|
|
|
|
ktesibios
SFN Regular
USA
505 Posts |
 Posted - 11/21/2004 : 13:54:45
|
I'm posting this here because I know that some of the SFN emembers also frequent Bad Astronomy.
THE BAD ASTRONOMY SITE HAS BEEN HACKED.
The home page has been replaced with a page that very amateurishly attempts to induce the reader to download and run a supposed Windows update which is actually the W32/Sdbot.worm.gen worm. DO NOT CLICK ANY LINK ON THAT PAGE.
The page also appears to be trying to do a drive-by install of porn dialers and possibly other spyware.
If you go there to see if normality has been restored, and especially if you are using Microsuck Internet Exploder, make sure you have scripting and ActiveX DISABLED first.
|
"The Republican agenda is to turn the United States into a third-world shithole." -P.Z.Myers |
|
|
Siberia
SFN Addict
Brazil
2322 Posts |
 Posted - 11/21/2004 : 14:26:16 [Permalink]
|
Bloody fucking hell. That is one of my favorite pages.
Not that I'd download the bugger, but still. I know that porn thing pretty well. Damn.
Thanks man, that saved me quite some headache and revolt  |
"Why are you afraid of something you're not even sure exists?"
- The Kovenant, Via Negativa
"People who don't like their beliefs being laughed at shouldn't have such funny beliefs."
-- unknown
|
 |
|
|
Dr. Mabuse
Septic Fiend
Sweden
9688 Posts |
Posted - 11/21/2004 : 15:45:04 [Permalink]
|
Damn it...
It's a pity there are fuckups who think this kind of thing is amusing to do. If someone ever finds then, hang them from a tree by nailing the balls to the trunk.
|
Dr. Mabuse - "When the going gets tough, the tough get Duct-tape..."
Dr. Mabuse whisper.mp3
"Equivocation is not just a job, for a creationist it's a way of life..." Dr. Mabuse
Support American Troops in Iraq:
Send them unarmed civilians for target practice..
Collateralmurder. |
|
|
|
Siberia
SFN Addict
Brazil
2322 Posts |
Posted - 11/21/2004 : 16:07:53 [Permalink]
|
| Heh. I once got a sort of trojan that made IE load a porn site everytime, and the site would load porn pop-ups until it froze. My mother almost cooked me for dinner when she saw it... |
"Why are you afraid of something you're not even sure exists?"
- The Kovenant, Via Negativa
"People who don't like their beliefs being laughed at shouldn't have such funny beliefs."
-- unknown
|
|
|
|
Randy
SFN Regular
USA
1990 Posts |
Posted - 11/21/2004 : 17:08:24 [Permalink]
|
I saw that earlier today while doing my daily swing-by-scan of BABB. It caused my McAfee anti-virus to go into major over-drive blocking/deleting that worm.
Earlier today, there had been a "board is down" for the forum front page, but not anymore...visious blood-suckin' worm is still there.
I imagine Phil will track 'em down and hand them over to be skewered -- the dirty bastards. |
"We are all connected; to each other biologically, to the earth chemically, to the rest of the universe atomically."
"So you're made of detritus [from exploded stars]. Get over it. Or better yet, celebrate it. After all, what nobler thought can one cherish than that the universe lives within us all?"
-Neil DeGrasse Tyson |
|
|
|
ktesibios
SFN Regular
USA
505 Posts |
Posted - 11/21/2004 : 17:13:57 [Permalink]
|
Things seem to be slowly returning to normal at BA. The main page and at least some of the permanent pages seem to be OK now. The forum was up a few minutes ago, but there seemed still to be some scripting funnies there, and it was taken back down.
I'd advise approaching the forum with caution at first. Definitely turn scripting and ActiveX off.
I'd like to see whoevr did this hunted down and thrown into a room full of tentacle monsters. Really horny tentacle monsters.
 |
"The Republican agenda is to turn the United States into a third-world shithole." -P.Z.Myers |
|
|
|
Randy
SFN Regular
USA
1990 Posts |
Posted - 11/21/2004 : 17:49:49 [Permalink]
|
It's up and running, sez Phil. Clean as a whistle.
http://www.badastronomy.com/phpBB/viewtopic.php?t=17808
Now, the guilty party can start sweating bullets.
Edited to add Phil's recent post at the BABB, for those reluctant to go there...
Posted: 22 Nov 2004 00:33 Post subject: BABB Hacked!
--------------------------------------------------------------------------------
November 21, 2004:
As many of you know, this board was hacked. A virus tried to install a trojan into the PC of anyone who came here. I have fixed the offending files, and upgraded to a version of phpBB which fixes the security hole.
Grrrrr.
I apologize for any damage that this may have caused. I strongly urge anyone with a PC to get good security software, like McAffee or Norton. My own PC is protected, allowing me to assess the damage to the board. Without software like that you are at the mercy of every twinkie out there who can write hack code.
_________________
Phil Plait
The Bad Astronomer
http://www.badastronomy.com
badastro@badastronomy.com
|
"We are all connected; to each other biologically, to the earth chemically, to the rest of the universe atomically."
"So you're made of detritus [from exploded stars]. Get over it. Or better yet, celebrate it. After all, what nobler thought can one cherish than that the universe lives within us all?"
-Neil DeGrasse Tyson |
| Edited by - Randy on 11/21/2004 17:51:26 |
|
|
|
H. Humbert
SFN Die Hard
USA
4574 Posts |
Posted - 11/21/2004 : 20:57:53 [Permalink]
|
This is somewhat off topic, but I got a trojan virus or whatnot on my computer a while back and I have no idea how to get it off. Basically it messes with my explorer home page, so instead of MSN I get a serach engine with links to viagra and porn and stuff with several pop ups.
I've found some programs that manage to delete the program so that Explorer will function correctly, but it never lasts more than 24 hours before it's corrupt again, meaning this thing is still somewhere on my system. I ended up just downloading Firefox and have been using that ever since. But some things are still only explorer compatible (like my bank account) and I would like to be able to use it.
Any of you know any good programs to get this thing off my system permanently? |
"A man is his own easiest dupe, for what he wishes to be true he generally believes to be true." --Demosthenes
"The first principle is that you must not fool yourself - and you are the easiest person to fool." --Richard P. Feynman
"Face facts with dignity." --found inside a fortune cookie |
|
|
|
tw101356
Skeptic Friend
USA
333 Posts |
Posted - 11/21/2004 : 22:19:10 [Permalink]
|
quote:
Originally posted by H. Humbert
This is somewhat off topic, but I got a trojan virus or whatnot on my computer a while back and I have no idea how to get it off. Basically it messes with my explorer home page, so instead of MSN I get a serach engine with links to viagra and porn and stuff with several pop ups.
I've found some programs that manage to delete the program so that Explorer will function correctly, but it never lasts more than 24 hours before it's corrupt again, meaning this thing is still somewhere on my system. I ended up just downloading Firefox and have been using that ever since. But some things are still only explorer compatible (like my bank account) and I would like to be able to use it.
Any of you know any good programs to get this thing off my system permanently?
Cool Web Search, I presume? Turns your homepage to about:blank and puts up a search page. Ugly little piece of (expletive deleted). I've got it too and can't get rid of it for more than a day at a time.
CWShredder can be downloaded via links at spywareinfo.com, but does not fix it permanently. Even if you boot into safe mode and remove it, something keeps bringing it back, even though several web sites say that safe mode removal will work permanently. Norton detects and removes it as well, but not permanently either. Could be a new variant of CWS that shredder doesn't fix.
I switched to Firefox but still need IE for an online game that I play. I just have to run CWShredder before I start the game.
I last searched for updates to CWShredder a couple of weeks ago as well as for other removal tools, but to no avail. This sucker is a right bastage.
|
- TW
|
|
|
|
beskeptigal
SFN Die Hard
USA
3834 Posts |
Posted - 11/22/2004 : 03:54:34 [Permalink]
|
quote:
Originally posted by H. Humbert
This is somewhat off topic, but I got a trojan virus or whatnot on my computer a while back and I have no idea how to get it off. Basically it messes with my explorer home page, so instead of MSN I get a serach engine with links to viagra and porn and stuff with several pop ups.
I've found some programs that manage to delete the program so that Explorer will function correctly, but it never lasts more than 24 hours before it's corrupt again, meaning this thing is still somewhere on my system. I ended up just downloading Firefox and have been using that ever since. But some things are still only explorer compatible (like my bank account) and I would like to be able to use it.
Any of you know any good programs to get this thing off my system permanently?
I think you have spyware not a worm. Sounds like it is one with no current fix but there will always be a fix available eventually.
I fail to see why that crap isn't illegal and/or can't be traced to the source. Obviously there has to be a connection to buy anything.
I'll ask my son tomorrow if no one else posts a solution for you. He has cleared our computer spyware several times and then we got blocking software which mostly kept it out. I don't know if he will have more to offer than what has already been posted here.
We use Firefox but I also have to go to netscape on occasion for some programs. I don't want to get infected with what ever it is. |
| Edited by - beskeptigal on 11/22/2004 04:01:48 |
|
|
|
filthy
SFN Die Hard
USA
14408 Posts |
Posted - 11/22/2004 : 05:24:27 [Permalink]
|
I've got one as well. It has turned my homepage into a porn index and put no less than two links in my favorites. I can't get rid of any of it. Aside from that, it doesn't seem to do much of anything, so it is more of a minor nuisance than anything else.
Still, mere nuisance or not, I'd like to find the bastard and introduce him to the M/C.
 |
"What luck for rulers that men do not think." -- Adolf Hitler (1889 - 1945)
"If only we could impeach on the basis of criminal stupidity, 90% of the Rethuglicans and half of the Democrats would be thrown out of office." ~~ P.Z. Myres
"The default position of human nature is to punch the other guy in the face and take his stuff." ~~ Dude
Brother Boot Knife of Warm Humanitarianism,
and Crypto-Communist! 
|
|
|
|
tw101356
Skeptic Friend
USA
333 Posts |
Posted - 11/22/2004 : 06:13:19 [Permalink]
|
How to Remove Most Spyware
1. Go to spywareinfo.com's downloads page and download and install the freeware anti-spyware products Ad-Aware and Spybot. Both because each catches certain things that the other does not.
Spywareinfo Download page
2. Run each of them in turn, making sure to update first in order to have the latest signatures to check. You may need to reboot into Windows Safe Mode (reboot and press F8 while rebooting) and run them again in order to clean everything up.
3. If your browser has been hijacked and you cannot reset the home page or keep it reset, you may have the Cool Web Search hijack and need CWShredder from the above download page.
4. If you still have problems, you can get good advice from the forums SpywareInfo Forums or by reading all the FAQs etc. at the site.
Hope this helps.
|
- TW
|
|
|
|
Siberia
SFN Addict
Brazil
2322 Posts |
Posted - 11/22/2004 : 06:31:27 [Permalink]
|
quote:
Originally posted by H. Humbert
This is somewhat off topic, but I got a trojan virus or whatnot on my computer a while back and I have no idea how to get it off. Basically it messes with my explorer home page, so instead of MSN I get a serach engine with links to viagra and porn and stuff with several pop ups.
I had the same bitch (the one I described above). It's not really dangerous (doesn't seem to be), but it's quite annoying. Especially when mine was porn-site-only.
My solution was to format the fucker off. |
"Why are you afraid of something you're not even sure exists?"
- The Kovenant, Via Negativa
"People who don't like their beliefs being laughed at shouldn't have such funny beliefs."
-- unknown
|
|
|
|
ktesibios
SFN Regular
USA
505 Posts |
Posted - 11/22/2004 : 11:42:10 [Permalink]
|
The BABB appears still to be infected. Go there and your browser starts trying to download something from "antiblock.biz". The WHOIS entry for this domain includes contact email addresses at "coolsearch.biz", which a Google indicates is associated with CoolWebSearch. Fortunately, "antiblock.biz" appears to have been taken down- there's no longer a DNS entry for that URL, so the hacked code's efforts are in vain.
"coolsearch.biz" still exists, but there's no content on their home page. Another URL that turns up, registered to the same name, if you WHOIS "coolsearch.biz", "moreporn.biz" also appears to have been taken down.
Passing laws against the unauthorized installation of spyware isn't likely to have much effect on overseas entities. "antiblock.biz" and its cohorts are registered to an address in Cyprus which is undoubtedly a blind. Unless the people behind these things can be brought within the jurisdiction of a US court, there isn't much that can be done.
Mu gut feeling is that whatever script kiddie attacked the BABB just threw together a collection of whatever nasties he could think of, not knowing that some of them, like the attempted CoolWebSearch installation, were past their expiration date.
The only silver lining I can see is that the more time Phil and his hosting company have to spend cleaning up the mess, the more likely it is that they'll reach the magic "5 grand worth of damage" threshold required for the FBI to initiate an investigation.
I take back what I said about the tentacle monsters. Besides that being too good for our hacker, I can't countenance unnecessary cruelty to innocent tentacle monsters. For our hacker, I'd settle for something that starts with parboiling in raw sewage... |
"The Republican agenda is to turn the United States into a third-world shithole." -P.Z.Myers |
|
|
|
H. Humbert
SFN Die Hard
USA
4574 Posts |
Posted - 11/22/2004 : 12:08:47 [Permalink]
|
quote:
Originally posted by tw101356
Cool Web Search, I presume? Turns your homepage to about:blank and puts up a search page. Ugly little piece of (expletive deleted). I've got it too and can't get rid of it for more than a day at a time.
That's the one. I did try CWShredder, but with the same results as you. It's hiding somewhere in my directories so it is able to pop back on even after the cleaning software disposes of it. Damn I hate this little monster of a hack.
|
"A man is his own easiest dupe, for what he wishes to be true he generally believes to be true." --Demosthenes
"The first principle is that you must not fool yourself - and you are the easiest person to fool." --Richard P. Feynman
"Face facts with dignity." --found inside a fortune cookie |
| Edited by - H. Humbert on 11/22/2004 12:10:24 |
|
|
|
Dr. Mabuse
Septic Fiend
Sweden
9688 Posts |
Posted - 11/22/2004 : 22:52:10 [Permalink]
|
quote:
Originally posted by H. Humbert
That's the one. I did try CWShredder, but with the same results as you. It's hiding somewhere in my directories so it is able to pop back on even after the cleaning software disposes of it. Damn I hate this little monster of a hack.
It's definately deeply embedded in the registry. If placed there, it might be hard to find. Start by trying to identify all processes you can find when you do a [ctrl][alt][del]... then search the registry for all processes you can't rule out. Once you find them in the registry, you can see what path and directory it resides in. This will give a second chance to identify the process.
Once you think you located it, change the file name to something ending with ".virus" so you can find restore it if it wasn't the "virus".
But be careful, hacking the registry can be tricky and result in a useless system if you screw up. |
Dr. Mabuse - "When the going gets tough, the tough get Duct-tape..."
Dr. Mabuse whisper.mp3
"Equivocation is not just a job, for a creationist it's a way of life..." Dr. Mabuse
Support American Troops in Iraq:
Send them unarmed civilians for target practice..
Collateralmurder. |
|
|
|
 |
|
Topic Locked
