Turn Off Ads?
Page 9 of 10 FirstFirst ... 5678910 LastLast
Results 121 to 135 of 145

Thread: RedsZone Malware Attack Discussion

  1. #121
    Administrator Boss-Hog's Avatar
    Join Date
    Apr 2000
    Location
    Cincinnati, OH
    Posts
    6,415

    Re: RedsZone Malware Attack Discussion

    Anyone else had any problems? We haven't made any kind of recent changes that would account for something like this.

    Quote Originally Posted by mth123 View Post
    AVG just shut my browser down when it detected a threat. I was in the Cahill thread when it happened, but I had not clicked on any of the links. I'm guessing it was one of the ads, but I wasn't really paying attention to which one was on screen.


  2. Turn Off Ads?
  3. #122
    All work and no play..... Vottomatic's Avatar
    Join Date
    Oct 2009
    Location
    Lebanon
    Posts
    7,067

    Re: RedsZone Malware Attack Discussion

    Just pulled up the page and my virus protector said it blocked a threat. Everything is fine now. Just wanted to point that out.

  4. #123
    Member mth123's Avatar
    Join Date
    Jul 2006
    Posts
    31,861

    Re: RedsZone Malware Attack Discussion

    Quote Originally Posted by Vottomatic View Post
    Just pulled up the page and my virus protector said it blocked a threat. Everything is fine now. Just wanted to point that out.
    I got one today too. Something about a "Black Hole" virus on this page.
    All my posts are my opinion - just like yours are. If I forget to state it and you're too dense to see the obvious, look here!

  5. #124
    All work and no play..... Vottomatic's Avatar
    Join Date
    Oct 2009
    Location
    Lebanon
    Posts
    7,067

    Re: RedsZone Malware Attack Discussion

    I just pulled it up again and it said threat was blocked. Under type it called it "blackhole" something-er-uver.

  6. #125
    Kmac5 KoryMac5's Avatar
    Join Date
    Jul 2005
    Location
    Waterloo, NY
    Posts
    4,037

    Re: RedsZone Malware Attack Discussion

    Antivirus blocked this nasty bug yesterday. Here is the scoop from the antivirus forums:



    Symantec Warns: BlackHole toolkit is spreading like wildfire (Trojan.Carberp)
    « on: 21. February 2011., 07:12:26 »

    --------------------------------------------------------------------------------


    Symantec has cautioned about the BlackHole toolkit, which has a powerful set of exploits and is spreading like wildfire. In a release issued on Monday, Symantec said that at present, it is the most prevalent exploit toolkit in the wild and can easily be compared with the likes of Neosploit and Phoenix in terms of the number of affected users.

    Symantec recently reported the increasing utilization of sophisticated toolkits by criminals who would otherwise lack the technical expertise for cyber attacks, fueling a self-sustaining, profitable, and increasingly organized global economy.

    Toolkits account for 61 per cent of all threat activity on malicious websites

    In recent times, BlackHole has clearly emerged as the most used toolkit among hackers. The following IPS graph proves this fact, since more than 100,000 malicious hits are reported each day:




    How BlackHole works:

    · When victims visits a clean site that has been injected with a malicious iFrame, they are redirected to the BlackHole exploit kit server. BlackHole obfuscates the exploits for popular vulnerabilities such as PDF, JAVA, HCP, MDAC, etc.

    · The page contains the code that redirects the user to download a malicious jar file. One of the classes inside the jar file extracts the value passed to it in the script, and then decodes it into a URL. This URL is then used to perform other malicious downloads.

    · The URL downloads Trojan.Carberp, which is a highly sophisticated Trojan that is being compared to ZeuS because of its ingenious techniques for avoiding detection.

    · The Trojan posts a unique ID to the command-and-control (C&C) server that will be used every time a transaction takes place between the Trojan and the C&C server. Next, the Trojan will post all of the running processes on the victim’s computer to the C&C server.


    The Trojan then downloads three modules:

    o stopav.plug – This module disables the antivirus installed on the victim’s computer.

    o miniav.plug – Checks for the presence of other Trojans, such as Zeus, and if found, the Trojan deletes its competitor(s).

    o passw.plug – It will log every username/password combination that is typed, as well as any URLs visited.


    The C&C server sends the “multidownload” command to the Trojan:

    o The first file downloaded is Trojan Hiloti (a.k.a. Trojan.Zefarch), which makes requests to a free file-hosting site.

    o The second file downloaded (2.exe) is FakeAV
    If you have a losing record at Reds games, please stop going.

  7. #126
    All work and no play..... Vottomatic's Avatar
    Join Date
    Oct 2009
    Location
    Lebanon
    Posts
    7,067

    Re: RedsZone Malware Attack Discussion

    I just pulled up the site and it blocked another threat. Here is what my AVG protection says:

    Threat was blocked!
    File name: 65.75.141.139/Home/index.php
    Threat name: Exploit Blackhole Exploit Kit (type 2095)

    I hope this helps.

  8. #127
    Five Tool Fool jojo's Avatar
    Join Date
    Nov 2006
    Posts
    21,390

    Re: RedsZone Malware Attack Discussion

    Redszone is getting flagged by sopphos with every page navigated to....
    "This isn’t stats vs scouts - this is stats and scouts working together, building an organization that blends the best of both worlds. This is the blueprint for how a baseball organization should be run. And, whether the baseball men of the 20th century like it or not, this is where baseball is going."---Dave Cameron, U.S.S. Mariner

  9. #128
    Administrator Boss-Hog's Avatar
    Join Date
    Apr 2000
    Location
    Cincinnati, OH
    Posts
    6,415

    Re: RedsZone Malware Attack Discussion

    Thanks, I'll open a ticket with our host.

  10. #129
    Administrator Boss-Hog's Avatar
    Join Date
    Apr 2000
    Location
    Cincinnati, OH
    Posts
    6,415

    Re: RedsZone Malware Attack Discussion

    Here's what our host had to say - honestly, I'm not sure where this leaves us, as I'm at a loss as to what direction to head next. If you have any suggestions, I'm all ears.

    Hello,

    I have scanned the server using RKhunter and couldn't find any malicious file from it.

    ---
    [13:48:29] System checks summary
    [13:48:29] =====================
    [13:48:29]
    [13:48:29] File properties checks...
    [13:48:29] Required commands check failed
    [13:48:29] Files checked: 135
    [13:48:29] Suspect files: 6
    [13:48:29]
    [13:48:29] Rootkit checks...
    [13:48:29] Rootkits checked : 248
    [13:48:29] Possible rootkits: 0
    [13:48:29]
    [13:48:29] Applications checks...
    [13:48:29] Applications checked: 9
    [13:48:29] Suspect applications: 2
    [13:48:29]
    [13:48:29] The system checks took: 21 minutes and 23 seconds
    [13:48:29]
    [13:48:29] Info: End date is Mon Jan 16 13:48:29 EST 2012
    ---

    I could see that the detected files are valid. I have scanned the "/home" folder using Clamscan. it also didn't detect any malicious file.
    It only detected some mails which can be excluded.

    ---
    [root@host ~]# tail test

    ----------- SCAN SUMMARY -----------
    Known viruses: 1118387
    Engine version: 0.97.1
    Scanned directories: 1127
    Scanned files: 70243
    Infected files: 1323
    Data scanned: 971.39 MB
    Data read: 2921.17 MB (ratio 0.33:1)
    Time: 573.856 sec (9 m 33 s)

    [root@host ~]# grep -i found test > result
    [root@host ~]#

    [root@host ~]# cat result|grep -vi mail
    [root@host ~]#
    ---

    I have also scanned the website online. They also didn't detect any virus in the site "redszone.com". Please verify this using the following URLs.

    ---
    http://www.avgthreatlabs.com/siterep...www.avg.com.au
    http://www.urlvoid.com/
    http://onlinelinkscan.com/
    ---

    I could not find any malicious content in the server. Please let us know, if you need any further assistance.

  11. #130
    Administrator Boss-Hog's Avatar
    Join Date
    Apr 2000
    Location
    Cincinnati, OH
    Posts
    6,415

    Re: RedsZone Malware Attack Discussion

    Here's what we need from you guys that are affected by this issue:

    Hello,

    As we have already updated, our scan results are showing nothing suspicious in the web root. We could confirm this from the following on line scanner from AVG antivirus solutions.

    --
    http://www.avgthreatlabs.com/siterep...www.avg.com.au
    --

    Can you get back to us with any one of the URLs (specific URLs) that your clients see problematic ?

  12. #131
    Sprinkles are for winners dougdirt's Avatar
    Join Date
    Jan 2006
    Posts
    49,393

    Re: RedsZone Malware Attack Discussion

    Could be coming from the ad's Boss. If that is the case, then it won't be on your server and won't be found.

    No clue if there is anything to it, but it wouldn't be the first time that it has happened on the internet.

  13. #132
    Administrator Boss-Hog's Avatar
    Join Date
    Apr 2000
    Location
    Cincinnati, OH
    Posts
    6,415
    We have considered that possibility, but we've looked into it on the AdSense side and have not seen any substantiated reports that confirm it's the ads. Given how widespread AdSense is, you'd think there would be others with the same problem.

    Regardless, we have temporarily eliminated ads from a couple of users that have reported malware warnings and we want to see what this does. If anyone else has received these warnings and would like to do a similar test, please send me a PM.

  14. #133
    All work and no play..... Vottomatic's Avatar
    Join Date
    Oct 2009
    Location
    Lebanon
    Posts
    7,067

    Re: RedsZone Malware Attack Discussion

    Even with the ads gone, I'm still getting threats almost every time I open the site.

  15. #134
    Administrator Boss-Hog's Avatar
    Join Date
    Apr 2000
    Location
    Cincinnati, OH
    Posts
    6,415

    Re: RedsZone Malware Attack Discussion

    Quote Originally Posted by Vottomatic View Post
    Even with the ads gone, I'm still getting threats almost every time I open the site.
    Anyone else having this? I think this rules out the ads as the root cause.

  16. #135
    All work and no play..... Vottomatic's Avatar
    Join Date
    Oct 2009
    Location
    Lebanon
    Posts
    7,067

    Re: RedsZone Malware Attack Discussion

    Well, I've opened it a bunch today and it hasn't happened since this morning when I posted about it.


Turn Off Ads?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Board Moderators may, at their discretion and judgment, delete and/or edit any messages that violate any of the following guidelines: 1. Explicit references to alleged illegal or unlawful acts. 2. Graphic sexual descriptions. 3. Racial or ethnic slurs. 4. Use of edgy language (including masked profanity). 5. Direct personal attacks, flames, fights, trolling, baiting, name-calling, general nuisance, excessive player criticism or anything along those lines. 6. Posting spam. 7. Each person may have only one user account. It is fine to be critical here - that's what this board is for. But let's not beat a subject or a player to death, please.

Thank you, and most importantly, enjoy yourselves!


RedsZone.com is a privately owned website and is not affiliated with the Cincinnati Reds or Major League Baseball


Contact us: Boss | Gallen5862 | Plus Plus | Powel Crosley | RedlegJake | The Operator