Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
Hello, There seems to be some problem with certain content here which results in 'infection' of unprotected Windows boxes. "www/delivery/ajs.php" keeps popping up in my security software. Besides that, Rogue ...
  1. 04-19-2011 #1
    MichaKL
    MichaKL is offline
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7

    [SOLVED] Malware spread from this site

    Hello,

    There seems to be some problem with certain content here which results in 'infection' of unprotected Windows boxes.
    "www/delivery/ajs.php" keeps popping up in my security software. Besides that, Rogue security software got installed on my 'firebox' from visiting here. Apparently the payload is downloaded from randombroken.ipq.co, which is triggered by the aforementioned *.php.
    This probably should be investigated as soon as possible. Thanks much in advance.

    Cheers,
    Micha
  2. 04-19-2011 #2
    MichaKL
    MichaKL is offline
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7
    i.imgur.com/xTEPc.png
  3. 04-19-2011 #3
    oz
    oz is online now
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,086
    Hello and welcome to the forums!

    I've forwarded a report of this to those in charge of that part of the website.

    Thanks for the alert and feedback.
    oz

    new members/users: read this first | new member faq
    no private messages requesting computer support - post them on the forums!
    please use the "report post" button to alert our forum admins to problematic posts rather than responding to them yourself.
  4. 04-19-2011 #4
    oz
    oz is online now
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,086

    quick update

    Okay, I just got word back that this matter is currently under investigation.

    Thanks again for the feedback.
    oz

    new members/users: read this first | new member faq
    no private messages requesting computer support - post them on the forums!
    please use the "report post" button to alert our forum admins to problematic posts rather than responding to them yourself.
  5. 04-20-2011 #5
    MichaKL
    MichaKL is offline
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7
    Quote Originally Posted by ozar View Post
    Okay, I just got word back that this matter is currently under investigation.
    Hello,

    Thanks much for the speedy reaction!
    The issue currently appears to be fixed.
    Maybe it would be helpful for your users to get some more details of the problem, i.e. timestamps of from when to when the problem existed. I'd guess that quite a bunch of (Win-) visitors may not know what hit them.
    Thanks much again for handling this matter.

    Cheers and greetings from Japan.

    Micha
    [KL]
  6. 04-20-2011 #6
    MichaKL
    MichaKL is offline
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7
    Quote Originally Posted by MichaKL View Post
    Hello,

    The issue currently appears to be fixed.

    Sadly, the issue is back!
    As of currently (Wed Apr 20 07:59:03 UTC) malicious code is pushed again.
    Windows users accessing any page here with unprotected PC will get infected with Rogue security software.
    Please kindly have this investigated ASAP.

    Cheers,
    Micha
    [KL]

    *Edit: Correction, now the payload is 'Backdoor.Win32.Agent.bhve' and not a RogueAV
    Last edited by MichaKL; 04-20-2011 at 08:27 AM.
  7. 04-20-2011 #7
    MichaKL
    MichaKL is offline
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7
    i.imgur.com/yAzb3.png
  8. 04-20-2011 #8
    oz
    oz is online now
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,086
    I've not gotten any further updates on the matter from those investigating it but will post back when I hear something more.

    Thanks for the feedback.
    oz

    new members/users: read this first | new member faq
    no private messages requesting computer support - post them on the forums!
    please use the "report post" button to alert our forum admins to problematic posts rather than responding to them yourself.
  9. 04-20-2011 #9
    MichaKL
    MichaKL is offline
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7
    Quote Originally Posted by ozar View Post
    I've not gotten any further updates on the matter from those investigating it but will post back when I hear something more.
    Hello,

    Thank you for checking on it.
    Hopefully the people in charge are aware of how serious this problem is. This server really should be taken offline and investigated/fixed properly before having it back on the net.
    Thank you.

    Cheers,
    Micha
    [KL]
  10. 04-21-2011 #10
    oz
    oz is online now
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,086

    update

    Hello Micha

    I've received a report that this issue has now been fixed. Unfortunately, no other details came with the report. Are you able to verify that it is, or is not, fixed on your end?

    Thank you.
    oz

    new members/users: read this first | new member faq
    no private messages requesting computer support - post them on the forums!
    please use the "report post" button to alert our forum admins to problematic posts rather than responding to them yourself.
Page 1 of 2 1 2 LastLast
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules