious" software on that site. 1 error in 90 days? Does not seem like a big thing.

: Re: Hacker?
: Bogey December 02, 2009, 02:39:02 AM

OK Kyler,  in 25 words of less, what does all this mean?   Is  the site safe or not??   If answer more than Yes or No,  can you explain in terms for person's that just use computers and don't really understand them or the software?


This is in reply to #185286  at 10:26 AM.

: Re: Hacker?
: KK0605 December 02, 2009, 02:49:21 AM

OK, sorry ;) I get ahead of myself sometimes.

1. PART, (not all) of the site is infected.
2. Of the 32 pages that Google checked, only 1 page is/was infected.
3. The infection downloaded (without permission from the user) some kind of malicious software.
4. When Goggle let the software run, it ran 1 process (a process is an action; could be anything.)
5. The software is not HOSTED on airgunadvice. Most likely it was put there by someone. The site is not the problem then.
6. The software IS hosted on 2 domains, including myalbumshare.net/, scan-file-clear.com/. These are the culprits.
7. 1 domain appears to be functioning as intermediary for distributing malware to visitors of this site. trafficmagnat.com/ is the middle man.
8. BIG THING: Airgunadvice has NOT acted as an intermediary to distribute the software else ware.
9. Google says sometimes people can put a code in the site making it look to be bad.

So, it can be bad, if it is a real virus. If it is just a code, (like reporting a bomb when there isn't one.) it is fine. I might venture out and see the site to see what happens.
 
Hope that clears things up! More than 25 words though.

: Re: Hacker?
: Mebits December 02, 2009, 03:08:29 AM

Hey, let us know. and maybe I'll ask to you to check out another mine field! :D

: Re: Hacker?
: KK0605 December 02, 2009, 03:28:17 AM

Well, I went there. I'm making a video of what happened. But I'm fine and no viruses. I'll post the video here in a bit.

: All is Good
: KK0605 December 02, 2009, 04:49:16 AM

Here is the video proof. Dunno what was wrong. But site is safe (for me at least).

http://www.youtube.com/watch?v=kFctX9_X_20

Hope I helped!