| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 51418 | 2004-11-20 07:12:00 | "Bofra Worm Sets Trap For UnWary" | Terry Porritt (14) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 294240 | 2004-11-20 10:21:00 | Looks like they've fixed it now | Stumped Badly (348) | ||
| 294241 | 2004-11-20 10:36:00 | Its not fixed yet. I went in there just now and avast started bleating about bofra. | gerrypics (323) | ||
| 294242 | 2004-11-20 10:41:00 | I tried it using IE, download the page, scanned with AVG 7, no infection found on the page or computer. I did notice however, that my machine rane xtremly slow for about 10 mintues after viewing the page. |
mr_rix (5375) | ||
| 294243 | 2004-11-20 10:47:00 | The link in Terrys post #1 "the register" needs disabling | gerrypics (323) | ||
| 294244 | 2004-11-20 12:23:00 | Just did a bit of testing. The problem is not with the register but another site they link to for advertising/tracking. When you load the register it gets some javascript from falkag.net. I assume it is for tracking because the images it generates are invisible. The JS is heavily obfuscated so I don't know what it actually does. I might have a closer look tomorrow with a debugger. The end result from running the JS is a hidden iframe in the top level window that loads an html file from http://199.107.184.146 (I won't link it). This is the file that triggers AVG and looks very dodgy. Anyone still using IE should block *.falkag.net. |
bmason (508) | ||
| 294245 | 2004-11-20 13:29:00 | I came across something similar on (I think) the same site a few days ago. I disconnected before anything could finish downloading; one advantage of slow dialup. Vince | Vince (406) | ||
| 294246 | 2004-11-20 13:44:00 | > Are these rewrites or is the info on SP2 having less > vulnerabilities just spin? Or is it a case of IE > being that bad that even SP2 can't compensate for all > the rubbish it attracts. > > Murray P Sorry murray, IT IS a case of IE being that bad that even SP2 CANT, NOT NO WAY , compensate for all the rubbish it attracts. The time between discovery of a fault and exploitation is now measurable in hours. Microwrought have upset too many of the wrong people. this problem is here for ever. Longhorn will never fix it, unless it is a completely new O/S from the ground up, which it isnt, so look forward to more of the same. Mandrake ,Debian, Suesse, Redhat, flip a coin and solve the problem. D. |
drb1 (4492) | ||
| 294247 | 2004-11-21 20:03:00 | www.theregister.co.uk Seems one of their Ad Servers was infected, hence the bug only affecting some people. |
ninja (1671) | ||
| 294248 | 2004-11-22 05:52:00 | The register has a message about it here (www.theregister.co.uk). I wonder how many people were infected. I'm sure Falk serve much more than just el reg. |
bmason (508) | ||
| 294249 | 2004-11-22 07:16:00 | They say XP with SP2 and IE was not affected, but that was what I was using, whereas Firefox was immune. | Terry Porritt (14) | ||
| 1 2 3 | |||||