Planted Tank Hacked

[Khandurian]

I think you may want to still check your code. When I got the email I thought it suspicious. So I just deleted it. Came to the site here manually, and the main forum page started making my antivirus go nuts.

Just wanted to give you a heads up.

[EricSilver]

Quote:

Originally Posted by KyleT

and as far as I know, it did not install anything malicious on any computers.

Yes it did -- when I got here my browser (Safari) flashed a message that the site contained malware.

[Sinopa]

What if we haven't logged on in a while? Are we good?

[KyleT]

I am 99% sure that we got rid of the hack. Of course there is a slight chance that we missed something.

I believe that the users who are still experiencing a problem likely have a cached version of the forum or a specific page from the forum in their browsers. In order to remove these cached versions here are instructions:

http://www.aboutcookies.org/Default.aspx?page=2

[KyleT]

Quote:

Originally Posted by Sinopa

What if we haven't logged on in a while? Are we good?

More than likely yes.

[KyleT]

Thanks for the heads up. I'm more than open to advice. If you want to send me a link please do, that way i can atleast check to ensure that isn't what this is.

I think it is just a coincidence that it happened on or near 9/11.

The exploit that i linked to was discovered a couple of days ago, and the symptoms of the hack were identical to the ones described there. I was able to locate the injected code and verified that it does not exist anymore after updating.

- Kyle

Quote:

Originally Posted by dzydvl

Kyle, I'm an IT security admin by trait. Approximately 4 years ago there was a 9-11 hack done. The way it worked was to plant it on servers, and it would randomly (9-11 on random years) activate. I'm sure you are already aware of this, so I do apologize if this is repeated information. The initial hack was more of a worm, not really not meant to do damage. Unfortunately like all hacks, variants were written. I will try and dig up the security info I had on it. Again, I don't mean to intrude, just want to share what I know, I apologize if I crossed a line. I know some forums to get touchy when members try and offer information. This does not seem like one of those places, which is why I wanted to send a message.

sent from my phone, because I can't get the internet out in the boonies.

[Da Plant Man]

I just got on and google chrome marked this site saying it had "Malicious software" and that my computer could be at risk. If it is fixed why is chrome saying such a thing?

Also, thanks for the warning.

[Bugman]

Well if you are like me you like to use the same password for everything instead of having to remember different ones. I'm changing the password on everything that was even similar. Especially financial accounts. Taking all precautions.

[billyk]

Bummer, sorry to hear about this. My site was hit a while back. Bugger to repair!

[TheeOldMan]

Thanks for heads up Kyle
i didnt use e-mail link to get here. i logged in ( using firefox ) and read about to make sure there was a problem. after reading posts i logged off and signed back in using safari and didnt get anything strange. although my Safari may need updating , but didnt experience anything strange with FireFox which is up to date.
thanks again for the heads up, password changed.

[EricSilver]

I'm back and this time, no malware warning (in safari).

I also tried Internet Explorer and no issues. (Previously it closed a tab with an error message).

I also ran a virus scan and no problems.

So it looks like you are OK.

[chad320]

When I got on I had a pop up from "Java" ? IDK what it was. Mcaffee came on and said it blocked malware though. I changed my password anyway and ive been running fine. Thanks Kyle!

[EricSilver]

Ditto that.

When I first had the problem with IE it generated an error report identifying Java VM as the issue:

# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_03-b02 mixed mode)

[fresh.salty]

Changed the password while at my shop. Came home and logged in and of course needed to log in with the new PW. But Firefox gave me a bar across the top that said I needed to install a plug-in to view all content on the page. I ignored that message and logged in with the new PW and it "seems" fine.

[TheeOldMan]

if it wasnt for the internet still being like the wild freakin west, think of what could get done !
i might have a problem with my Father-in-laws computer, because of recent e-mail that had malicious attachment, but one of my kids was on and checked e-mail (even though ive told them DO NOT TOUCH GRAMPAS COMPUTER ! lol
Grampa was away and guess what ? lol