[gyrgrls]

If you are hijacked to this website,
hit your "back button".


This one seems to affect all web browsers,
on all platforms, and is infecting many websites.

DO NOT INSTALL THIS!

If you have been hit by this, please run HJT, and
check for tracking cookies, as well.

AVAST! caught this one, but Norton's didn't.

I run Firefox 2.0.0.20 over Windows 2000,
and Konqueror 3.1.2 over KDE (Redhat linux).

This is yet another web virus.

[gyrgrls]

Is the internet safe anymore?

[gyrgrls]

To clarify:

The site itself is just pushing 'spyware'.

But my browser was hijacked, and I was taken to this site..

I will do a log dump, if needed.
But a HJT log won't be necessary.

I already got rid of the trojan (which was written
in Javascript)


Just a "head's up"

[Phantom010]

Quote:

AVAST! caught this one, but Norton's didn't.

Are you by any chance running two AV at the same time?

Are you saying you were redirected to the site prompting you to scan for drivers? Uniblue is a legitimate company, are you sure it was spyware and not a false positive from Avast?

Do you have more info on the threat?

[gyrgrls]

OK, what I have so far is this:

0A432217665C09080000001A
(rest snipped)


Uniblue might be legit,
but how did I get redirected there, even
running Firefox, under Linux, with pop-up
blockers enabled?

Many legitimate sites exist, but the piggy-backers
will harvest them. It's sick, really.

I am not even blaming Uniblue.
I just resent the fact that my browser was hijacked.

One can hardly surf the web without Javascript enabled,
yet this is a gaping security hole..

The minimum requirement for online banking is 48 bit SSL,
yet many sites run JS, wide open..

Just a heads-up

P.S.: I can make a fake https:// website. It's easy, really.
I have also hacked Win 98 via plain HTML code,
just to show it could be done (although NT seems more robust).

I do this, because, as a Unix system administrator,
I demand security. I actually try to hack into my own system,
in order to find any holes.

But this new Javascript exploit is REAL.

It is hole in JS, and not in the web browser, itself.


Be well.

[gyrgrls]

OMG! I Can't believe it!
Marsha's site is still infected!

This is what it looks like,
in ASCII format: (it's not binary,
so It can't hurt you, displayed as-is,
as it is well obfuscated).

[Phantom010]

Thanks for the info!

[gyrgrls]

Ouch!

I didn't mean to post malicious code.
But it came through my browser, and AVAST!
complained loudly, upon reading my own post.


I fixed it.

I "x'ed out" the first few bytes,
thereby deliberately corrupting the code,
so it can't execute.

I am so sorry....

BTW:
I didn't write this little goody. Someone else did,
and it is infecting websites like crazy...

[SIR****TMG]

Thanks for the heads up