Virus on Odforce/forum

   13424   15   3
User Avatar
Member
66 posts
Joined: 7月 2005
Offline
hi,

if you go to the forum-site a virus/trojan:

JAVA/Byteverify.6.3 and JS/Dldr.Agent.ab.12

will be installed !!!

“Trojan.ByteVerify is a Trojan Horse that exploits the vulnerability described in Microsoft Security Bulletin MS03-011 and could provide a hacker the ability to run arbitrary code on an infected system”
Michael Fuchs -|- Owner Sparkling Design -|- Austria

Sparkling Design [sparkling-design.com]
User Avatar
Member
4140 posts
Joined: 7月 2005
Offline
Did you attempt to notify the odforce guys before making this public? How certain are you that is the site that caused this? That sort of thing can be pretty hard to track down at the root of the problem.

J.C.
John Coldrick
User Avatar
Member
4271 posts
Joined: 7月 2005
Offline
Eessh…..

Something is up that's for sure. I went to the forums with Firefox and didn't have any problems. Tried it with IE and Kaspersky went bonkers blocking stuff left and right. While its possible that it maybe a false positive, I'd be a bit careful for the time being.

I'll play some more and see what I can find out.
if(coffees<2,round(float),float)
User Avatar
Member
4271 posts
Joined: 7月 2005
Offline
If you allow the JAVA/Byteverify.6.3 and JS/Dldr.Agent.ab.12 stuff to run it tries to download and execute a .wmf file (xpladv428.wmf). The wmf file library had some bad exploit a few months back.


That said, I agree with JC, these sorts of things are really hard to track down. It could be nothing at all, it could be that someone hacked the PHP code and added a “evil” line or two, or it could be something completely unrelated to odforce.
if(coffees<2,round(float),float)
User Avatar
Member
279 posts
Joined: 7月 2005
Offline
Hey Guys

Firstly, if I could make a very, very strong recommendation that you stop using IE. Just stop. Forever. It's a piece of crap that has more holes in it than Spongebob, and if it wasn't for it's shitty nature then people wouldn't be able to try and force you to download an infected wmf file.
As it is, spammers get to deface our site and add this nonsense in to try and get a backdoor to your computer.

Do you want your computer to be a zombie?


I didn't think so, so stop using IE!

Having said that, I have found and removed the offending bits of code from odforce, please return to your scheduled browsing activities.

Marc
User Avatar
Member
4271 posts
Joined: 7月 2005
Offline
Thanks Marc!

I concur about IE having more holes that Spongebob. (Although Spongebob is funny, IE is not.)



*hugs firefox*
if(coffees<2,round(float),float)
User Avatar
Member
581 posts
Joined: 7月 2005
Offline
I am agree with Marc advice:
Stop using IE!
Nobody guarantees that the many many holes are going to be solved, and nobody can solve them apart from Microsoft.
Moreover you are paying for this type of “software” with this “quality”.
Un saludo
Best Regards

Pablo Giménez
User Avatar
Member
4140 posts
Joined: 7月 2005
Offline
Still amazes me the majority of users out there are using that piece of crap. I guess that's the entire reason MS went through that battle with the DOJ, and lost, sorta, and yet, *still* got to bundle a browser and convince people it was the best way to browse the net.

I can understand the casual computer users getting caught in this, but I still get into arguments with people in some forums that constantly defend IE, think it's somehow “easier” than FF, and that most sites out there require it. *sigh*

Cheers,

J.C.
John Coldrick
User Avatar
Member
16 posts
Joined:
Offline
It's indeed amazing,

What really amazes me is webdesigners and web programmers defending it, i'd expect people designing/developing with IE in mind would really change their minds that exact moment, but surprisingly as it may seem that's not the case, many ppl out there still defend IE even if working on the web design/programming field.

cheers
User Avatar
Member
1192 posts
Joined: 7月 2005
Offline
To be honest, it's very seldom I find a site that requires IE these days. Firefox is on the rise and many sites are becoming web standards compliant.
I also do (some) webdevelopment and all the webdesigners I know are actually recommending standards-compliant browsers. Myself included, of course.

Dragos
Dragos Stefan
producer + director @ www.dsg.ro
www.dragosstefan.ro
User Avatar
スタッフ
3464 posts
Joined: 7月 2005
Offline
people use IE because it's there, and it's easy…
I have to admit that I do so little web browsing at home that I often forget to use anything else…which I guess is fortunate because I was probably the first person to realise that od had been infected…and was still slightly infected even a few days ago…
now I check with IE every night just in case….
the stupid thing about the crap that infected the server was that it didn't even do much…no porn popups or anything…if you're going to to infect my machine with a virus at least give me a little porn while you're at it… :roll:
Michael Goldfarb | www.odforce.net
Training Lead
SideFX
www.sidefx.com
User Avatar
Member
4271 posts
Joined: 7月 2005
Offline
Actually the IE problem is getting worse. Just how some software vendors are bundling mozilla/firefox browsers with their applications, more and more video games that have in-game browsers rely not on Mozilla but on IE. *cough* Valve *cough*
if(coffees<2,round(float),float)
User Avatar
Member
4140 posts
Joined: 7月 2005
Offline
Actually(I love extending these threads ), there's a good reason for that - if a developer wants to draw an html window within an app they distribute(which is becoming quite common), they have only two options - either do what SESI does and distribute an entire browser engine, or (on windows of course)call dcom. It's fine to call up an html in the standard browser(which could be IE, FF, Opera), but to have it in a custom window, you only have the option to call the system level browser, which in windows is IE, or have your own engine. The only solution I know of is for the Mozilla guys to get a great API out there which would reliably override IE, be stable, secure and full-featured - no easy task.

It's another way that unsafe IE can creep into the equation very easily - and it's hard to blame the developers. Valve would likely have howls of protest if they forced gamers to download a mozilla distribution.

Cheers,

J.C.
John Coldrick
User Avatar
Member
523 posts
Joined: 7月 2005
Offline
Hello,


when opening the Odforce page today , I got a Trojan Virus (Norton shutts off automatically…)



thanks
User Avatar
Member
12670 posts
Joined: 7月 2005
Offline
Bernard
Hello,
when opening the Odforce page today , I got a Trojan Virus (Norton shutts off automatically…)

All is good now, thanks for the heads up. Hopefully by later this week we can be rid of this vulnerability for once and for all.
Jason Iversen, Technology Supervisor & FX Pipeline/R+D Lead @ Weta FX
also, http://www.odforce.net [www.odforce.net]
User Avatar
Member
523 posts
Joined: 7月 2005
Offline
Thanks Jason, that would be great!



bern
  • Quick Links