In the past couple of days, while doing lyric
searches on RS/CP, my anti-virus program, AVG, picked up the same Trojan Virus, on separate days
I was told that sending a virus, in my case, to a "vault", is still not a sure bet that
the virus has been eliminated from the registry.
Is this true?
And, has anyone else come across this virus on Roughstock/Cowpie?
Most annoying. Wouldn't care if it was a nudie site, but song lyrics? C'mon! Man does not live by bread [or bred] alone, but by the magic of lyricism.
Chip
Trojan Virus at Roughstock/Cowpie
Moderator: Wiz Feinberg
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
-
b0b
- Posts: 29079
- Joined: 4 Aug 1998 11:00 pm
- Location: Cloverdale, CA, USA
I thought that those were just web pages. Did you download a program or something? It's pretty hard to get a virus from just visiting a web site.
------------------
<img align=left src="http://picturehost.net/b0b/ManzBob2.jpg" border="0"><small> Bobby Lee</small>
-b0b- <small> quasar@b0b.com </small>
System Administrator
------------------
<img align=left src="http://picturehost.net/b0b/ManzBob2.jpg" border="0"><small> Bobby Lee</small>
-b0b- <small> quasar@b0b.com </small>
System Administrator
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
b0b,
I didn't even get to the actual lyric page.
When I clicked on 'search' you're taken to the page that has all the potential listings for the song you're looking for.
When I clicked on "Crying My Heart Over You",
that's when a big red virus warning flag popped up. It asked if I wanted to continue
or exit. I exited, of course.
Then I ran AVG, and it caught it.
I emailed Cowpie about this and they came back and advised updating Win98SE from Windows Update. They said IE is full of holes
that allow viruses in, and are constantly trying to patch them up, I guess?
ActiveX warnings popped up as well, just before the virus warnings, and Cowpie said ActiveX may be involved, too.
I didn't realize all those security warnings on Windows Update were all that critical. Guess maybe they are.
Chipper
I didn't even get to the actual lyric page.
When I clicked on 'search' you're taken to the page that has all the potential listings for the song you're looking for.
When I clicked on "Crying My Heart Over You",
that's when a big red virus warning flag popped up. It asked if I wanted to continue
or exit. I exited, of course.
Then I ran AVG, and it caught it.
I emailed Cowpie about this and they came back and advised updating Win98SE from Windows Update. They said IE is full of holes
that allow viruses in, and are constantly trying to patch them up, I guess?
ActiveX warnings popped up as well, just before the virus warnings, and Cowpie said ActiveX may be involved, too.
I didn't realize all those security warnings on Windows Update were all that critical. Guess maybe they are.
Chipper
-
Jeff Agnew
- Posts: 741
- Joined: 18 Sep 1998 12:01 am
- Location: Dallas, TX
Unfortunately, it becomes easier every day. <BLOCKQUOTE><font size="1" face="Verdana, Arial, Helvetica">quote:</font><HR><SMALL>New Attack Compromises Fully-Patched IE Browsers<SMALL> It's pretty hard to get a virus from just visiting a web site.</SMALL>
http://news.netcraft.com/archives/2004/06/09/new_attack_compromises_fullypatc hed_ie_browsers.html
http://news.zdnet.co.uk/software/windows/0,39020396,39157297,00.htm
http://www.theregister.co.uk/2004/06/10/ms_inpatched_ie_flaw/
A new security hole in Internet Explorer exploit allows hackers to gain control of a user's computer when they click on a hyperlink, even while using a fully-patched
version of IE6. An exploit using the technique, which employs a complex series of Javascript, VBScript and PHP code, has been
published on the Web and is being discussed in several security mailing lists.
The attack splices together multiple weaknesses in Internet Explorer, including at least one known but unpatched flaw and several new ones. The scripting cocktail tricks the browser into running code from a remote web server as though it were a local help file, and can then install a trojan of the attacker's choice on the compromised system.
The exploit is launched when a user clicks on a malicious link in an e-mail or web page. Internet Explorer launches a pop-up window with an "iframe" tag, which is commonly used to display text or interactive features in a floating window. The code tricks the browser into thinking the iframe contains a help file from the user's hard drive, while downloading a javascript that can then run with local privileges. The javascript then launches a remote php file, which in turn downloads a trojan to the user's hard drive. A complete analysis of the exploit and how it works can be found here.
Some security professionals called the new hack an example of a "zero-day exploit," in which a working attack is published at the same time a vulnerability is discovered. The existence of a published exploit puts pressure on Microsoft to quickly come up with a patch for all IE users. Early reports suggest the key security holes may be patched in Windows XP Service Pack 2, which is now in beta.</SMALL><HR></BLOCKQUOTE>
<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jeff Agnew on 11 June 2004 at 05:22 AM.]</p></FONT>
-
Ray Minich
- Posts: 6431
- Joined: 22 Jul 2003 12:01 am
- Location: Bradford, Pa. Frozen Tundra
An interesting article in Thursday's (06/10/04) Wall Street Journal about a fully updated version of IE6 being vulnerable. Microsoft's Antivirus-Defense-in-Depth guide will still reply that your supposedly fully updated IE6 is still in need of update.
The bad guys are supposedly now threatening to extort money from the on-line gambling sites else they will unleash their malware. Also, the on-line naughty sites will infect your PC with code that can only be removed by burning the PC.
No company can afford to fund the hours and dollars in development and maintenance of a "crack proof" sytem that will stand up to the hours and dollars that will be expended "for free" by the legions of crackers trying to "break the code...".
At best we can hope Micro$oft stays somewhere near up-to-date.
Oops, that Micro$oft product is called "Baseline Security Analyzer".<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Ray Minich on 11 June 2004 at 04:29 PM.]</p></FONT>
The bad guys are supposedly now threatening to extort money from the on-line gambling sites else they will unleash their malware. Also, the on-line naughty sites will infect your PC with code that can only be removed by burning the PC.
No company can afford to fund the hours and dollars in development and maintenance of a "crack proof" sytem that will stand up to the hours and dollars that will be expended "for free" by the legions of crackers trying to "break the code...".
At best we can hope Micro$oft stays somewhere near up-to-date.
Oops, that Micro$oft product is called "Baseline Security Analyzer".<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Ray Minich on 11 June 2004 at 04:29 PM.]</p></FONT>
-
Bobby Lee
- Site Admin
- Posts: 14863
- Joined: 4 Aug 1998 11:00 pm
- Location: Cloverdale, California, USA
ActiveX, huh? That might explain it. ActiveX was Microsoft's answer to Java servlets. Unfortunately, they neglected to implement the "sandbox" security model. An ActiveX component actually has access to your file system. A Very Bad Idea.
I don't allow ActiveX to run from my browser. There's a setting for it somewhere.
------------------
<font size="1"><img align=right src="http://b0b.com/Hotb0b.gif" width="96 height="96">Bobby Lee - email: quasar@b0b.com - gigs - CDs, Open Hearts
Sierra Session 12 (E9), Williams 400X (Emaj9, D6), Sierra Olympic 12 (C6add9),
Sierra Laptop 8 (E6add9), Fender Stringmaster (E13, A6),
Roland Handsonic, Line 6 Variax</font>
I don't allow ActiveX to run from my browser. There's a setting for it somewhere.
------------------
<font size="1"><img align=right src="http://b0b.com/Hotb0b.gif" width="96 height="96">Bobby Lee - email: quasar@b0b.com - gigs - CDs, Open Hearts
Sierra Session 12 (E9), Williams 400X (Emaj9, D6), Sierra Olympic 12 (C6add9),
Sierra Laptop 8 (E6add9), Fender Stringmaster (E13, A6),
Roland Handsonic, Line 6 Variax</font>
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
-
Chip Fossa
- Posts: 4366
- Joined: 17 Sep 1998 12:01 am
- Location: Monson, MA, USA (deceased)
The virus locked in AVG's vault is
TROJAN_REVOP.C.(and has a few AKAs)
I checked on it at [url=http://www.trendmicro.com,]www.trendmicro.com,[/url] a
virus mapper and antivirus site.
Basically they said it was a low risk virus
and is associated with downloads. And they also listed several procedures for getting it out of the registry.
So I guess to answer my own question, the virus is probably still in the registry.
I haven't done anything with trendmicro yet,
so I'm not sure, but I'm going to see about it.
Trendmicro, to me, seems like a pretty cool site. They sure seem to have a lot of knowledge and data on viruses and where they come from and are going to.
Chipper<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by CHIP FOSSA on 12 June 2004 at 04:16 AM.]</p></FONT>
TROJAN_REVOP.C.(and has a few AKAs)
I checked on it at [url=http://www.trendmicro.com,]www.trendmicro.com,[/url] a
virus mapper and antivirus site.
Basically they said it was a low risk virus
and is associated with downloads. And they also listed several procedures for getting it out of the registry.
So I guess to answer my own question, the virus is probably still in the registry.
I haven't done anything with trendmicro yet,
so I'm not sure, but I'm going to see about it.
Trendmicro, to me, seems like a pretty cool site. They sure seem to have a lot of knowledge and data on viruses and where they come from and are going to.
Chipper<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by CHIP FOSSA on 12 June 2004 at 04:16 AM.]</p></FONT>