Virus

[Seamus Fermanagh]

Moderators:

For the first time, ever, on this site, my virus detector went off. A redirect-type virus attempted access as I replied to the Ghengis Khan thread. Is the site at risk?

Seamus

[master of the puppets]

...wait thats my thread!!! DO I HAVE A VIRUS (cough cough...ACHOO) OH NO *takes temperature*

ok enough funning but do i really have a virus? srry i suck at computers so i need to know can i infect people by posting?

[Gregoshi]

I'm going to move this to the Watchtower.

[TosaInu]

This is in the Monastery?

[Gregoshi]

Yes, this apparently was in the Monastery.

[barocca]

i have never heard of a redirect virus

i do KNOW DNS servers can be poisoned, but the user would never know of it

poisoning a DNS server involves exploiting a backdoor in some early versions of DNS software that are STILL being used by some idiotic providors,
the DNS table is then edited to force either a jump to, or a pop up to a website containing pages that exploit known security breaches in browsers to download trojans,
often the popup is a self kill, meaning it will popup and vanish in less than a second, (blink and you'll miss it)

highly unlikely that the Org servers have been exploited,

more likely the patron got hooked by a poisoned DNS server and EVEN THEN it is NOT a redirect virus, it is merely a hacked DNS table, the only warning the patron would get is IF he had an unpatched web browser AND the "jump" site attempted to download a trojan onto his system, and even then the warning would be for a trojan, not a redirect virus,

the patron either has a virus on his own machine, or his claim is a false alarm generated by his virus scanner and (in that scenario) MOST LIKELY one of the ads on our pages attempted to load a popup and that most likely triggered his AV


i will however investigate further
B.

[barocca]

a quick search of my encyclopedia reveals 4 or 5 virus called "redirect" from circa 2002

also a few worm virus (may 2005) that hijack browsers, mostly they rely on unpatched browsers and the user must visit a website that has the corrupted java files in order to install the hijack in the first place
(meaning he did not get it from the org, nor could anything done at the org trigger a "hijack")

in a similar vein there are some that force IE to change to one of a set of homepage's that use exploits to download trojans
(again - not "catchable" from the org)

if anyone can get more details from him then i can be more specific
but whatever is happening to him, it is not the Org's nor the Hosts fault

cheers,
B.

[Seamus Fermanagh]

the patron either has a virus on his own machine, or his claim is a false alarm generated by his virus scanner and (in that scenario) MOST LIKELY one of the ads on our pages attempted to load a popup and that most likely triggered his AV.

My machine un-virused according to recent NAV. False alarm is a distinct possibility given the timing of the AV notification. Not being expert on such things, I merely responded so that someone more adept would become aware and handle it if necessary.

Thanks.

Seamus