Jump to content
Sign in to follow this  
Guest s13r

NS - Trojan horse - WHAT THE GOSH?

Recommended Posts

man it will be your browser that is infected and that will probably popup for every side?

 

download malwarebytes anti-malware

 

also check your java is up to date should be version6update21

Share this post


Link to post
Share on other sites

Yep i got that one pop up on my laptop yesterday, also got one on my pc the other day that killed it... thinking it was from here also. Waiting to get my pc back from a mate :(

Share this post


Link to post
Share on other sites

Just had this. Only occurs when I load pages on NissanSilvia.com. It gets picked up in the HTTP packets from NS.com. Doesn't happen on any other site.

 

What's going on?

Share this post


Link to post
Share on other sites

I'm using Mac based OS on my iPhone it's Trojan proof ;) phew!

Share this post


Link to post
Share on other sites

I'm using Mac based OS on my iPhone it's Trojan proof ;) phew!

hahahaah

bs!

Share this post


Link to post
Share on other sites

Hey so far so good this shit will only happen on android or Windows :ph34r:

Share this post


Link to post
Share on other sites

Hey so far so good this shit will only happen on android or Windows :ph34r:

ur making the assumption that u would detect a virus, haha

 

and security though obsecurity?

Share this post


Link to post
Share on other sites

I use advast and it detects an blocks both these Trojans from this site. Only this site has an issue. So yeah. Your not alone

Share this post


Link to post
Share on other sites

Its from one of the Advertisers.. But we dont know which ones.. If any one could track it down when they see it, it would be appreciated.

Share this post


Link to post
Share on other sites

No point getting angry dude...

 

 

Though i do agree it is very poor form to allow this site to continue to infect it's members!

It has been happening for quite a while now, as i got my first few warnings maybe a week ago now and its frankly unacceptable for a "professionally run/designed site".

 

How hard is it to seriously sit down and nut out who the culprits are - asking site visitors to sort out your IT problems is a little lame.

 

If i pulled this rubbish with any of my clients' networks i would be hung out to dry!

 

*Edit -

 

One source: engineboot.co.cc/news/js.php (IP: 91.204.48.50)

Share this post


Link to post
Share on other sites

funnily enough a trogan killed my girlfriends laptop on October 24 after I logged on for about 5 minutes and also went to read two previously read emails on hotmail. I borrowed her laptop for 10 minutes and bam it gets a virus the first time that laptop has visited ns.com............................I was not a popular fellow:wtf1: :wedgie::whack::rant::angry: to say the least. Thanks ns.com, I do love you but jeez you piss me off sometimes.

Share this post


Link to post
Share on other sites

Bored so here is info from the first packet that kicks off communications with the domain hosting the exploit:

 

GET /get/index.php?up=disabled&author=ReadyToRide&db=image&catid=187&vid=img HTTP/1.1

Host: engineboot.co.cc

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:9.9.9.9) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 9.9.00000)

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-gb,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 115

Connection: keep-alive

Referer: http://nissansilvia.com/

 

Site users can add the IP address 91.204.48.50 or domain name engineboot.co.cc to firewalls to block traffic with the domain until NS gets it shit together.

Share this post


Link to post
Share on other sites

I got a warning also. But have suffered nothing as a result of the what ever it is to date. I don't think it's uber malicious.

Share this post


Link to post
Share on other sites

got a threat blocked by AVG today:

 

file: cpuconsulting.co.cc/news/js.php

threat: exploit javascript cbfuscation (type 1512)

Share this post


Link to post
Share on other sites

My programs don't pick up anything =\ I'm using Firefox with limited scripting options enabled..

What browser are you guys that had something detected using?

 

 

A trojan picked up just by surfing the web will have limited powers anyway due to the sandbox nature of java code anyway as the code is essentially in a box of its own, isolated from the computer it runs on. There are exceptions though but its doubtful that it would be overly malicious?

Still, it shouldn't be occurring with a site like ns.com... That's pretty slack picking up advertisers that do this sort of thing

Share this post


Link to post
Share on other sites

I'm using firefox with AVG free antivirus.

 

Have had threats quite a few times. Twice so far today, probably at least 10 times recently.

 

I don't know if that ones anything serious, but a definite answer regarding the issue would be nice.

Share this post


Link to post
Share on other sites

Might be to late for you guys...

 

 

I had to do a fresh install the other week after the trojans finally one, since the fresh install not one warning or anything yet....

 

FF3 & Avast im using. and was previously using..

Share this post


Link to post
Share on other sites

MASSIVE PIC

mmkCK.png

That's what Chrome is giving me at the moment

Edited by kaul_

Share this post


Link to post
Share on other sites

I'm running firefox + Sophos Antivirus. My browser doesn't detect it, my antivirus software does, and it only happens intermittently, maybe 5-6 times since i made an account.

Share this post


Link to post
Share on other sites

Can we get an answer from the moderators maybe as to what has been done? I went on ns on a mates computer and his firewall picked up malware as well from ns.com

Share this post


Link to post
Share on other sites

i installed avg just for this issue and it hasnt detected a thing

Share this post


Link to post
Share on other sites

I love how this issue still has NOT been resolved. Or even addressed.

 

It is being addressed, and being investigated.

Share this post


Link to post
Share on other sites

I love how this issue still has NOT been resolved. Or even addressed.

 

It is being addressed, and being investigated.

 

The issue is that NS.com users are experiencing some kind of infection via the site.

For the issue to be addressed these users need to receive some kind of notification.

There had been none until now, when you said something and thereby addressed the issue.

Apologies anyhow for being pushy.

Any information on it so far?

Share this post


Link to post
Share on other sites

I don't know any details, as i'm not a developer. All i know is that it's being looked into :thumbsup:

Share this post


Link to post
Share on other sites

The virus isnt from NS.com itself, it would be from the adds hosted on the site, or by the site being hacked.

Share this post


Link to post
Share on other sites

The virus isnt from NS.com itself, it would be from the adds hosted on the site

bingo!

Share this post


Link to post
Share on other sites

This site works fine on my comp, using google chrome, xp and bitdefender for AV. But when i went on this site on my missus comp, it totally fkd it up, lol. The trojan deleted an 'explorer.exe' file in the windows directory i think which allows the computer to run on startup, without this file, u cant see anything except ur wallpaper from what i remember.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×