Viral Warning, Pyracy forums?

[Calico Jack]

Ahoy, folks. I've been safe running Firefox with a script wall, but folks running IE have been catching trojans off https://pyracy.com/forums/ - I don't know whether it's been hacked into the page script, or by way of the embedded adverts. Just something to beware and be aware.

I've few details except that the problem has completely shut down the machine, has come via IE, and has made it past Avast virus security; also of course that it came straight off the main page.

[Raphael Misson]

I've seen warnings on some computers using Firefox and not others. I thought it might just be a problem with the computer, but this suggests otherwise. I'll report it to the powers that be.

[pyrateleather]

I experienced this... tried to log-in on Saturday morning and my McAffee scanner popped up saying a virus was detected.

[Red Cat Jenny]

This is a HACK

It is a torrent downloader from Europe.

A torrent is a program that allows streaming, most often used to download pirated movies and software.

Partial file name is

AND DO NOT CLICK THIS LINK

http://sum4count.net/strong

It is likely from the lovely folks who hack and are able to post as non members.

ADMIN - Please look into this because it is rendering many computers compromised.

If your PC has slowed down, this may be why. No offense to the admin. These things are malicious and often hard to detect.

The intRAnet virus softeware at my job is the only one that caught it. It freezes the whole pc because part of the program disables Task managers ability to shut down the page.

I haven't found much info in English on Google because I don't have the entire filename. Which I will get when I go back to work tomorrow.

[D.Patrick Burke]

I had a run in with said Trojan, and though I was able to erradicate it after downloading the latest Macaffe, there has been damage left in it's wake. As of yet, I am unsure if I will be able to regain what was lost. Since the upload, ( back in July ), McAffee has on more than one occassion flagged on the Pub that a virus had been blocked.

[Rumba Rue]

This is what the Admin. Booty says:

Last time this happened, the users notifying us had picked up malware somwhere else and it was inserting infective URLS into their browsing streams. I've passed this info to Buckets to look into, since that's backend-type stuff.

I haven't heard anything else yet.

I strongly suggest that you make sure all your security stuff is updated EVERY DAY! Also, you might want to switch your browser to MOZILLA FIREFOX, as the security on that program is terrific and the browser is just better.

[Rumba Rue]

Capt. Grey posted this at our Star Wars site and wanted to pass it on.

Please all read (this has been sent to our Admins.):

SAN FRANCISCO, California (AP) -- A giant vulnerability in the Internet's design is allowing criminals to silently redirect traffic to Web sites under their control.

The problem is being fixed, but its extent remains unknown and many people are still at risk.

The gaping security hole enables a scam that targets ordinary people typing in a legitimate Web address. It happens because hackers are now able to manipulate the machines that help computers find Web sites.

If the trick is done properly, computer users are unlikely to detect whether they've landed at a legitimate site or an evil double maintained by someone bent on fraud.

Security experts fear an open season for virus attacks and identity-fraud scams.

"It's kind of like saying, `There's a bunch of money on the street. If you can get over there soon enough, you can get it,"' said Ken Silva, chief technology officer for VeriSign Inc., which manages the ".com" and ".net" directories of Internet addresses. "It's something the industry is taking seriously. You'd be in a bad place if you weren't doing something about it."

The bug's existence was revealed nearly a month ago. Since then, criminals have pulled off at least one successful attack, directing some AT&T Inc. Internet customers in Texas to a fake Google site. The phony page was accompanied by three programs that automatically clicked on ads, with the profits for those clicks flowing back to the hackers.

There are likely worse scams happening that haven't been discovered or publicly disclosed by Internet service providers. "You can bet that the (Internet providers) are going to stay tightlipped about any attacks on their networks," said HD Moore, a security researcher.

The AT&T attack probably would have stayed quiet had it not affected the Internet service of Austin, Texas-based BreakingPoint Systems Inc., which makes machines for testing networking equipment and has Moore as its labs director. He disclosed the incident in hopes it would help uncover more breaches.

The underlying flaw is in the Domain Name System (DNS), a network of millions of servers that translate words typed into Web browsers into numerical codes that computers can understand.

Getting from one place to another on the Internet typically requires a trip through several DNS servers, including some that accept incoming data and store parts of it. That opens them up for potential attack.

What this means is that a computer user in say, San Francisco, might type www.yahoo.com and head straight to the real Yahoo site, while at the same moment, a user in New York -- whose traffic is routed through different DNS servers -- might type that same Web address and end up on a phony duplicate site.

Scant details have been available about how the vulnerability works.

The researcher who discovered it, Dan Kaminsky of Seattle-based computer security consultant IOActive Inc., announced July 8 that he'd found a major weakness in DNS.

But he kept the rest secret because he wanted to give companies that run vulnerable servers a month to apply patches -- software tweaks that cover the security hole. He coordinated with Microsoft Corp., Cisco Systems Inc., Sun Microsystems Inc. and other major vendors to simultaneously issue patches.

He got two weeks before bad guys and good guys alike accurately guessed the basics of what Kaminsky discovered.

It is this: By adding bad information to the packets of data zooming in and out of certain DNS servers, hackers can swap out the address of a legitimate Web site and insert the address of their malicious Web site instead.

A compromised server believes it's sending people to the authentic site. And if the bogus site is designed well enough, users don't know the difference, unless the site starts behaving weirdly.

Some clues might come if a page, like a banking Web site, is usually protected with Secure Sockets Layer, or SSL, which verifies a site's owner and shows a padlock icon or a green address bar inside the Web browser. The padlocks in particular, however, are not always foolproof, because scammers can spoof them.

Just how widespread the attacks have been is hard to tell. The evidence of tampering can disappear before an Internet provider even learns there's a problem.

The patching of DNS servers has accelerated. Kaminsky said 84 percent of the servers he tested at the beginning of the process were vulnerable. That has dropped to around 31 percent.

Still, Kaminsky said some administrators of computer networks might not patch their machines until they come under attack. Others didn't patch immediately because they had to spend days or weeks testing the repairs.

That was the case with AT&T, which said the breach affected just one of its servers, a machine that was scheduled to be taken off line anyway. AT&T says it has fixed the problem.

More details about the vulnerability are expected to emerge Wednesday, when Kaminsky speaks at the Black Hat computer security conference in Las Vegas. The conference and its sister event, DefCon, draw researchers, government investigators and corporate executives eager to learn about new vulnerabilities and how to protect against them.

"There might be one or two things that haven't leaked yet," Kaminsky said with a snicker. "No one should even think they know the subject of the talk."

DNS attacks aren't new. But Kaminsky discovered a way to link together some widely known weaknesses in the system, so that an attack that would have taken hours or days can now take only seconds.

"Quite frankly, all the pieces of this have been staring us in the face for decades, and none of us saw it until Dan put it all together," said Paul Vixie, president of the Internet Systems Consortium, a nonprofit that publishes the software inside most of the world's DNS servers.

"This is the mother lode all right, from the point of view of Internet criminals looking for easier access to other people's money and secrets."

[Rick Skinner]

I experienced this... tried to log-in on Saturday morning and my McAffee scanner popped up saying a virus was detected.

Ditto.

[Red Cat Jenny]

OK I HAVE THE MALICIOUS FILENAME

It is mp9[1].htm

You may find it in your temp files.

I found it here

C:\Documents and settings\insert your widows usernsame\local settings\Temporary Internet Files\Content.IE5\L8Y2TXWE\mp9[1].htm

Noodling in your computer is at your own risk.

[D.Patrick Burke]

Just thought I would offer a heads up....

Upon queing the Pub, McAffee threw imediate flags, three in a row:

"JS Downloader BLZ" and "JS Exploit..." ( I did not catch the full Id on the second one.)

When I went from main screen to one of the sub-screens, it flagged twice.

It only seems to happen when I am here. ( And I do alot of research on many sites. )

Be careful out there, kiddies.

[Red Cat Jenny]

To add to my earlier refs

see what threatexpert has to say

http://www.threatexpert.com/report.aspx?ui...a1-ccf7fb70dc82

read the whole page you will see the sum4count ref

I know we have more than one IT pyrate out there...

What say you guys?

[Red Cat Jenny]

UPDATE

sum4count * dot * net/strong <This is a malicious site - do not go there

which my virus protection at work keeps hitting on from here..

analysis shows it sends out trojan downloaders

McAFee Site Advisor

[blackjohn]

I (more or less) stopped coming here once my work PC gave me a virus warning. I did check a couple times from home after that, and it kept doing the same.

Now.... TADA! It seems we a virus free!

Thanks to Stynky!

[Stynky Tudor]

When I recovered the downed Pub - I found more than one piece of malicious ware living in the old message board system directories.

Thanks for the pat on the back, but this kind of stuff is always a possibility and everyone should keep their anti-virus & firewall software up to date.

This new message board software should close most the security holes due to the board and the new server I moved everything to should help close up the rest. That being said - nothing is bullet proof - so take care of yourselves.

- Stynky

I (more or less) stopped coming here once my work PC gave me a virus warning. I did check a couple times from home after that, and it kept doing the same.

Now.... TADA! It seems we a virus free!

Thanks to Stynky!

[Cpt Sophia M Eisley]

This is what the Admin. Booty says:

Last time this happened, the users notifying us had picked up malware somwhere else and it was inserting infective URLS into their browsing streams. I've passed this info to Buckets to look into, since that's backend-type stuff.

I haven't heard anything else yet.

I strongly suggest that you make sure all your security stuff is updated EVERY DAY! Also, you might want to switch your browser to MOZILLA FIREFOX, as the security on that program is terrific and the browser is just better.

Last time that happened I was using my home laptop. I still can't get the trojan off of it, and haven't used it for months (I use my IMac now).

[Rumba Rue]

I knew there was a virus in the old stuff and I kept telling Booty there was and she kept telling me that everything checked out ok!!!

I felt so fustrated here, because I couldn't fix the things that were wrong and people constantly sending me PM's asking why, what and when. For over two and a half years I had to deal with upset Pub people, who have suffered with no chat room, no gallery, no Moderator report buttons working, not being able to stop the spam and on and on. So for me personally, I am glad things have been put into more capable hands of a better pirate.

[Silkie McDonough]

Thanks for your patients Rumba. Must have been tough. Well, let's hope we can ...I use the term "we" very loosely ...can keep this place running smoothly.