Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
Hello, There seems to be some problem with certain content here which results in 'infection' of unprotected Windows boxes. "www/delivery/ajs.php" keeps popping up in my security software. Besides that, Rogue ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7

    [SOLVED] Malware spread from this site


    Hello,

    There seems to be some problem with certain content here which results in 'infection' of unprotected Windows boxes.
    "www/delivery/ajs.php" keeps popping up in my security software. Besides that, Rogue security software got installed on my 'firebox' from visiting here. Apparently the payload is downloaded from randombroken.ipq.co, which is triggered by the aforementioned *.php.
    This probably should be investigated as soon as possible. Thanks much in advance.

    Cheers,
    Micha

  2. #2
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7
    i.imgur.com/xTEPc.png

  3. #3
    oz
    oz is offline
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,733
    Hello and welcome to the forums!

    I've forwarded a report of this to those in charge of that part of the website.

    Thanks for the alert and feedback.
    oz

  4. $spacer_open
    $spacer_close
  5. #4
    oz
    oz is offline
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,733

    quick update

    Okay, I just got word back that this matter is currently under investigation.

    Thanks again for the feedback.
    oz

  6. #5
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7
    Quote Originally Posted by ozar View Post
    Okay, I just got word back that this matter is currently under investigation.
    Hello,

    Thanks much for the speedy reaction!
    The issue currently appears to be fixed.
    Maybe it would be helpful for your users to get some more details of the problem, i.e. timestamps of from when to when the problem existed. I'd guess that quite a bunch of (Win-) visitors may not know what hit them.
    Thanks much again for handling this matter.

    Cheers and greetings from Japan.

    Micha
    [KL]

  7. #6
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7
    Quote Originally Posted by MichaKL View Post
    Hello,

    The issue currently appears to be fixed.

    Sadly, the issue is back!
    As of currently (Wed Apr 20 07:59:03 UTC) malicious code is pushed again.
    Windows users accessing any page here with unprotected PC will get infected with Rogue security software.
    Please kindly have this investigated ASAP.

    Cheers,
    Micha
    [KL]

    *Edit: Correction, now the payload is 'Backdoor.Win32.Agent.bhve' and not a RogueAV
    Last edited by MichaKL; 04-20-2011 at 08:27 AM.

  8. #7
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7
    i.imgur.com/yAzb3.png

  9. #8
    oz
    oz is offline
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,733
    I've not gotten any further updates on the matter from those investigating it but will post back when I hear something more.

    Thanks for the feedback.
    oz

  10. #9
    Just Joined!
    Join Date
    Apr 2011
    Location
    Tokyo/Japan
    Posts
    7
    Quote Originally Posted by ozar View Post
    I've not gotten any further updates on the matter from those investigating it but will post back when I hear something more.
    Hello,

    Thank you for checking on it.
    Hopefully the people in charge are aware of how serious this problem is. This server really should be taken offline and investigated/fixed properly before having it back on the net.
    Thank you.

    Cheers,
    Micha
    [KL]

  11. #10
    oz
    oz is offline
    forum.guy
    Join Date
    May 2004
    Location
    arch linux
    Posts
    18,733

    update

    Hello Micha

    I've received a report that this issue has now been fixed. Unfortunately, no other details came with the report. Are you able to verify that it is, or is not, fixed on your end?

    Thank you.
    oz

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •