Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon
Community Center F.A.Q (Last Updated: 2024 Nov 08 7:12 pm)
This maybe related to the redirect, McAfee is telling me that it is removing a Trojan (Exploit-Iframe) when I go to some of the pages here (such as the home page and the freestuff)
This just started happening.
I am getting a warning about Trojan.Virantix.C
It started in the galleries and now it's every page i go to.
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2008-050916-1055-99
I'm getting a Java notice which I have to click nine times (three sets of three) in order to get it to go away, and when I'm in the galleries, there's a message across the top of my screen that says,
"this website wants to run the following add-on: microsoft data acess - remote data services dat ... from microsoft corporation. if you trust the website and the add-on and want to allow it to run, click here ..."
I can access an image, but as soon as I click away from it, I get the same Java message again. Oddly enough, I'm not having that problem in the forum at all. Once I got here, I was able to browse around and look at different forum posts (looking for exactly this issue!) with no problem.
Also ...
I'm on IM with Marilyn (beachzz) right now, and she can't get in at all. She's getting a popup. She says: i get a really weird message-- "The site at vipasotka.com has been reported as an attack site and has been blocked based on your secutiry preferences." She ran her spybot program, but it's still coming up.
Any information would be lovely! :) For now, I'm just going to get off RR. I'll check back later.
Thanks!
"If your pictures aren't good enough, you're not close enough." ... Robert Capa
I am getting it as well. I've forwarded this thread to the admins.
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2008-050916-1055-99
¤~ RadiantCG ~¤~ My Renderosity Gallery ~¤
Yep same here, some javascript is trying to run an installer whenever I hit the gallery here. I navigated many URLs elsewhere, no popup, but instantly get it when I navigate to Rendo's gallery. Nice!
Info about this specific hack:
http://www.phpbb.com/community/viewtopic.php?f=1&t=1127185
I kinda strongly suggest Rendo block all traffic to "golnanosat.com"...
Anybody who actually allowed this to run, you're probably really screwed. I hate to be doomy and gloomy but this looks like a nasty little browser hijack.
Ditto here Phoenix. I sincerely hope that Rendo will extend the coupon b/c of this...
¤~ RadiantCG ~¤~ My Renderosity Gallery ~¤
Hi all,
The problem is being worked on, and hopefully fully resolved shortly.
Nick C. Sorbin
Staff Writer
Renderosity Magazine
......................................................................................................
"For every breath, for every day of living, this is my Thanksgiving."
-Don Henley
Lucky for me kaspersky didn't let me run it even though I said go ahead :) Love kaspersky sometimes! Not getting the pop up any more so it must be fixed.
I don't know if they are legit or not but I'd say not. I have never been asked for anything like that in the past. So I did a complete search for anything containing the word thawte which came up in my kaspersky backup files of things deleted and I deleted the backup as well. I have no problem getting on this site without thawte consulting, so I'd say it's something you don't want.
Quote - I definitely cannot log onto this site without the "thawte" certificates, can I please get a definite on what it is?
Thawte is an Internet consulting firm that issues SSL (Secure Server License) to websites that have online stores at a cost to the owner of the website. The certificate that they issue [at a pretty large and annoying cost] is responsible for the little "Gold Lock" icon that shows at the bottom of your browser window when you are in the store... this is done to assure Online Store Customers that the website and online store you are visiting and the information you provide is "Secure"...
Thawte doesn't really do anything other than charge a website owner to purchase this certificate. The certificate is only good for a year and the only way that Thawte verifies this information is by running a script against the server to test and make sure that there isn't any open ports, remote linking, phishing scripts and other little things that might make it possible for people to steal your information at the moment of purchase... and it pretty much only verifies this information at the time of purchase or renewal of the certificate... as for the other 364 days of the year... well... shrugs
Fact of the matter is this... any good System's Administrator is going to make sure that the website is secure 24/7/365... the SSL Certificate is only a means to provide Customer trust while sucking a pretty sizable chunk of money out of a website owner's pocket to provide that trust.
Bottom line... think of it as a nice little certificate that a shop owner puts up on the wall of their business to show they have a license to do whatever service they do. For example a certificate license for a person who cuts hair at a hair salon... as many of you may know by this example, even though the person may have a certficate/license stating that they are licensed to cut hair, doesn't mean that they are someone you'd trust to touch your hair! :)
As for the website and forum hijack that occured... the fact is this... Renderosity is a pretty large Community, which makes it a perfect target for [disrespectful] individuals to try and siphon traffic and bandwidth from, or try and take revenge on (say from an individual who's been banned)... it is a script kitty paradise here!!
As such, this website is probably attacked on a regular basis in one form or another. DOS attacks, phishing tatics, harmful scripts, server/forum hijack attempts, etc... etc... etc... making it a monster of a job to protect itself and its members. And sometimes little things can make it through the cracks or accidently be over-looked and, as such, make for a very interesting and tiring day for the System's Administrator to try and clean the mess up and make steps to prevent it from happening again...
Personally, one way to avoid this would be to work on the means in which the forums must be replied to... meaning the applet that the site's software uses to allow members to post or reply to forum threads... no offense to Renderosity, but this is a pretty nice chink in the armor... particularly when a member has to DISABLE ADWARE protection software to post on the website!
Seriously, asking a member to disable security features that protect them from Phishing, Browser Hijacking Scripts, E-Mail Sniffers, and harmful applets that can be attached to off-site advertising banners for them to visit and interact on your website is not a great means to provide security to your members while visiting your website and makes the site an even MORE tempting target to idiots looking to exploit, steal, harrass, hijack or be a general pain in the butt to your business and to your customers.
Just my two pennies!
~Jack D. Kammerer
who is re-enabling his system's security features and going back to lurk mode
Quote -
Seriously, asking a member to disable security features that protect them from Phishing, Browser Hijacking Scripts, E-Mail Sniffers, and harmful applets that can be attached to off-site advertising banners for them to visit and interact on your website is not a great means to provide security to your members while visiting your website and makes the site an even MORE tempting target to idiots looking to exploit, steal, harrass, hijack or be a general pain in the butt to your business and to your customers.
Run on sentences much? I haven't had my caffiene and this was a bitch to read without punctuation. :tt2:
Oddly enough I use Mozilla-Firefox and haven't had an issue.
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
Yes, the thawte certificate is legit. Thanks Jack for explaining it so well. No one should have any problems, since this was resolved last night.
For those of you just hearing about the issues, last night Bondware became aware of a security compromise to Renderosity and RuntimeDNA. The attack presented itself as a hidden Javascript application embedded at the bottom of certain pages, prompting the user to download and install an application that is actually a Trojan virus. Less than an hour after the attack, Bondware had isolated the affected scripts and started reversing the changes.
We have installed monitoring tools to detect a repeat attempt. We are actively investigating the details of last night's attack and will aggressively address any vulnerabilities discovered.
Please make sure you reject any and all unsolicited download prompts when visiting any website, as these could possibly be a sign of attack. Also, we strongly encourage everyone to always use anti-virus software. This type of trojan has affected some of the largest websites including Wal-mart, Target, etc in recent months, but routine anti-viral software seems to prevent damage to the visitors computer.
agrose, your symantec anti-virus would have caught and blocked the concern if you had visited during the time of the problem, which started just before 9:30 and were resolved in about an hour. Some people may have continued to experience an anti-virus block after the fix if their browser had cached the pages that had been compromised.
We extended last night's coupon. For anyone that missed it, please keep checking the The Temperature is Rising Sales Promotion located on the front page and watch the Site Announcements area for up to the minute specials.
We sincerely apologize for the inconvenience that this has caused.
Jenifer Carey
Vice President
Does anybody know what that hack was designed to do?
Asking because last night when ZoneAlarm kept giving me warnings saying a trojan was downloaded, I noticed the java console had also suddenly appeared in my taskbar.
Before I purchased something from the store today, I opened ZA and saw that those viruses had been quarantined. I let ZA delete them.
Still, I don't know if I'm 'safe'? : (
I'd hate for my purchasing info to be compromised. : (
Quote -
We extended last night's coupon. For anyone that missed it, please keep checking the The Temperature is Rising Sales Promotion located on the front page and watch the Site Announcements area for up to the minute specials.We sincerely apologize for the inconvenience that this has caused.
Jenifer Carey
Vice President
Thank you, Jen - however, when I tried to use the extended code last night at about 1a.m., as soon as I heard that the threat had been contained, the store software would not accept the coupon code, reporting that it had expired.
Today's coupon, for half of last night's discount, is a 'pale substitute' - I'm not complaining, I only point this out to clarify that there may indeed have been other customers who were unable to use the supposedly-extended coupon... so you may hear about it from others as well...
As for me, I will keep watching, in the hope that a similarly-generous coupon code appears before the promotion is over!
Cheers!
Quote - **Does anybody know what that hack was designed to do?**Asking because last night when ZoneAlarm kept giving me warnings saying a trojan was downloaded, I noticed the java console had also suddenly appeared in my taskbar.
A lot of ppl don't realize it but you also have a cache of temp internet files just for your java program.
You get to it thru your control panel >java>java control panel>temp internet files>settings......and from there you can set it like you want and delete the temp files...it's also where a java exploit/virus can live and bash you every time it gets a chance.
I'm talking about windows...I don't know anything about mac...don't even know if mac has java. lol
“For those who believe, no proof is necessary. For those who don't believe, no proof is possible.”
[Stuart Chase]
I've just had a blank email from store@renderosity.com ...... is this anything to do with the hack?
"I didn't lose my mind, it was mine to give away"
Thank you so much for that, AnnieD...
I never knew of this java cache feature. :m_shocked:
But damn, now I'm going to have keep calling my bank to see if my recent rendo purchase info is being used to take money from my account. I did delete those viruses this morning before purchasing, but didn't know anything about deleting the cache stuff that may have been associated with the java activity I saw last night.
I effing hate this kind of thing.
This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.
The site keeps trying to redirect to something called "golnanosat" and there's a popup, ostensibly from Microsoft called "Remote Data Controller Data Controller" or something that keeps trying to run.
What is going on?
I don't trust the site enough to use the 20% off coupon right now... very annoying!