Embedded iFrame Virus on all Audioholics Forum Pages

[Jasio]

Hello,

Avast! anti-virus has been going haywire today when browsing any page on Audioholics. There appears to be a flash-based virus embedded as a 1x1pixel iframe on Audioholics.

File name: http://ads.flashgames247.com/www/images/1x1.jpg
Malware name: HTML:Iframe-inf
Malware type: Virus/Worm
VPS Version: 100515-1, 05/15/2010

This may be something you want to look into. It is either someone exploiting a vulnerability in vBulletin to inject a worm into the site - or some of your advertisers (and really you guys have way too many ads everywhere) is running bogus flash advertisements.

Of course NoScript blocks all of this - but Avast definitely isn't happy with the content that is being pushed by the site right now.

 

[MidnightSensi]

Norton Corporate bawked about and blocked the same thing also.

 

[gene]

I see this problem too but only when using a machine loaded with AVAST. I forwarded this to our ADMIN. thanks for bringing this to our attention.

 

[Jasio]

The domain name/IP address resolves to a Dallas Texas data center (The Planet) however ownership of the domain is by a Dubai based place holder company.

The last time I saw/experienced one of these vBulletin based warnings from Avast the websites vB MySQL database was compromised and mined for email addresses. While they did shut the door on the issue it complicated matters and upset a lot of people.

Check this forum post out (a gaming site) where they described the attack on their database: http://www.aionsource.com/topic/99986-recent-website-hacks-aimed-at-gamers-and-aion-players/?

The attack vector was a flash based worm which was embedded in a Google Ads advertisement. It was removed after Google confirmed that the ads being run were malicious.

In both cases - Avast was the first scanner (and F-Secure) to catch the attack.

 

[gene]

We did a thorough scan of our servers and they don't appear to be compromised. I notice the AVAST virus message is no longer showing. This leads me to believe its related totally to Google ads. They must be running some bad ads. Next time this happens, please try to note what Google ads are showing at that time. thanks.

 

[Jasio]

We did a thorough scan of our servers and they don't appear to be compromised. I notice the AVAST virus message is no longer showing. This leads me to believe its related totally to Google ads. They must be running some bad ads. Next time this happens, please try to note what Google ads are showing at that time. thanks.

I am always getting the warning from Avast. And it is not possible to really note what ads are showing as the "ad" in question is a 1pixel x 1pixel transparent/white flash application - you don't see it - hence the "beauty" of this kind of exploit.

And since the ad is probably embedded in Google Ads it is very likely that you won't always see it being rotated (with whatever ad its packaged with). Not to mention Google does serve ads based on your location (usually) to help advertisers target local markets. It's something that isn't easy to catch and generally Google has to be notified so they may refer to their own logs of what was infact being served.

 

[Seth=L]

Oh what the "F" I'm getting this every time I load a new page. I installed Add blocker and flash blocker and it won't stop. This is the first time Avast has truly begun to irritate me with it's stupid red box popping up in the corner everytime I navigate to a different part of the site.

On the botton left hand part of the screen where it usually says waiting for audioholics.com it is saying a bunch of other garbage, the only one that's up long enough for me to see is ads.pointroller.com

 

[gene]

I think this has finally been killed off.

 

[malachi0420]

Just a Heads Up on Antivirus

I'm not telling anyone what to do, but in my experience (15+ years) as a Security/Computer Tech, Avast is lacking!

Please give Microsoft Security Essentials a try, you will not be disappointed!

Questions and comments welcome!

 

[gene]

I'm not telling anyone what to do, but in my experience (15+ years) as a Security/Computer Tech, Avast is lacking!

Please give Microsoft Security Essentials a try, you will not be disappointed!

Questions and comments welcome!

I use Microsoft Security Essentials and Free AVG together. Do you think just running MSE is enough or is it good to combine the two?

 

[GlocksRock]

I run MSE along with Malwarebytes running in realtime, so far I haven't gotten anything.

 

[fightinkraut]

I run MSE along with Malwarebytes running in realtime, so far I haven't gotten anything.

Same here, a combination of those two has proven 100% secure. I'm very pleased with MSE. For those of us who get called to fix PC's I've found the two aforementioned programs, coupled with a fresh download of rkill, will take care of almost every common virus/malware issue.

 

[its phillip]

Another vote for MSE.

 

[MinusTheBear]

I have just switched to MSE from AVG free addition a few weeks ago. I really like it. System scans are faster and I find MSE less demanding overall. Automatic daily definition updates and yesterday I noticed a 7 mb update was applied to MSE. With older computers the newest version of AVG free tended to slow them down a tad. With a powerful new computer you probably wouldn't notice anything. Both are free so I can't really knock them.

 

[malachi0420]

I use Microsoft Security Essentials and Free AVG together. Do you think just running MSE is enough or is it good to combine the two?

It's NEVER a good idea to run more than one Anti-Virus! They WILL ALWAYS conflict with each other, and you will not get the full potential of either.
Although running things like MalwareBytes Anti-Malware, Spybot Search & Destroy, SpywareBlaster, Ad-Aware, along with your Anti-Virus IS a good idea.

The most important thing is, making sure you have the latest updates to all of your Anti-Virus, and Spy-Ware programs.

 

[Alex2507]

... running things like Ad-Aware, along with your Anti-Virus IS a good idea.

The most important thing is, making sure you have the latest updates to all of your Anti-Virus, and Spy-Ware programs.

Reading stuff like this makes me feel like a mental giant in all things computer.

 

[yettitheman]

Hmm. Haven't had any problems over here. Even though I don't sign in all the time, I stop by quite a bit.

It's better to enumerate trusted applications and services than to count, monitor, and attempt to prevent malicious applications and services from running. It's how I was able to get away from using anti-virus for quite a few years, but eventually, I got lazier, and attacks got more sneaky.

But, if I really wanted to lock my system down hard, I'd use a pair of bolt cutters.

 

[malachi0420]

Same here, a combination of those two has proven 100% secure. I'm very pleased with MSE. For those of us who get called to fix PC's I've found the two aforementioned programs, coupled with a fresh download of rkill, will take care of almost every common virus/malware issue.

I hate to be the bearer of bad news, but there is NO perfect combination of Anti-Virus and mal-ware tools. They ALL have their weak points, and if exposed to the right thing, you WILL be INFECTED!

The best way to fend off Mal-Ware, and viruses is to practice good internet surfing habits, and keep your Anti-Virus and Mal-Ware definitions up to date! But theirs no sure fire guarantee, as there is thousands of people right now, sitting in front of their computer, writing new viruses and mal-ware.

People think that just because they have never had a virus, they cannot get one. That is just simply FALSE, they are either LUCKY, or they have been infected and didnt know it!

If anyone has any questions, Ill be glad to point them in the right direction.

 

[fightinkraut]

I hate to be the bearer of bad news, but there is NO perfect combination of Anti-Virus and mal-ware tools. They ALL have their weak points, and if exposed to the right thing, you WILL be INFECTED!

The best way to fend off Mal-Ware, and viruses is to practice good internet surfing habits, and keep your Anti-Virus and Mal-Ware definitions up to date! But theirs no sure fire guarantee, as there is thousands of people right now, sitting in front of their computer, writing new viruses and mal-ware.

People think that just because they have never had a virus, they cannot get one. That is just simply FALSE, they are either LUCKY, or they have been infected and didnt know it!

If anyone has any questions, Ill be glad to point them in the right direction.

Agreed 100% with you. I am still surprised by the number of people who continually get viruses and malware, even after frequent warnings of things not to do...some people seemingly cannot resist opening every attachment, clicking every pop up, etc.

If people would be smart about their browsing habits there would be significantly fewer problems!

 

[gene]

I've been running MSE with AVG at the same time on 2 of my machines. My older Desktop seems a bit slugging at times. I traced it and found out Firefox often doesn't close down even though the browser shuts down. When you goto the task manager you can still see firefox.exe running.

I will remove AVG and just run MSE to see if it improves performance.

About 2 months ago I got that damn Microsoft XP Virus which took me 2 days to remove. I used RKILL, MSE, AVG and a few other programs including deleting it from the Registry.

After that experience, I've been a bit over paranoid about getting malware or virus attacks.