+kewfriend Posted December 31, 2007 Share Posted December 31, 2007 This drive by infection JS/Snz.A has been placed on the geocaching.com website about 10 minutes ago. Take immediate action - WARN EVERYONE - put up your barriers. Link to comment
+ReadyOrNot Posted December 31, 2007 Share Posted December 31, 2007 This drive by infection JS/Snz.A has been placed on the geocaching.com website about 10 minutes ago. Take immediate action - WARN EVERYONE - put up your barriers. What are you talking about? Link to comment
+DHJ&P Posted December 31, 2007 Share Posted December 31, 2007 (edited) It looks as if it's a "false positive" virus....... See:- http://www.dynamoo.com/blog/2007/12/jssnza...-in-etrust.html Fingers crossed. Dave Edited December 31, 2007 by davidh.jones Link to comment
+kewfriend Posted December 31, 2007 Author Share Posted December 31, 2007 I use Computer Associates (CA) Pest Patrol and AntiVirus. About 15 mins ago my software reported that the Geocaching.Com website was infected with the JavaScript JS/SNZ.a driveby infection. False postives are sometimes reported by security software but CA has a d*mn good track record and I would refrain from using the geocaching.com website until the all-clear is given that this java script infection is not what my software reports it to be. Link to comment
+ReadyOrNot Posted December 31, 2007 Share Posted December 31, 2007 I use Computer Associates (CA) Pest Patrol and AntiVirus. About 15 mins ago my software reported that the Geocaching.Com website was infected with the JavaScript JS/SNZ.a driveby infection. False postives are sometimes reported by security software but CA has a d*mn good track record and I would refrain from using the geocaching.com website until the all-clear is given that this java script infection is not what my software reports it to be. Some more information Link to comment
+scottpa100 Posted December 31, 2007 Share Posted December 31, 2007 Just to confirm then to everyone, the link that ReadyOrNot posted to the register shows that the problem IS NOT with geocaching.com. You are safe to continue using geocaching.com. There seems to be a problem with the Computer Associates Pest software. Is affecting users of the Pest program when they access many different sites, not just geocaching.com. Thanks to Kewfriend for sharing the information, but looks like this time we can step down from red alert! Link to comment
The Royles Posted December 31, 2007 Share Posted December 31, 2007 Thanks to Kewfriend for sharing the information, but looks like this time we can step down from red alert! Well, it must be your turn to change the bulb then Link to comment
+drsolly Posted December 31, 2007 Share Posted December 31, 2007 One of the big problems with antivirus today, is that if you do very frequent updates (such as, daily), then how long do you spend testing the update? So AV companies are caught in a dilemma; update frequently with insufficiently-tested updates, or update insuffiently frequently, but have better testing. Link to comment
+kewfriend Posted January 1, 2008 Author Share Posted January 1, 2008 One of the big problems with antivirus today, is that if you do very frequent updates (such as, daily), then how long do you spend testing the update? So AV companies are caught in a dilemma; update frequently with insufficiently-tested updates, or update insuffiently frequently, but have better testing. QUITE!! I unreservedly apologise for the alarm caused - and CA shipped out a correction within a couple of hours. I'm not sure what the 'punter' is meant to do, and even if my reaction was an over-reaction, it wasn't that much of an over-reaction. The problem is that if you have a 'locked down PC', and detect an issue, you really do have to warn ASAP, those not locked down. Case of devil and deep blue sea - it seems. Link to comment
nobby.nobbs Posted January 1, 2008 Share Posted January 1, 2008 It's not like you were trying to cause a scare, just trying to warn people so it doesn't matter Link to comment
+dino-irl Posted January 1, 2008 Share Posted January 1, 2008 You did the right thing as far as I'm concerned. I'd rather have a false alarm than lose my data because someone didn't think it was worthwhile saying something! Link to comment
+sTeamTraen Posted January 2, 2008 Share Posted January 2, 2008 You did the right thing as far as I'm concerned. I'd rather have a false alarm than lose my data because someone didn't think it was worthwhile saying something! That's OK for the first false alarm. After a few dozen it gets rather boring. Another reason why I don't run anti-virus software on the network which I manage. The other day I saw a story about how one of the leading A/V products (Kaspersky maybe?) had quarantined Windows Explorer. Most viruses/worms/trojans are actually pretty harmless to your data anyway - unlike spontaneous hard drive failure, which destroys several orders of magnitude more data per year than all the viruses in the world, but for some reason doesn't get much press. The good news is that the right way to protect against hard drive failure (regular backups and rehearsed restores) also has the side benefit of protecting you against the consequences of the (very) occasional nasty bit of malware - just pretend your disk has crashed and do the restore. And of course, the Mac and Linux users are all chuckling, as usual. Link to comment
+See Trix Posted January 2, 2008 Share Posted January 2, 2008 Same problem with McAfee. Solution almost ready ! http://digg.com/tech_news/Virus_JS_Exploit...of_Ars_Technica Link to comment
+jindivik Posted January 3, 2008 Share Posted January 3, 2008 forgive me if i'm wrong....if the virus was here, would it automatically have downloaded to my computer? therfore...if i was reading this AFTER the warning....wouldn't it have been too late to prevent it? Link to comment
+sTeamTraen Posted January 3, 2008 Share Posted January 3, 2008 forgive me if i'm wrong....if the virus was here, would it automatically have downloaded to my computer? therfore...if i was reading this AFTER the warning....wouldn't it have been too late to prevent it? Well, the OP suggested that the affected sites was "geocaching.com" (of course, there's several servers behind that address) rather than "forums.Groundspeak.com", which is another server or servers. However, this does show up the difficulties in trying to micro-manage someone else's security problems. I think the best course of action would have been to contact Groundspeak directly. If people are going to post alerts of this kind, maybe the "Geocaching.com Web Site" forum would be a better choice, so that non-UK people could also be informed. That's what this person just did - with, of course, another false positive. In fact I would assume that 99% of such alerts are likely to be false alarms; and since the effects of the other 1% are more likely to be "meh" than "world to end", perhaps the whole thing isn't worth the bother. The whole "anti-virus thing" is predicated on the following assumptions (which, in what may or may not be a coincidence, seem to closely follow the anti-terrorist policies of many governments): - If any virus gets in, you will be immediately screwed to the tune of several thousand dollars/pounds at least; more likely, you and your family will either die, or have to live on the street for ever. - Only our product can protect you, and it is reliable, and it is able to detect all the threats out there. - Now that our product is on your PC and is not calling out any problems, your PC is currently virus-free. Every single one of these is, of course, outrageously false, but somehow their marketing model works anyway; many people spend more over the lifecycle of their PC on anti-virus software, than they do on the copy of Windows which it runs. Nice work if you can get it, I suppose. (Exercise: if anti-virus software worked, why doesn't Microsoft build the technology into Windows?) Link to comment
+kewfriend Posted January 3, 2008 Author Share Posted January 3, 2008 As I said before - "devil & deep blue sea". To be fair to CA this was the first false positive for me in six years. In normal circumstances contacting GC.COM directly would have been right, but it was New Year's Eve which seemed a prime time to dump an infection on a popular server. CA has indeed isolated at least one nasty drive-by Trojan for me placed innocuously on one of the London tourist websites - so it does happen. I understand exactly where sTeamTraen is coming from, but I suppose one cannot hope for more than intelligent watchfulness. I thank those that responded so quickly to identify this as a false positive - and CA had shipped out the correction within 3 hours (must have been a few red faces around there methinks!). Link to comment
spidym Posted January 5, 2008 Share Posted January 5, 2008 One of the big problems with antivirus today, is that if you do very frequent updates (such as, daily), then how long do you spend testing the update? So AV companies are caught in a dilemma; update frequently with insufficiently-tested updates, or update insuffiently frequently, but have better testing. I still think its the AV companies that make most of the dadgum viruses in first place..... how else would they sell there latest products.... Link to comment
Lactodorum Posted January 5, 2008 Share Posted January 5, 2008 I think the time has come to draw this discussion to a close. I doubt the last statement can be substantiated so now's the time to stop. Link to comment
Recommended Posts