Virus attack

[ChrisH]

Never had to worry about this stuff cos I've always worked on Mac.

Even the Virus writers don't write software that runs on a Mac.

[Matt]

I've done a quick search on this warning and here's what Symantec has to say:

 

 

 

"Trojan.Giframe is a generic detection for specially crafted GIF images that may contain HTML tags that redirect users to malicious websites."

 

 

 

http://www.symantec.com/security_response/writeup.jsp?docid=2008-082500-0801-99&tabid=2

 

 

 

I'm trying to pin point the image which is causing this. I presume it's someone's avatar or a picture in their post which has come from another site. If you know the exact page (URL) you where on when you received this warning please let me know or send me a screenshot if it happens again - it will be a great help and should speed up the process.

 

 

 

 

 

 

[Azonic]

Can't you just run a SQL query on your user table where avatar URL NOT LIKE 'www.thehubsa.co.za' ? Should point out all externally linked avatars.

 

I myself have an external avatar, JPG though hosted on my own server.

 

[Matt]

Can't you just run a SQL query on your user table where avatar URL NOT LIKE 'www.thehubsa.co.za' ? Should point out all externally linked avatars.I myself have an external avatar' date=' JPG though hosted on my own server.[/quote']

 

 

 

Thanks, Will do that now!

 

 

 

It could also be in a post or signature as well which makes it more difficult to track down.

 

 

 

It seems that in most reports of this on other sites the Antivirus actually gives the URL of the offending image.

 

If you have received this warning please check on the Antivirus log if the actual image is specified.

 

 

 

Thanks

[Sammajoor]

Matt

 

Can you please check why we can not flip to the last page of the post..

 

You have to go page by page

 

[Azonic]

Yep, I saw this morning at 1am already that the dropdown boxes don't fire.

[4ph3X]

 

 

 

my dropdown box works fine... i just get these messages.

[JimFrase]

The GIF/Iframe!generic was detected in SMILEY25[1].GIF.

 

File Status: File was cured; system cure performed.

[JimFrase]

The GIF/Iframe!generic was detected in EDIT_POST_ICON[1].GIF.

 

File Status: File was cured; system cure performed.

[JimFrase]

DELETE_SM[1].GIF  File was cured; system cure performed  GIF/Iframe!generic  

EDIT_POST_ICON[1].GIF  File was cured; system cure performed  GIF/Iframe!generic    

POST_BUTTON_SMILEY[1].GIF  File was cured; system cure performed  GIF/Iframe!generic   

POST_BUTTON_IMAGE[1].GIF  File was cured; system cure performed  GIF/Iframe!generic  

POST_BUTTON_HYPERLINK[1].GIF  File was cured; system cure performed  GIF/Iframe!generic  

NEW_POLL[1].GIF  File was cured; system cure performed  GIF/Iframe!generic  

REPORT_ICON[1].GIF  File was cured; system cure performed  GIF/Iframe!generic  

SMILEY12[1].GIF  File was cured; system cure performed  GIF/Iframe!generic  

SMILEY25[1].GIF  File was cured; system cure performed  GIF/Iframe!generic

[Matt]

So all seems to be back to normal again aside from email notifications which I'm looking into now.

 

 

 

So those interested the "Virus" was a malicious IFRAME which was injected into our pages. After a bit of research it seems this can happen through vulnerabilities on the server or compromised FTP accounts which allow 3rd parties to inject malicious IFRAMES into the code of legitimate websites.

 

 

 

I've taken this up with our Web hosts and have changed all FTP access details using much stronger passwords.

 

 

 

Hopefully this won't happen again. But I suggest that everyone ensures that they have a good, up to date, Anti virus installed. There are some good free ones available:

 

 

 

AVG - http://free.avg.com/

 

Avast - http://www.avast.com/

 

 

 

I'm sure some members can suggest others too.

 

 

 

If you still have trouble with menus disappearing or drop downs not working try pressing Ctrl + F5 to force a page refresh (thanks CVANC).

[markStockton]

Sadly the problem continues. 

[Guest Big H]

Sadly the problem continues. 

 

Huh?????............... I have been "clean" since last night??????

[turtlek]

yup m,y anti virus is working overtime still and i dont have drop down menues and i cant go to the last page of the threads unless i page through them individually [}

[wackwack]

Mine is still going mad!!!!!

[Azonic]

Could be that your browser is still loading site images from your internet cache. I recommend everyone delete all their temp internet files, history and cookies and see if this still occurs.