WARNING TO EVERYONE!!!

A user on this site and several other D2 fansites has passed around a trojan that you can get WITHOUT clicking a file. Click:

http://forums.rpgforums.net/showthread.php?p=2883314

to read my thread about it.



I KNOW an infected file was specifically posted in the paladin forum, so check your computers.

Garbad

P.S. To the mods: Sorry for the spam, but this is too important to spread word of mouth.

*looks at his firewall*

*looks at his mozilla browser*

*looks at his virus scanner*

Thanks for the warning.

if i use mozilla, would it still infect me?

and thx for the warning

I use winxp firewall, does it prevent the IRC thing too?

more importantly what is this link that garbad wants us to click

more importantly what is this link that garbad wants us to click
o_o

Trust no one

Garbad

P.S. Its a link to a thread in the CH forum, called public service announcement that gives info on how to remove the trojan, etc.

it's a link to a more detailed thread in the Clan Honor forum, what else would it be? HELL! garbad stop linking to Hell!

Ok,
Iv searched for those specific files on my comp, run 4 virus scans (nothing, yet) and changed all my pw's...
Anything else i should be aware of having to do with this virus?

And I thought this was just Garbald having trouble finding a small enough condom.

Bah I should be fine don't visit any other d2 sites and I use firefox.

thanks garb, you gave me a reason to use firefox.

until someone discovers an exploit for that too. >.<

thanks garb, you gave me a reason to use firefox.

until someone discovers an exploit for that too. >.<


yeah, this is real... i just got the ****ing thing. in a trade thread.

watch it you guys.. im doing a virus search now.

Trojans Scare me to a great extent. Just because I would be helpless if I got one, stupid lack of computer training! Thanks for the heads up sir.

*runs away to learn how to virus scan*

Garbad, has there been any word from the admins of the site on this? This is most definately a serious issue and MUST be taken care of. Im sure everyone will agree with me on this.

I pmed Elly and she said she would keep an eye out. Not much she can do though, it was a private users link.

Just thank God this site hosts avatars. I've heard on other sites they pass this trojan around by avatar. If that happened, it would practically impossible to find out who did it and practically everyone would have it.

Garbad

So what information do we have about this?

Is it one person doing it or a number of people?
Does it only happen when the jerk trying to ruin the forums posts a link or can it happen to ANY link?
Do we know this scumbag by user-name?
Is it true that windows service pack #2 got rid of the exploit?


If any one has any information for me on these questions i would appreciate it. As it stand right now im frightened to click on any picture link or even links to people's guides.

im very worried that this site may become completely unsafe to browse because of this. Now my knowledge of computers is limited, but even if this rat-bastard is IP banned couldn't he create another account with some other computer? What will it take to stop it? The complete banning of links? I hope that bastard rots in hell...

i heard that service pack #2 took care of this exploit.
so just install it, its important to install it anyway, i dont see didnt even do it yet.

if you didnt, just use firefox, firefox is really great.

if you want to use IE and not install SP2, then you are at risk, just keep your eyes opened. have a virus scan, perhaps a firewall.

i feel the same about people doing this, but i mean remember not everyone is this bad, how many times have we opened a picture without even thinking it contained a trojan, its about trust. it was 1 in a lot. now that we know about it, and it comes clear, we will take preventive measures, thats all we can really do.

we know quite a few things about him if you check the thread that garb made about it in the CH forum. if he gets fired at work because of this, ill be satisfied.

Well, I will leave it to the mods if they reveal who it was. My personal opinion is they shouldn't, as it only gives the guy notoriety. He wasn't a super well known poster.

SP2 does NOT correct the problem, at least not on all OS.

The poster was right about it being old tho, the trojan is more than a year old and in most virus scanners. A properly updated, virus scanned, firewalled computer is not at serious risk. Still, the fact is a lot of people don't take precautions, so consider this your warning to always do the basics at least.

I honestly don't know much about foxfire, so I cannot promise how secure it is. Pretty much anything is safter than common microsoft programs though.

As for the delivery, I am not 100% sure. It can be on any file or any link at all for that matter. I reported the person within minutes of the original post and xirc killed it very fast, but I must have missed a second post. I am not sure where it was.

>im very worried that this site may become completely unsafe to browse
>because of this. Now my knowledge of computers is limited, but even if this >rat-bastard is IP banned couldn't he create another account with some
>other computer? What will it take to stop it? The complete banning of links?
>I hope that bastard rots in hell...

Well, a couple of points on this.

First, its a common myth that this site IP bans. Its very, very rare. In my 2+ years as a mod I only saw like 1 person get IP banned. This site uses other software to ban.

Second, an IP ban would probably be ineffective vs this guy anyhow. Chances are if he knows enough to toy with trojans he knows enough to bypass an IP.

BUT

This site is in no danger of being unsafe, at least no more so than using the internet in general. Yes, a few people lost thier accts but those were people who were unprepared (friends of mine, but still its thier own fault). If you are taking basic steps to ensure your saftey, this site is relatively secure, especially for a fansite.

Garbad

well said.


well i was reading about this trojan, i was under the impression microsoft said they fixed it with SP2, but who can be too sure i suppose.

I just got Mozilla, ill be testing it out. It doesnt seem different from IE though.. I guess that's good and bad. what is different besides like symbols being worded out... Like send XZXXXXZXZZx a private message through AIM
...

~Kbob

Garbad, from what you are saying it sound like Microsoft Security Bulletin MS04-028 (Buffer Overrun in JPEG Processing) (http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx)

that's how that *old* trojan can (possibly was) get delivered.

excert from the above KB: "Windows XP, Window XP Service Pack 1, and Windows Server 2003 are the only operating systems that contain the vulnerable component by default. By default, Windows 98, Windows 98 SE, Windows Me, Windows NT 4.0, Windows 2000, and Windows XP Service Pack 2 are not vulnerable to this issue. However, the vulnerable component will be installed by any of the programs listed in the affected software section of this bulletin on these operating systems and you should install the appropriate security update for those programs"

so.. getting XP SP2 and using non IE browsers is not a 100% protection.
You might want to download GDI+ tool and do the scan.

If i keep my computer virus free etc. and dont download random stuff i dont have to read this right. I dont freel like readin this.

If i keep my computer virus free etc. and dont download random stuff i dont have to read this right. I dont freel like readin this.

-that was funny, looking at your avatar and reading what you said.. random indeed.

in case that you are serious ... try Bouncing Malware - Part I (http://isc.sans.org/diary.php?date=2004-07-23)

Bouncing Malware – Part II (http://isc.sans.org/diary.php?date=2004-08-23)

Bouncing Malware - Part III (http://isc.sans.org/diary.php?date=2004-11-04)

to find if you *need* to download something to get owned

One of the many advatages to using Opera. Since so few people use it no one puts out virus' for it. Lots of folks use IE, Firefox, Mozilla, but very few use Opera. *Grins*

Opera is the champ! :winner:

One of the many advatages to using Opera. Since so few people use it no one puts out virus' for it. Lots of folks use IE, Firefox, Mozilla, but very few use Opera. *Grins*

Opera is the champ! :winner:

?? it’s not a virus – it’s an exploit, allows remote code execution, then… *they* can do whatever *they* want…. infest your (no longer yours) machine with viruses, trojans, keyloggers…. run pr0n site off “your” machine and so on.

Opera / Firefox and so on doesn't run ActiveX controls for example (by default). That doesn't prevent all malicious code.. it only helps cut down the amount of code that can be run.

IE on the other hand has ActiveX enabled by default.

The safe way would be – run all your games / applications, browse Internet as a ‘restricted user’, not as Admin (providing you run WinNT family OS). That way, even if you happen to click on something wrong or go wrong places, or simply new vulnerability found (and no patch yet) - bad ‘thingies’ wont do much because you, as a restricted user do not have rights to system (there are still ways to impersonate system account…so.. even then, you need to keep your protection up to date).

Doesn’t help when Blizzard says you must be an administrator to run the game. (old game, old (wrong) ways)
And.. so many just – “WTF!!! It’s my computer, I want to be an Admin because I own it!” some just can’t be bothered with Install as Admin, Run as User – too lazy.
P.S.
Can (probably) post on how to run D2 as a user if anyone wants.
Don’t know why I’m still posting in this thread.

according to symantiec, it only effects Win Xp , Nt, 2000.

since i have win 98 it doesn't effect me, but i already have virus scan up to date and fire wall..

but thats cool eh..

i got my old crappy comp and is immune to the trojan. GOGO OLD SCHOOL COMPUTER :thumbsup: :lol:

Well, a couple of points on this.

First, its a common myth that this site IP bans. Its very, very rare. In my 2+ years as a mod I only saw like 1 person get IP banned. This site uses other software to ban.


Humm, I know I have personally requested a lot more than 1 person that has been IP banned. I know several other mods have as well. It is used selectively I will admit. But it has even been used to block a wide range of IP's.

A warning just popped up from my anti-virus about some sort of trojan. Im not sure if its the one discussed in this thread. Now the only thing i clicked on was the OT thread naming post not an link to an image or anything. However this seems to mean that somethign IS going around here and that it may very well be unsafe to browse these forums. There still might be something lurking here guys...i am worried almost to the point of avoiding this place altogether. Hopefully that will not happen, but if i have reason to believe that i am at risk by even viewing threads, lets just say im not going to take any chances

Update your computer and you should be fine. There is no reason to stop visiting this site.

Garbad

SHOULD be fine??? i REALLY dont like that should... I have the latest updates for my anti virus, but im still VERY concerned. what worries me most is that the warning came up when i just clicked to view a thread and not some link posted by a user.

I have the impression that i am at risk even being here and i really dont like the "you should be ok" stuff. Now im no good with computers but right now im basically balancing on a knife-edge over whether browsing these forums is too much of a risk for me. I had calmed down since the initial shock of seeing this thread, but this is 10000000000x worse, now i have had an example of a personal threat against ME. I really think i might not be safe here

No, you are overreacting. If you followed the steps I and others outlined, there is very little risk. If you have a problem, I and others will be here to help you.

Don't blow this out of proportion. Even this last trojan was relatively mild and easy to prevent. The reason I made a big deal out of it was it got two of my friends and preyed on those who don't maintain thier computer.

Let me say again, this site is not insecure and is actually quite secure for a fansite. You should not have any problems.

Garbad

Does anyone know any free Virus Removers and Spyware Removers? I would much appreciate this information :)

I personally think the forum is under-reacting (if thats not a real word, i just made it up). I think almost every forum shouldv'e had some sort of warning or maybe a top of the page announcement. When i mentioned it in the community forum there was at least one member that asked what i meant and where the warning was. This shows that not everyone has information about this. We MUST make sure the forum knows how to protect itself. i was lucky enough to have an updated anti-virus, some may not be and they need to be warned. a post in the pally, druid and CH forum is NOT enough. hell the one in the pally forum went off the first page very quickly. More HAS to be done to prevent more people on these forums from having their accounts stolen! This is a serious threat, yes it can be stopped by those who are ready for it, but i do not see the forum doing very much to warn those who aren't.

We cannot allow the festering pile of dung that is spreading this virus to affect more people on this forum. We MUST warn more people.

I use AVG and spybot. I got both at download.com. They both find stuff that my updated symantec antivirus doesnt find. I'm not sure if spybot is the best but i know AVG is good.

a post in the pally, druid and CH forum is NOT enough. hell the one in the pally forum went off the first page very quickly. More HAS to be done to prevent more people on these forums from having their accounts stolen!I am not a mod/admin of this site, nor am I a computer security specialist. Only a regular poster who saw a problem and had a little expertise to warn others. I posted in the forums where I am known and where I knew the backdoor spread to. Beyond that what else can be done?

I violated the forum rules in posting what I did and could have been banned for it (not that they would ban me for trying to help, but technically it was a violation of forum rules and perhaps an assumption of authority some of the mods would resent). I PMed Elly, she said she would keep an eye out. Who knows what happened from there. She probably gave it to rush and from what I know of him, he seems highly competent. I did what I could, the rest lies in the hands of the individual members.

Its not this site's fault users try to cheat people. Its a fact of life. General computer knowledge and precaution is the best you can do. This site is taking reasonable steps to be safe (imo). Thats really all we can ask of them.

Garbad

dangit my post got eaten by the evil "cannot find server" monster


anyway Garbad, i dont claim to be a computer expert either, hell i probably know less than most people here, but i really think something should be posted in the other forums about this. I think the old saying about what one should do if they want anything done might aplly here

:spy: :howdy: :creep:

diesel, get out

how have you been doing?

Currently this has gone to the point of more cncern than is truly necessary, the situation is something to consider, but not hold as a terror. I am going to close it, if it does need to be broguht back up we'll bring it back at that time.