Informacja na 64digits

[PoxiPol]

Virus at the GMC

September 07, 2008

 

The following is taken from marb's blog warning:

 

The GMC currently has a virus that will run when you visit it, so don't. Apparently you are most vulnerable to it using IE, whereas Google chrome will warn you not to visit the site due to the malware detected. Fortunately most of you probably don't visit the GMC anyway, but this is just to let those know who do.

 

----

 

I looked into it a bit and have found the following:

 

Troj/Psyme-I AKA JS/Psyme is a VBS dropper Trojan that may be embedded in a malicious web page. When the trojanised web page is visited the Trojan gains access to the local file system using the ADODB stream ActiveX object vulnerability.

 

The virus is located in an iframe to the site rivatos.net, and google's diagnostic page on that site says the following:

 

Malicious software includes 7340 scripting exploit(s), 848 trojan(s). Successful infection resulted in an average of 28 new processes on the target machine.

 

Malicious software is hosted on 4 domain(s), including augreat.mine.nu, traffic-exchange.biz, aeovmukadh.com.

 

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including traffic-exchange.biz, augreat.mine.nu.

 

It infected 374 domain(s), including bernard-becker.com, dhammasara.com, mipt.ru.

 

Over the past 90 days, rivatos.net/ appeared to function as an intermediary for the infection of 1488 site(s) including rajshri.com, onlinebutik.ru, metropark.ru.

 

----

 

So in other words, don't go into the GMC for a while.

 

czy jest to na temat, naszego wspanialego forum? zdziwilo mnie to troche, ale moze sie okazac ze to nie ta strona :)

prosze o kommenty

[Ranmus]

GMC to Game Maker Community, a GMCLAN to GMCLAN.

[Nobody]

Norton nic nie wykrył gdy wchodziłem na forum przez Firefoxa...

[Ludzix]

czy jest to na temat, naszego wspanialego forum?

Akurat ono kogoś obchodzi XDDD

[Maximal]

To już bardziej prawdopodobne, że chodzi o gmc.com. ;p

[Marmot]

@Ludzix:

Jednak kogoś obchodzi, bo jak czytałem plany przebudowy jakiegoś forum clickowego, to w prawie każdym punkcie odwoływali się do GMCLANu :P . Bodajże Click Portal, ale pewności nie mam xd .

[Maximal]

Na NukeBoards ostatnio coś gadali o przeorganizowaniu całej sceny i rzeczywiście jako przykład był podawany GMClan, więc jest się z czego cieszyć. =)