Thread Detectedon D.I.C. - Thickbox.js trojan horse

  • (2 Pages)
  • +
  • 1
  • 2

15 Replies - 2357 Views - Last Post: 06 March 2013 - 04:15 PM

#1 CodeMonkee  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 12
  • Joined: 22-January 12

Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 05 March 2013 - 12:57 PM

I usually browse the web with scripts disabled, but I enabled them while posting to the Dream in Code forums. And immediately, my anti-virus software (Avast) popped up a red warning while re-loading page. They identified this script as a Trojan Horse.

dreamincode.net/search/thickbox.js?v=2

It happens every time I load any page on the Dream in Code forums (including this one). Is this a false positive - or does someone need to check into this?

Is This A Good Question/Topic? 0
  • +

Replies To: Thread Detectedon D.I.C. - Thickbox.js trojan horse

#2 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 9579
  • View blog
  • Posts: 36,293
  • Joined: 12-June 08

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 05 March 2013 - 12:59 PM

Which browser are you using?
Was This Post Helpful? 0
  • +
  • -

#3 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6110
  • View blog
  • Posts: 23,670
  • Joined: 23-August 08

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 05 March 2013 - 02:11 PM

Looks like a valid JS to me.

/*
 * Thickbox 3.1 - One Box To Rule Them All.
 * By Cody Lindley (http://www.codylindley.com)
 * Copyright (c) 2007 cody lindley
 * Licensed under the MIT License: http://www.opensource.org/licenses/mit-license.php
*/



Maybe an Avast false positive.
Was This Post Helpful? 0
  • +
  • -

#4 skyhawk133  Icon User is offline

  • Head DIC Head
  • member icon

Reputation: 1877
  • View blog
  • Posts: 20,284
  • Joined: 17-March 01

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 05 March 2013 - 02:51 PM

Not seeing any bad code in there. Anyone else seeing anything weird in that file?
Was This Post Helpful? 0
  • +
  • -

#5 jon.kiparsky  Icon User is offline

  • Pancakes!
  • member icon


Reputation: 8029
  • View blog
  • Posts: 13,741
  • Joined: 19-March 11

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 05 March 2013 - 02:58 PM

I'll take a look when I get home... it's one of the ones that's blocked by my company's security policy.
Was This Post Helpful? 0
  • +
  • -

#6 Ryano121  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1363
  • View blog
  • Posts: 3,002
  • Joined: 30-January 11

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 05 March 2013 - 03:07 PM

I'm not seeing anything wrong with that file. Plus my Avast has never detected it as a threat.
Was This Post Helpful? 0
  • +
  • -

#7 CodeMonkee  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 12
  • Joined: 22-January 12

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 06 March 2013 - 10:37 AM

Hmm. I'm still getting the pop-up warnings when I visit DreamInCode. The script isn't running -- Avast blocks it, and when I later scan my computer it doesn't identify any threats.

To answer your question, I'm using Firefox. And I was running the NoScript add-on, but it was when I disabled it for DreamInCode that Avast started issuing the pop-up about the threat. I'm using the latest version of Avast -- they just did a software upgrade -- so maybe that's how ThickBox got into their threat database. According to one site I found on my web, the malware version of ThickBox would leave a file on your hard drive. But that's about all the information I have.

Avast just popped up its warning again as I was posting that, and the warning also included this (for what it's worth).

Infection: JS:Iframe-UC [Trj]
Was This Post Helpful? 0
  • +
  • -

#8 macosxnerd101  Icon User is offline

  • Self-Trained Economist
  • member icon




Reputation: 10816
  • View blog
  • Posts: 40,320
  • Joined: 27-December 08

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 06 March 2013 - 10:38 AM

When was the last time you upgraded your browser? Make sure you are using the latest version.
Was This Post Helpful? 0
  • +
  • -

#9 Curtis Rutland  Icon User is offline

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 4577
  • View blog
  • Posts: 8,019
  • Joined: 08-June 10

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 06 March 2013 - 12:05 PM

It could be a false positive or a miscategorization by your company's scanning software. If you don't want to load certain files though, you can manually block them with extensions like adblock, noscript, or ghostery. I personally use ghostery to block all tracking scripts and widgets. Mine blocks about ten scripts/frames on each page.
Was This Post Helpful? 0
  • +
  • -

#10 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 9579
  • View blog
  • Posts: 36,293
  • Joined: 12-June 08

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 06 March 2013 - 12:52 PM

I agree with mac- I was getting a false positive until I upgraded my browser. I can't remember which version I was on, but I am on 19 now and no more false positive.
Was This Post Helpful? 0
  • +
  • -

#11 jon.kiparsky  Icon User is offline

  • Pancakes!
  • member icon


Reputation: 8029
  • View blog
  • Posts: 13,741
  • Joined: 19-March 11

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 06 March 2013 - 12:57 PM

Trouble is, that doesn't fix the problem for the rest of the world, either people like me who can't make those changes on a work machine or occasional visitors who aren't going to upgrade their browsers just to look at this site.
Was This Post Helpful? 0
  • +
  • -

#12 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 9579
  • View blog
  • Posts: 36,293
  • Joined: 12-June 08

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 06 March 2013 - 01:00 PM

I never said it was a panacea for all the issues, but I was just offering advice on (what worked for me) in eliminating a false positive for a benign script. It saved me the time of trying to reconcile who reported it to mozilla/avast/etc, what was tripping it, and where to submit reports, to those places, that this isn't a problem.
Was This Post Helpful? 0
  • +
  • -

#13 jon.kiparsky  Icon User is offline

  • Pancakes!
  • member icon


Reputation: 8029
  • View blog
  • Posts: 13,741
  • Joined: 19-March 11

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 06 March 2013 - 01:10 PM

Fair enough. I was just pointing out that relying on this and the other dozen scripts which are failing to load on my work machine might not be a shining example of best practice.
I don't know, I don't really do web sites, but this site really does seem to have pieces falling off of it right and left. At this rate, come summer I won't even be able to load DIC while I'm at work.
Was This Post Helpful? 0
  • +
  • -

#14 Curtis Rutland  Icon User is offline

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 4577
  • View blog
  • Posts: 8,019
  • Joined: 08-June 10

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 06 March 2013 - 02:05 PM

It really sounds more like an overly-aggressive content filter at your job than an issue with the site in this case. Thickbox isn't a trojan, so there's nothing DIC could really do about it now. They'd have to redevelop whatever is relying on it. I think you'll have to solve this one on your side. I agree that there's a lot of problems, but this probably isn't a site issue.
Was This Post Helpful? 0
  • +
  • -

#15 skyhawk133  Icon User is offline

  • Head DIC Head
  • member icon

Reputation: 1877
  • View blog
  • Posts: 20,284
  • Joined: 17-March 01

Re: Thread Detectedon D.I.C. - Thickbox.js trojan horse

Posted 06 March 2013 - 02:09 PM

I'm going to re-load that file on to the server as it does have some old code in it that's not in use anymore that did fire an iframe. But I agree, looks like a false positive.
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2