[Latest] Possible Infection
-
Hello everyone,
For those of you who have visited the site between last Sunday (or possibly earlier) and today at the time of posting, we have to warn everyone that we have evidence The Starport has been hacked and malicious code has been inserted into the code.
This code may have attempted to install malware on your machine, even though it seems like the behavior is erratic and will not infect every single viewer.
Therefore, we ask everyone to run virus scans and Adware scans as soon as possible and to make backups if you haven’t already done so. We are investigating the possible causes behind such an attack and have tightened our security guidelines for the time being (in short, the server is just about locked down for a while) and we hope this will not happen again.
If anyone has any information on the matter, we would like to hear from you below.
We are sincerely sorry for any inconvenience this may have caused and hope you will still trust us despite this problem.
Thank you,
FriendlyFire
-
could you please specify what kind of malware so the visitors can scan for it?
-
Its a root kit. With a nice Trojan.
-
Would probs explain the popup i got yesterday but as i had a few websites open at the same time i wasnt sure which one it had come from.
The site that came up was this one
I left off the http:// bit so that people dont go and click on it.
-
I encountered that one too.
To reveal a rootkit, use Rootkitrevealer:
http://technet.microsoft.com/de-de/sysinternals/bb897445.aspx
-
Spybot encountered something yesterday i wasnt sure where it came from but i guess it was from tsp.
Thx for the warning anyway, i hope u will not have stupid attacks like this one again.
Regards
Mind -
i didnt get infected
idk why tho lol…maybe it was google chrome, or NOD32
i mean, im a comp geek but idk why im not infected
EDIT: When thinking of it, i blocked that site it tried redirecting me to anyways lol, explains it
-
Unfortunally, I bashed my registry till that I am not longer able to scan with Ad-Aware or Spybot without getting a crash.
But luckily, I can’t remeber that pages have poped up, PLUS, I am using NoScript (Paranoia!!) - And it saved me, I guess.
(But however, I got a “Out Of Range” crash again, but since I have this for…some weeks, I guess it is because of my Registry, HDD or RAM)
-
NoScript saved you. The whole thing was an iframe which had an incomplete address. On page execution, a small javascript would complete the script if a counter was set to a certain value. That means not everyone who visited the page have been infected and anyone with disabled Javascript would not have been infected.
-
Did it ask you to download & execute a file or did it use some browser flaw to do a drive by attack that didn’t require user interactions?
-
It was a flash thing, so allmost anyone with the flash plugins enabled could be infected.
-
im not infected
lol -
It may be worth listing which programs detect the infection.
From above so far I guess Spybot does.
English version of above rootkit revealer
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx -
Avast and Avira do to.
-
Was it an issue to do with Joomla being out of date or an addon likewise being insufficient?
-
Our version is not out of date and we run the latest patches, but still … we have an idea what caused it, we don’t know exactly witch bothers me somewhat.
-
Was *nix vulnerable as well, or was it Windows only?
-
Windows only.
I found out what it whas after i booted up in Linux and it started to ask me stuff about installing crap.
18/18