Suspicious! Anyone else with trouble?

ForumsProblems and Bug Reports

Mike Hewson
Mike Hewson
Moderator
Joined: 1 Dec 05
Posts: 6578
Credit: 304911391
RAC: 110983
9 Mar 2006 2:51:59 UTC
Topic 190881
(moderation:
    )

    When, and only when I access/refresh
    this     thread in Mozilla or Internet Explorer, my Trend Micro Internet Security catches and blocks attempts at lifting my credit card number and sending it to addresses like these ones:

    http://ltproject.org/neilmunday/
    http://seti.brutalhosts.com/
    http://www.zacrifice.com/boincstats/
    http://www.emacolet.com/seti/
    http://www.wuschelkiste.de/setistat/boinc/
    http://boincstats.nova-online.de/
    http://www.pierre-bon.com/NMundayCounterSite/
    http://munday.kincheloe.us/
    http://wolfensystems.com/
    http://www.geeksamazing.com/cgi-bin/
    http://ncg58.eden5.netclusive.de/signature/
    http://www1.helbing.nu/mundayweb/

    where = mirror_xml.php?bg=c8c8c8&border=808080&text=ff0000&use_border=1&credit=120311.54%2C84258.31%2C83394.34%2C43421.33%2C32888.55%2C28567.23%2C12654.87%2C3592.17%2C1204.38%2C1087.24%2C225.08%2C191.55&name=MattDavis&updated=09/03...2C90.7%2C68.36%2C58.47%2C69.1%2C19.59&prjs=Seti%2CPredictor%2CEinstein%2CCPDN%2CLHC%2CRosetta%2CSZTAKI%2CSIMAP%2CuFluids%2CWCG%2CRALPH%2CSeti+BETA&rac=264.12%2C402.02%2C292.44%2C6.38%2C98.96%2C218.63%2C51.89%2C75.85%2C28%2C28.2%2C11.23%2C1.32&rf=1&prj=-1

    there's a new address attempted each time, but it stays within the above set. I scan daily and fully to the limits of Trend Micro, and I am pretty well always on with broadband. I've only tested it with this machine I am writing from now.
    If it's purely a local problem for me then I'll deal. I'm reporting it out of concern that it may be the case that someone is/has using/used the E@H forums to ill effect. The 'php' rang a bell, as that has something to do with scripting in the server/client interaction doesn't it?. Suggestions? Mike

    Oh, and when I attempted to post the above message ( creating a new thread )

    http://einstein.phys.uwm.edu/forum_post.php?id=6

    was blocked! ( no ) So now I've posted this using an entirely unrelated machine.

    I have made this letter longer than usual because I lack the time to make it shorter ...

    ... and my other CPU is a Ryzen 5950X :-) Blaise Pascal

    Wurgl (speak^Wcrunching for Special: Off-Topic)
    Wurgl (speak^Wc...
    Joined: 11 Feb 05
    Posts: 321
    Credit: 140550008
    RAC: 0

    Suspicious! Anyone else with trouble?

    9 Mar 2006 16:08:59 UTC
    Message 25705
    (moderation:
      )

      Turn off signatures and Aventars like I do :^)

      Michael Roycraft
      Michael Roycraft
      Joined: 10 Mar 05
      Posts: 846
      Credit: 157718
      RAC: 0

      RE: When, and only when I

      10 Mar 2006 3:07:26 UTC
      Message 25706
      (moderation:
        )

        Quote:

        When, and only when I access/refresh
        this         thread in Mozilla or Internet Explorer, my Trend Micro Internet
        Security catches and blocks attempts at lifting my credit card number and
        sending it to addresses like these ones:

        http://ltproject.org/neilmunday/
        http://seti.brutalhosts.com/
        http://www.zacrifice.com/boincstats/
        http://www.emacolet.com/seti/
        http://www.wuschelkiste.de/setistat/boinc/
        http://boincstats.nova-online.de/
        http://www.pierre-bon.com/NMundayCounterSite/
        http://munday.kincheloe.us/
        http://wolfensystems.com/
        http://www.geeksamazing.com/cgi-bin/
        http://ncg58.eden5.netclusive.de/signature/
        http://www1.helbing.nu/mundayweb/

        Mike,

        Sounds like you have a spyware/malware infestation. Two programs to use:
        Spybot Search and Destroy
        AdAware SE Personal
        Both are free, don't take too long to scan, and use no resources other than when scanning. You might want to go into the advanced settings and tweak for deeper, more thorough scans. If so, let me know, and I'll try to find the site that best goes into that, or at least let you know how to duplicate my settings.

        Also, if you're using the paid version of Trend Micro, make sure you have the latest vieus definitions.

        Respects,

        Michael

        microcraft
        "The arc of history is long, but it bends toward justice" - MLK

        Mike Hewson
        Mike Hewson
        Moderator
        Joined: 1 Dec 05
        Posts: 6578
        Credit: 304911391
        RAC: 110983

        Thank you both! The Trend

        10 Mar 2006 3:30:03 UTC
        Message 25707 in response to message 25706
        (moderation:
          )

          Thank you both! The Trend Micro has dealt with it, it's no longer an issue for me. I'd just characterized it and reported it before I chose to eliminate it. I'm fairly new to bulletin boards, so I wasn't really aware that virus/malware/whatever could be an issue. But on reflection I guess nearly anything electively executable ( like scripts on html ) is prone. It's clarified why my daughter's computer is a recurring problem - she hangs around MSN/Hotmail!!

          Cheers, Mike. :-)

          ( Hey Mike, email me man ! )

          I have made this letter longer than usual because I lack the time to make it shorter ...

          ... and my other CPU is a Ryzen 5950X :-) Blaise Pascal

          Michael Roycraft
          Michael Roycraft
          Joined: 10 Mar 05
          Posts: 846
          Credit: 157718
          RAC: 0

          Mike, I shall do that. I

          10 Mar 2006 7:54:11 UTC
          Message 25708
          (moderation:
            )

            Mike,

            I shall do that. I know I promised you an afternoon followup after the stent
            surgery on Feb 16, but they filled me so full of Demerol that I hardly knew my
            own name until the day after. Whew, bummer! Ya never got around to answering
            my question about your family and all being out of the woods regarding the
            wildfires that day. Short preview - the CT scan 2 weeks ago showed about
            triple the # of badguys in my liver as the original, only 2 months previous,
            and the pancreatic booger much larger.

            Mike, after how much you've gone above and beyond the call in helping me, I owe
            you much more than the scant few words in my irregular "update list" emails.

            Chapter One, coming at ya soon!

            Michael

            microcraft
            "The arc of history is long, but it bends toward justice" - MLK

            Mike Hewson
            Mike Hewson
            Moderator
            Joined: 1 Dec 05
            Posts: 6578
            Credit: 304911391
            RAC: 110983

            RE: Mike, I shall do that.

            10 Mar 2006 8:16:23 UTC
            Message 25709 in response to message 25708
            (moderation:
              )

              Quote:

              Mike,

              I shall do that. I know I promised you an afternoon followup after the stent
              surgery on Feb 16, but they filled me so full of Demerol that I hardly knew my
              own name until the day after. Whew, bummer! Ya never got around to answering
              my question about your family and all being out of the woods regarding the
              wildfires that day. Short preview - the CT scan 2 weeks ago showed about
              triple the # of badguys in my liver as the original, only 2 months previous,
              and the pancreatic booger much larger.

              Mike, after how much you've gone above and beyond the call in helping me, I owe
              you much more than the scant few words in my irregular "update list" emails.

              Chapter One, coming at ya soon!

              Michael


              It's cool man! I figured you were sick, I was waiting for you to call! Mr Dragon's gone for this year too....

              I have made this letter longer than usual because I lack the time to make it shorter ...

              ... and my other CPU is a Ryzen 5950X :-) Blaise Pascal

              Neil Munday
              Neil Munday
              Joined: 11 Feb 05
              Posts: 3
              Credit: 273255
              RAC: 0

              Hi, The list of sites you

              27 Apr 2006 23:28:38 UTC
              Message 25710
              (moderation:
                )

                Hi,

                The list of sites you mention are the ones used by my web site to take the load of generating user's stats signatures off my web server.

                Norton and Trend Micro have been known to think that my mirror system is somehow attacking users' PCs.

                I can assure this is not the case and that your firewall is very wrong indeed!! There is no way that a PHP script (which runs server side) could get your credit card details or any other details, unless you explicitly submitted them to the script in some way.

                For those who are interested, when I request for a user's stats graphic is received, my script randomly chooses one of the mirror sites and redirects them to the chosen mirror to get the graphic using a PHP header() function. This function generates an HTML header for the user's browser which tells it to get the image from a different location.

                E.g.

                Hope this helps,

                Neil.

                http://boinc.mundayweb.com

                Beach Bum
                Beach Bum
                Joined: 12 Dec 05
                Posts: 68
                Credit: 215346
                RAC: 0

                I would like to see what the

                4 Apr 2007 0:50:38 UTC
                Message 25711
                (moderation:
                  )

                  I would like to see what the is. Seeing as I am the owner of wolfensystems.com.

                  As Neil said I am a mirror build for his stats site.

                  I have looked over his code that is hosted, and it is fine, no attempt at stealing anything, other than maybe my bandwidth, but I gave him that right,lol.

                  I would just put this up to a false hit. Not the first time it will happen in life, nor the last.

                  Bye All

                  Beach Bum
                  Founder of The Hawaiian Beach Bums

                  Come Join us at Hawaiian Beach Bums

                  Mike Hewson
                  Mike Hewson
                  Moderator
                  Joined: 1 Dec 05
                  Posts: 6578
                  Credit: 304911391
                  RAC: 110983

                  Hi! :-) Well the is

                  13 Apr 2007 1:42:31 UTC
                  Message 25712
                  (moderation:
                    )

                    Hi! :-)

                    Well the is whatever I put in the earlier post.

                    I no longer have that machine, as a viable entity, so I also now have no recollection or record other than that post. It hasn't been a problem since ( ie. Trend Micro ).

                    Some infestation no doubt, not your fault though! :-)

                    Cheers, Mike.

                    I have made this letter longer than usual because I lack the time to make it shorter ...

                    ... and my other CPU is a Ryzen 5950X :-) Blaise Pascal

                    Comment viewing options

                    Select your preferred way to display the comments and click "Save settings" to activate your changes.

                    ForumsProblems and Bug Reports