Jump to content

GEOCACHING.COM HAS BEEN INFECTED - VERTY VERY URGENT

kewfriend

By kewfriend
in United Kingdom and Ireland

Followers 0

Recommended Posts

kewfriend

+kewfriend

Posted
  • Author
Posted

I use Computer Associates (CA) Pest Patrol and AntiVirus. About 15 mins ago my software reported that the Geocaching.Com website was infected with the JavaScript JS/SNZ.a driveby infection.

 

False postives are sometimes reported by security software but CA has a d*mn good track record and I would refrain from using the geocaching.com website until the all-clear is given that this java script infection is not what my software reports it to be.

Link to comment
ReadyOrNot

+ReadyOrNot

Posted
Posted

I use Computer Associates (CA) Pest Patrol and AntiVirus. About 15 mins ago my software reported that the Geocaching.Com website was infected with the JavaScript JS/SNZ.a driveby infection.

 

False postives are sometimes reported by security software but CA has a d*mn good track record and I would refrain from using the geocaching.com website until the all-clear is given that this java script infection is not what my software reports it to be.

 

Some more information

Link to comment
scottpa100

+scottpa100

Posted
Posted

Just to confirm then to everyone, the link that ReadyOrNot posted to the register shows that the problem IS NOT with geocaching.com. You are safe to continue using geocaching.com. There seems to be a problem with the Computer Associates Pest software. Is affecting users of the Pest program when they access many different sites, not just geocaching.com.

 

Thanks to Kewfriend for sharing the information, but looks like this time we can step down from red alert! :blink:

Link to comment
drsolly

+drsolly

Posted
Posted

One of the big problems with antivirus today, is that if you do very frequent updates (such as, daily), then how long do you spend testing the update? So AV companies are caught in a dilemma; update frequently with insufficiently-tested updates, or update insuffiently frequently, but have better testing.

Link to comment
kewfriend

+kewfriend

Posted
  • Author
Posted

One of the big problems with antivirus today, is that if you do very frequent updates (such as, daily), then how long do you spend testing the update? So AV companies are caught in a dilemma; update frequently with insufficiently-tested updates, or update insuffiently frequently, but have better testing.

QUITE!!

 

I unreservedly apologise for the alarm caused - and CA shipped out a correction within a couple of hours. I'm not sure what the 'punter' is meant to do, and even if my reaction was an over-reaction, it wasn't that much of an over-reaction. The problem is that if you have a 'locked down PC', and detect an issue, you really do have to warn ASAP, those not locked down.

 

Case of devil and deep blue sea - it seems.

Link to comment
sTeamTraen

+sTeamTraen

Posted
Posted

You did the right thing as far as I'm concerned. I'd rather have a false alarm than lose my data because someone didn't think it was worthwhile saying something!

 

That's OK for the first false alarm. After a few dozen it gets rather boring. Another reason why I don't run anti-virus software on the network which I manage. The other day I saw a story about how one of the leading A/V products (Kaspersky maybe?) had quarantined Windows Explorer. :unsure:

 

Most viruses/worms/trojans are actually pretty harmless to your data anyway - unlike spontaneous hard drive failure, which destroys several orders of magnitude more data per year than all the viruses in the world, but for some reason doesn't get much press. The good news is that the right way to protect against hard drive failure (regular backups and rehearsed restores) also has the side benefit of protecting you against the consequences of the (very) occasional nasty bit of malware - just pretend your disk has crashed and do the restore.

 

And of course, the Mac and Linux users are all chuckling, as usual. :D

Link to comment
sTeamTraen

+sTeamTraen

Posted
Posted

forgive me if i'm wrong....if the virus was here, would it automatically have downloaded to my computer?

 

therfore...if i was reading this AFTER the warning....wouldn't it have been too late to prevent it? ;)

 

Well, the OP suggested that the affected sites was "geocaching.com" (of course, there's several servers behind that address) rather than "forums.Groundspeak.com", which is another server or servers.

 

However, this does show up the difficulties in trying to micro-manage someone else's security problems. I think the best course of action would have been to contact Groundspeak directly.

 

If people are going to post alerts of this kind, maybe the "Geocaching.com Web Site" forum would be a better choice, so that non-UK people could also be informed. That's what this person just did - with, of course, another false positive. In fact I would assume that 99% of such alerts are likely to be false alarms; and since the effects of the other 1% are more likely to be "meh" than "world to end", perhaps the whole thing isn't worth the bother.

 

The whole "anti-virus thing" is predicated on the following assumptions (which, in what may or may not be a coincidence, seem to closely follow the anti-terrorist policies of many governments):

 

- If any virus gets in, you will be immediately screwed to the tune of several thousand dollars/pounds at least; more likely, you and your family will either die, or have to live on the street for ever.

- Only our product can protect you, and it is reliable, and it is able to detect all the threats out there.

- Now that our product is on your PC and is not calling out any problems, your PC is currently virus-free.

 

Every single one of these is, of course, outrageously false, but somehow their marketing model works anyway; many people spend more over the lifecycle of their PC on anti-virus software, than they do on the copy of Windows which it runs. Nice work if you can get it, I suppose.

 

(Exercise: if anti-virus software worked, why doesn't Microsoft build the technology into Windows?)

Link to comment
kewfriend

+kewfriend

Posted
  • Author
Posted

As I said before - "devil & deep blue sea". To be fair to CA this was the first false positive for me in six years. In normal circumstances contacting GC.COM directly would have been right, but it was New Year's Eve which seemed a prime time to dump an infection on a popular server.

 

CA has indeed isolated at least one nasty drive-by Trojan for me placed innocuously on one of the London tourist websites - so it does happen.

 

I understand exactly where sTeamTraen is coming from, but I suppose one cannot hope for more than intelligent watchfulness. I thank those that responded so quickly to identify this as a false positive - and CA had shipped out the correction within 3 hours (must have been a few red faces around there methinks!).

Link to comment
spidym

spidym

Posted
Posted

One of the big problems with antivirus today, is that if you do very frequent updates (such as, daily), then how long do you spend testing the update? So AV companies are caught in a dilemma; update frequently with insufficiently-tested updates, or update insuffiently frequently, but have better testing.

 

I still think its the AV companies that make most of the dadgum viruses in first place..... how else would they sell there latest products.... :laughing:

Link to comment
Guest
This topic is now closed to further replies.
Followers 0
Go to topic listing
×
×
  • Create New...