What was the cause of the redirects?

  • (4 Pages)
  • +
  • « First
  • 2
  • 3
  • 4

54 Replies - 10177 Views - Last Post: 13 August 2012 - 10:11 AM

#46 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3637
  • View blog
  • Posts: 5,764
  • Joined: 08-June 10

Re: What was the cause of the redirects?

Posted 02 August 2012 - 10:21 AM

View PostBenignDesign, on 02 August 2012 - 03:35 PM, said:

Scan is now 96% complete. Troj/JavaDl-LE detected and quarantined.

Hmmm. Avast just found "Java:Bitcoin-A [Trj]" on my laptop. I wonder if these scumbags managed to infect it through those redirects.

It's the first virus I've found on any of my computers for like 8 years :/
Was This Post Helpful? 0
  • +
  • -

#47 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 5960
  • View blog
  • Posts: 23,235
  • Joined: 23-August 08

Re: What was the cause of the redirects?

Posted 02 August 2012 - 10:45 AM

View PostBenignDesign, on 02 August 2012 - 09:49 AM, said:

haha. It's my work machine. Lenovo ThinkPad running Sophos Endpoint Security, aka "The Bloat". It slows EVERYTHING down. Still sitting at 2%. Maybe we'll have a result by next Thursday.


Ah yes. Often find myself fighting that shit on friends' computers.

/Very happy to be running OS X, even knowing it's not immune to these things.
Was This Post Helpful? 0
  • +
  • -

#48 jared.deckard  Icon User is offline

  • New D.I.C Head

Reputation: 18
  • View blog
  • Posts: 46
  • Joined: 11-July 12

Re: What was the cause of the redirects?

Posted 02 August 2012 - 11:17 AM

View PostJackOfAllTrades, on 02 August 2012 - 10:45 AM, said:

/Very happy to be running OS X, even knowing it's not immune to these things.


http://ideone.com/6Jm1u
var d=["Win",1,"Mac",2,"Linux",3,"FreeBSD",4,"iPhone",21.1,"iPod",21.2,"iPad",21.3,"Win.*CE",22.1,"Win.*Mobile",22.2,"Pocket\s*PC",22.3,"",100];

Looks like they've got you covered.
Was This Post Helpful? 0
  • +
  • -

#49 Dogstopper  Icon User is offline

  • The Ninjaducky
  • member icon



Reputation: 2860
  • View blog
  • Posts: 10,964
  • Joined: 15-July 08

Re: What was the cause of the redirects?

Posted 02 August 2012 - 12:09 PM

Unless you don't have the Sun JDK installed, which most Macs don't.
Was This Post Helpful? 0
  • +
  • -

#50 jared.deckard  Icon User is offline

  • New D.I.C Head

Reputation: 18
  • View blog
  • Posts: 46
  • Joined: 11-July 12

Re: What was the cause of the redirects?

Posted 03 August 2012 - 01:31 PM

Here is the source of the attack page with some extra new lines and tabs for clarity: http://ideone.com/EjDDL
version:"0.7.7",
rDate:"04/11/2012",
name:"Saigon",


A version number and revision date... Looks like its still in beta. (and they're on summer holiday B) )
Was This Post Helpful? 0
  • +
  • -

#51 AdamSpeight2008  Icon User is offline

  • MrCupOfT
  • member icon


Reputation: 2216
  • View blog
  • Posts: 9,352
  • Joined: 29-May 08

Re: What was the cause of the redirects?

Posted 03 August 2012 - 02:03 PM

Wasn't the attack vector an vulnerability in the Adobe Flash / PDF Reader software in the browser.
Was This Post Helpful? 0
  • +
  • -

#52 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 3177
  • View blog
  • Posts: 9,632
  • Joined: 05-May 12

Re: What was the cause of the redirects?

Posted 03 August 2012 - 02:04 PM

Thanks for that link. Yup, that code must still be in beta because no compression and obfuscation has been applied to it yet.

I'm more curious about the exploit that actually did the SQL injection. It sounds like the quick fix was to change the permissions of a file, but that means that the SQL injection hole is still present, and what was fixed was just to prevent the exploit from getting too far.
Was This Post Helpful? 0
  • +
  • -

#53 Dogstopper  Icon User is offline

  • The Ninjaducky
  • member icon



Reputation: 2860
  • View blog
  • Posts: 10,964
  • Joined: 15-July 08

Re: What was the cause of the redirects?

Posted 04 August 2012 - 11:30 AM

It probably did a SQL injection from the administrative side, which, as many of you pointed out may not filter input (because why would admins hack us). This would make the most amount of sense.
Was This Post Helpful? 0
  • +
  • -

#54 strawhat89  Icon User is offline

  • The Watcher Outside Your Window


Reputation: 247
  • View blog
  • Posts: 1,795
  • Joined: 11-July 11

Re: What was the cause of the redirects?

Posted 12 August 2012 - 09:54 PM

Was there another attack over the weekend? Because unless I have gone completely crazy, there is a thread missing in the Lounge. The one about the mother who breast-feeding(?) video is all over the net.
Was This Post Helpful? 0
  • +
  • -

#55 macosxnerd101  Icon User is offline

  • Self-Trained Economist
  • member icon




Reputation: 10188
  • View blog
  • Posts: 37,629
  • Joined: 27-December 08

Re: What was the cause of the redirects?

Posted 13 August 2012 - 10:11 AM

There wasn't an attack of which I was aware. I'll ask about this particular thread.
Was This Post Helpful? 0
  • +
  • -

  • (4 Pages)
  • +
  • « First
  • 2
  • 3
  • 4