[Atli]

BenignDesign, on 02 August 2012 - 03:35 PM, said:

Scan is now 96% complete. Troj/JavaDl-LE detected and quarantined.

Hmmm. Avast just found "Java:Bitcoin-A [Trj]" on my laptop. I wonder if these scumbags managed to infect it through those redirects.

It's the first virus I've found on any of my computers for like 8 years

[JackOfAllTrades]

BenignDesign, on 02 August 2012 - 09:49 AM, said:

haha. It's my work machine. Lenovo ThinkPad running Sophos Endpoint Security, aka "The Bloat". It slows EVERYTHING down. Still sitting at 2%. Maybe we'll have a result by next Thursday.

Ah yes. Often find myself fighting that shit on friends' computers.

/Very happy to be running OS X, even knowing it's not immune to these things.

[jared.deckard]

JackOfAllTrades, on 02 August 2012 - 10:45 AM, said:

/Very happy to be running OS X, even knowing it's not immune to these things.

http://ideone.com/6Jm1u

var d=["Win",1,"Mac",2,"Linux",3,"FreeBSD",4,"iPhone",21.1,"iPod",21.2,"iPad",21.3,"Win.*CE",22.1,"Win.*Mobile",22.2,"Pocket\s*PC",22.3,"",100];

Looks like they've got you covered.

[Dogstopper]

Unless you don't have the Sun JDK installed, which most Macs don't.

[jared.deckard]

Here is the source of the attack page with some extra new lines and tabs for clarity: http://ideone.com/EjDDL

version:"0.7.7",
rDate:"04/11/2012",
name:"Saigon",

A version number and revision date... Looks like its still in beta. (and they're on summer holiday )

[AdamSpeight2008]

Wasn't the attack vector an vulnerability in the Adobe Flash / PDF Reader software in the browser.

[Skydiver]

Thanks for that link. Yup, that code must still be in beta because no compression and obfuscation has been applied to it yet.

I'm more curious about the exploit that actually did the SQL injection. It sounds like the quick fix was to change the permissions of a file, but that means that the SQL injection hole is still present, and what was fixed was just to prevent the exploit from getting too far.

[Dogstopper]

It probably did a SQL injection from the administrative side, which, as many of you pointed out may not filter input (because why would admins hack us). This would make the most amount of sense.

[strawhat89]

Was there another attack over the weekend? Because unless I have gone completely crazy, there is a thread missing in the Lounge. The one about the mother who breast-feeding(?) video is all over the net.

[macosxnerd101]

There wasn't an attack of which I was aware. I'll ask about this particular thread.