We are experiencing some serious access issues today. Massive page no found errors, etc. The situation is being looked into and I will update as possible.
May 10th, access problems - Being looked into.
- Thread starter Bob Hubbard
- Start date
OP
OP
Issue should now be resolved. If you still can't see the site.....you obviously can't read this. 
OP
OP
DNS issue. I'm waiting on more intel at the moment.
artyon:Uh, DNS issue? My copy of Symantec corporate and the couple of hours I've spent trying to fix the Trojan pushed by the front page url would disagree.
Specfically, the trojan pushes itself as Active Desktop web content along with a fake shortcut button on the right hand side of the windows taskbar that nags you about spyware. Symantec automatically blocked the content. It's manfested as files called r.exe and file[1].exe.
Firefox shields you. Unfortunately, I stupidly thought Firefix might have a bug, so I switched to IE, which is how I got it.
Specfically, the trojan pushes itself as Active Desktop web content along with a fake shortcut button on the right hand side of the windows taskbar that nags you about spyware. Symantec automatically blocked the content. It's manfested as files called r.exe and file[1].exe.
Firefox shields you. Unfortunately, I stupidly thought Firefix might have a bug, so I switched to IE, which is how I got it.
OP
OP
Ok, thats the second notice I have that happened. Can you send me more details please? I didn't see any AVS notices myself. (Running AVG and Firefox on 2k with popups disabled.)
Edited my post. 2 random-number.exe files and an .ani file, to boot. Identified as a desktop-hijacking trojan by Symantec. Running Hijakcthis didn't pull anything suspicious. I've still got the fake icon (looks like a triangle and exxlamation point with an XP-style alert.Kaith Rustaz said:
I got a page with 3 iframes sized 1x1 one tried to open a pop up, but I'm on a Linux system and din't get hit by a the trojan.
I'll PM you the three sites that where in the iframes, so no one clikcs them by accident
PS - This was only on the main page, all others gave file not found errors, plus a extra we couldn't find the error page bit.
I'll PM you the three sites that where in the iframes, so no one clikcs them by accident
PS - This was only on the main page, all others gave file not found errors, plus a extra we couldn't find the error page bit.
OP
OP
Thanks. I'm looking into this more.
In the mean time, make sure your AVS is updated, maybe run Stinger as well - http://vil.nai.com/vil/stinger/
I'll post more ASAP.
In the mean time, make sure your AVS is updated, maybe run Stinger as well - http://vil.nai.com/vil/stinger/
I'll post more ASAP.
OP
OP
AKA: Java/ByteVerify
This virus abuses the security vulnerability in Java Virtual Machine described in MS03-011, which gives posibility of runing potentially dangerous operation to java program (like working with files).
Trojan horse using this vulnerability changes Internet Explorer Home page.
The fix is available on Microsoft web pages like WindowsUpdate.Microsoft.com
This virus abuses the security vulnerability in Java Virtual Machine described in MS03-011, which gives posibility of runing potentially dangerous operation to java program (like working with files).
Trojan horse using this vulnerability changes Internet Explorer Home page.
The fix is available on Microsoft web pages like WindowsUpdate.Microsoft.com
OP
OP
Ok, based on my research so far, something compromised the server causing random traffic to redirect to a site that contained the ByteVerify virus. This happened between 10:45AM and 1:15PM Eastern Time.
If your antivirus caught it, you should be ok.
If you were running IE, and have either not kept the system up to date, are not running antivirus software, or are but are way behind on your updates, you may have been compromised.
I strongly recommend that you verify your antivirus is current, and running, and then do a complete system check.
Also, make certain your OS is upto date as well.
Doing a spyware scan couldn't hurt either.
This issue only effects Windows users, using non-updated OS and IE.
Linux/Mac folks should be fine, as should those running current FireFox or other non-IE browsers and current AVS.
If your antivirus caught it, you should be ok.
If you were running IE, and have either not kept the system up to date, are not running antivirus software, or are but are way behind on your updates, you may have been compromised.
I strongly recommend that you verify your antivirus is current, and running, and then do a complete system check.
Also, make certain your OS is upto date as well.
Doing a spyware scan couldn't hurt either.
This issue only effects Windows users, using non-updated OS and IE.
Linux/Mac folks should be fine, as should those running current FireFox or other non-IE browsers and current AVS.
Which is a very common theme for attacks...Kaith Rustaz said:
Lesson being, up date your system regullarly and don't run IE or you are at a very high risk of infection.
Rick Wade
Master Black Belt
Kaith Rustaz said:Issue should now be resolved. If you still can't see the site.....you obviously can't read this.
From this moment on you shall be called MOTO.
Master of the Obvious. LOL you are the man, thanks for working so hard so the rest of us have something to do at work.
V/R
Rick
