Global Friends Online

Please login or register.

Login with username, password and session length
Pages: [1] 2   Go Down

Author Topic: Trojan detected on Fusion PTP page  (Read 2748 times)

0 Members and 1 Guest are viewing this topic.

danddwah

  • A legend in his own alternate reality
  • Global Program Owner
  • Global Family
  • ***
  • Offline Offline
  • Posts: 1148
    • WWW
Trojan detected on Fusion PTP page
« on: February 13, 2010, 03:24:44 am »
Whilst clicking just now on Polar Bear Clicks Deb has come across a fusionmails/pages/ptp.php ad which avast has identified as containing the JS:lllredir-L [Trj] Trojan Horse from http:// www .killer-six-pack-abs .com

It appears to be in the ptp rotator, not a 3rd party ad.
Dave
Logged

Craig

  • Global Moderator
  • Global Family
  • *****
  • Offline Offline
  • Posts: 3769
  • Chief Numpty!!!!
Re: Trojan detected on Fusion PTP page
« Reply #1 on: February 13, 2010, 08:32:11 pm »
Thanks for the heads up  :)
Logged

anyyan

  • One World, One Dream
  • Global Program Owner
  • Global Buddy
  • ***
  • Offline Offline
  • Posts: 223
    • WWW
Re: Trojan detected on Fusion PTP page
« Reply #2 on: February 14, 2010, 07:19:51 pm »
I've noticed it in abuse report center. But i use Karspersky and it doesn't detect anything. Anyone else? More input would be appreciated.

tulp

  • Global Family
  • *****
  • Offline Offline
  • Posts: 1595
Re: Trojan detected on Fusion PTP page
« Reply #3 on: February 15, 2010, 12:23:47 pm »
I just got this page in rotation ... Fusionmails upgraded PTP page ...

File name: http://www. killer- six- pack- abs.com/
Malware-name: JS:Illredir-L [Trj]
Malware-type: Trojan Horse
VPS version: 100214-0, 14-02-2010

it alarmed my Avast ...
Logged

donkey ~ OAP ~ no-minimum ~ tier1/2OAP ~ pointOAP ~
I am surfing for PTP credits at: SAS ~ Hogshollow ~ Beachparty ~ Pay4surf

tulp

  • Global Family
  • *****
  • Offline Offline
  • Posts: 1595
Re: Trojan detected on Fusion PTP page
« Reply #4 on: February 15, 2010, 12:56:30 pm »
There are more websites infected by this Trojan family ... it are all ill redirects in JavaScript that makes it very easy for hackers to put their own code on the website.

Quote
12.2.2010 - 100212-0

JS:Downloader-LT [Trj], JS:Illredir-L [Trj], JS:MalHead-CX [Trj], PHP:Redirector-Q [Trj], Win32:Agent-AJDH [Trj], Win32:Agent-AJDI [Trj], Win32:Agent-AJDJ [Trj], Win32:AutoRun-BFH [Trj], Win32:Bancos-BLH [Trj], Win32:Banker-GLP [Trj],

it is added to the Avast Database the 12th of this month.
Logged

donkey ~ OAP ~ no-minimum ~ tier1/2OAP ~ pointOAP ~
I am surfing for PTP credits at: SAS ~ Hogshollow ~ Beachparty ~ Pay4surf

wagdoll

  • Global Family
  • *****
  • Offline Offline
  • Posts: 660
Re: Trojan detected on Fusion PTP page
« Reply #5 on: February 15, 2010, 02:26:47 pm »
Edited

« Last Edit: March 09, 2010, 09:33:21 pm by wagdoll »
Logged

tulp

  • Global Family
  • *****
  • Offline Offline
  • Posts: 1595
Re: Trojan detected on Fusion PTP page
« Reply #6 on: February 15, 2010, 06:18:39 pm »
I found an informative blog written by a website builder... that had the older version of this Trojan on the websites she built. (-B version) http://www.zyenweb.com/2009/12/30/trojan-attack-jsillredir-b-trj/
Logged

donkey ~ OAP ~ no-minimum ~ tier1/2OAP ~ pointOAP ~
I am surfing for PTP credits at: SAS ~ Hogshollow ~ Beachparty ~ Pay4surf

wagdoll

  • Global Family
  • *****
  • Offline Offline
  • Posts: 660
Re: Trojan detected on Fusion PTP page
« Reply #7 on: February 16, 2010, 01:09:01 am »
Edited
« Last Edit: March 09, 2010, 09:33:01 pm by wagdoll »
Logged

tulp

  • Global Family
  • *****
  • Offline Offline
  • Posts: 1595
Re: Trojan detected on Fusion PTP page
« Reply #8 on: February 16, 2010, 08:05:19 am »
I found an informative blog written by a website builder... that had the older version of this Trojan on the websites she built. (-B version) http://www.zyenweb.com/2009/12/30/trojan-attack-jsillredir-b-trj/

The code she's showed on there is very similar or identical to what was on the killer abs site under the closing tag. It's important to look for things like that even if your particular AV doesn't give any alert.

I would go so far as to say it's rarely a good idea for any site to accept a page that contains any obfuscated or encrypted javascripts because 1) you don't know what they're hiding; 2) they are likely to be used to cover up malicious codes, whether that is autosearches or trojans.  One of the injection trojans a few months ago even masqueraded as a yahoo tracking code just because that was an easy way to slip the obfuscated code right past the website owner's eyes  - the lesson there I feel is to be suspicious of anything that you can't see what it's doing, be it an iframe or an obfuscated javascript.

As it is a trojan... it can even be that the code wasn't there when a PO accepted the page... if another web site hosted on the same server had the code, it can infect all other websites on that server!

In an ideal world ... a PO should, when a trojan like this is reported... immediately take action and stop the advertising! Then inform the hosting company ... and that hosting company should inform all other website owners hosted on the same server to check their websites and give them instructions how to remove this code if it is on their website too....

In real world ... it takes a real long time before action is taken ... giving the trojan opportunity to spread itself further and further ... Hosting companies don't have a clue ... and even if they have they are afraid to be blamed!
Logged

donkey ~ OAP ~ no-minimum ~ tier1/2OAP ~ pointOAP ~
I am surfing for PTP credits at: SAS ~ Hogshollow ~ Beachparty ~ Pay4surf

soph142

  • Global Buddy
  • ***
  • Offline Offline
  • Posts: 164
  • Sea all round and I don't eat fish
Re: Trojan detected on Fusion PTP page
« Reply #9 on: February 16, 2010, 01:46:47 pm »
On my browser
I have both
Enable Java Script
and
Enable Java
allowed
From memory, I only need 1 ticked (don't use Java at all)
So I am going to disable
Enable Java
Is this the right thing to do?

soph  :dance:


Logged

tulp

  • Global Family
  • *****
  • Offline Offline
  • Posts: 1595
Re: Trojan detected on Fusion PTP page
« Reply #10 on: February 16, 2010, 06:24:38 pm »
I think you mean that you don't need Javascript... but with disabling that you cannot see turing numbers, fill in lots of forms and many more things... so that is not the solution... So most programs where you are a member will need Javascript enabled on your computer... Next to that Javascript is used for a lot of ads on the sites.... so without Javascript PO's won't earn money and that is what they need in order to be able to pay you.


Logged

donkey ~ OAP ~ no-minimum ~ tier1/2OAP ~ pointOAP ~
I am surfing for PTP credits at: SAS ~ Hogshollow ~ Beachparty ~ Pay4surf

wagdoll

  • Global Family
  • *****
  • Offline Offline
  • Posts: 660
Re: Trojan detected on Fusion PTP page
« Reply #11 on: February 17, 2010, 02:55:30 am »
Edited

« Last Edit: March 09, 2010, 09:32:34 pm by wagdoll »
Logged

tulp

  • Global Family
  • *****
  • Offline Offline
  • Posts: 1595
Re: Trojan detected on Fusion PTP page
« Reply #12 on: February 17, 2010, 08:21:43 am »
If you use CCleaner after every surf session ... it will remove all temporary files of Java ... that is where all Java viruses (if not detected by an updated virusscanner) will be stored.

With Firefox ... the addon NoScript is needed for save surfing ... you can then choose what site is allowed to use JavaScript and/or Java 
Logged

donkey ~ OAP ~ no-minimum ~ tier1/2OAP ~ pointOAP ~
I am surfing for PTP credits at: SAS ~ Hogshollow ~ Beachparty ~ Pay4surf

iamannoyed

  • Guest
Re: Trojan detected on Fusion PTP page
« Reply #13 on: February 18, 2010, 04:19:21 am »
was just coming to report this....a day late and a dollar short.  oh well
Logged

tulp

  • Global Family
  • *****
  • Offline Offline
  • Posts: 1595
Re: Trojan detected on Fusion PTP page
« Reply #14 on: February 18, 2010, 09:06:27 am »
I've noticed it in abuse report center. But i use Karspersky and it doesn't detect anything. Anyone else? More input would be appreciated.

Wow...it is 18th already.... And this page is still around??? What input does Anyyan need? ...  :scared:
Logged

donkey ~ OAP ~ no-minimum ~ tier1/2OAP ~ pointOAP ~
I am surfing for PTP credits at: SAS ~ Hogshollow ~ Beachparty ~ Pay4surf
Pages: [1] 2   Go Up
« previous next »
 



That Animal Site | Need extra money for personal spending? | Used Paperback Books | Tri-Peak Solitaire