News Radio WOAI KTKR AM Sports
SpursReport.com

Go Back   SpursReport.com > SpursReport Fan Forums > Question Forum

Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 04-07-10, 04:37 PM
Scxeezy's Avatar
SpursReport Rookie
 
Join Date: May 2003
Location: Los Angeles
Posts: 248
Unsafe website/virus

I saw another thread on this when I did a search, but it was locked. I too get the site is unsafe message sometimes when I come to SpursReport.com through InternetExplorer. This has happened to me both at home and at work. Since it does not happen all the time, I think it has to do with the ads, which are ever-changing.

Today, however, when I went to SpursReport (@11:07AM PDT), my virus scan popped up a whole lot of warnings about viruses and my browser and whole computer became very slow and unresponsive. Once I closed the browser everything eventually calmed down and later I was able to open SpursReport again and type this message.



Here are excerpts from the logs from my virus protection software (Eset NOD32):

http://91.188.59.52/x/midi.jar
a variant of OSX/Exploit.Smid.B trojan
connection terminated
quarantined
Threat was detected upon access to web by the application: C:\Program Files\Java\jre6\bin\java.exe.

http://91.188.59.52/x/midi.jar » ZIP » AppletX.class
a variant of OSX/Exploit.Smid.B trojan


http://91.188.59.52/x/jar.jar
multiple threats
connection terminated
quarantined
Threat was detected upon access to web by the application: C:\Program Files\Java\jre6\bin\java.exe.

http://91.188.59.52/x/jar.jar » ZIP » myf/y/AppletX.class
Java/TrojanDownloader.OpenStream.NAJ trojan

http://91.188.59.52/x/jar.jar » ZIP » myf/y/LoaderX.class
Java/TrojanDownloader.Agent.NAI trojan



Can somebody in IT please double-check that there is nothing (including, and especially, advertisments) trying to run malicious code on the client computers?

Thanks!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2  
Old 04-07-10, 10:23 PM
fabio's Avatar
SpursReport Team Member
 
Join Date: Jul 2005
Posts: 891

it's in advertisements. I don't think SR has any control on it because most sites uses general ad brokers and the site displaying the ads have very little control on them, depending on the ad broker.

This being said, it could happen that you already have the downloader in your PC, and the ads only trigger it with new info. But quite probably is just the advertisements trying to get into your computer via Java or ActiveX. In 99.99% of cases, if an advertisement is based in Java is because it has every possible trojan in the world
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3  
Old 04-09-10, 01:33 PM
cheesehead4spurs's Avatar
SpursReport Team Starter
 
Join Date: Jun 2006
Location: Madison, WI--77 square miles surrounded by reality
Posts: 3,276

I just had a bloodhound.pdf8 pop up in my norton
__________________
Badgerland's #1 Spurs fan.

Still crazy after all these years.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -5. The time now is 11:01 PM.


Powered by vBulletin Version 3.7.4 Copyright © 2000-2008 Jelsoft Enterprises Limited.

Content Relevant URLs by vBSEO 3.2.0