Forum Administration > Forum Announcements
Malware Update/Apology
Ehelldame:
First, I want to apologize to the readers of this forum for my recent unprofessional behavior in regards to this matter. I was profoundly frustrated and offended at the emails and public comments from a few individuals who crossed the line into accusations that were not reflective of what was actually happening behind the administrative scene or who exploited this issue to push personal agendas that had no relevance to this issue. I, in turn, expressed myself very angrily to a number of people that probably did not deserve it and for that I am sorry.
2. There will soon be forthcoming a Malware FAQ to address issues of how to safeguard your computer, how to remove rogue antivirus viruses and other virus, how to report possible problems coming from this site. If there are several tech savvy members who would be willing to volunteer to help people, please PM me.
3. I will continue to post updates on this issue to the forum. It is within this forum that the AV alerts have been seen. No one has reported seeing an AV alert while on the two blogs. Also, Facebook is probably more likely to have malware than Ehell. http://blogs.technet.com/b/mmpc/archive/2011/11/17/keep-your-facebook-friends-close-and-your-antivirus-closer.aspx
http://www.geeknewscentral.com/2011/07/18/facebook-malware-application-posing-at-google-invite/
http://blogs.wsj.com/digits/2011/03/29/app-watch-the-deadly-sins-of-facebook-malware/
Or this study indicating that as many as 1/5th of Facebook users are exposed to malware: http://news.cnet.com/8301-13577_3-20023626-36.html
I repeatedly get the "Update your Adobe Flash Player" while on Facebook. It may be a legitimate link to Adobe but since this is a known scam for infecting computers with rogue antivirus malware, I'm not clicking on it. Other avenues that Facebook has delivered malware is via "who is poking me", "who is looking at my profile", Google Plus link, links to videos are all ways FB users have been tricked into downloading malware.
4. In the past I have shared quite openly any information concerning malware issues that affect members or readers of Ehell. The most recent event was late last year when a few individuals reported their AV was alerting while on Ehell which turned out to be a false positive by one particular AV software company both readers had. Another was in April 2010 when a Curves ad delivered through Google Adsense was found to be have malware in it. http://www.etiquettehell.com/smf/index.php?topic=77113.15
5. About 20 people have reported AV activity while on Ehell. Most of those have had a virus/trojan intrusion blocked by their AV software and therefore nothing more needs to be done. You are protected. Three, maybe four have reported being infected with Win 7 Security 2012 or Vista 2012. What Norton tech support has told me is that this virus is delivered either by a "drive-by download" from an infected or malicious domain but that 90% of infections come about by the user clicking on a link or pop up. There is no evidence that Ehell is infected or is a "drive by download" site according to Google Diagnostics and numerous scans. Given the nature of the virus, it can lie quietly in your computer until some event triggers it. For all we know, a discussion on Ehell about technology and viruses is enough to wake up the virus on an infected computer and tell the user it is infected and they need to buy software to remove it.
Three Norton users reported having "Malicious Toolkit 4" blocked while on Ehell. I filed a request with Norton that they check to see if this was a false report since no one else's AV was finding the same virus and in particular, to scan the forum. Here is the content of the email from Norton:
We are writing in relation to your submission through Symantec's on-line Security Risk / False Positive Dispute Submission form for your site being detected by Symantec Software. We have been unable to reproduce this detection. Can we please ask you to ensure that you are using Symantec's latest virus definitions for detection? They can be found using live update or alternatively from the URL below.
http://securityresponse.symantec.com/avcenter/defs.download.html
Due to not being able to reproduce this issue we require the additional information below to progress the dispute.
* The message or a screen shot of the message received
* Exact instructions on how to recreate issue
* Symantec product and version being used for detection
Sincerely,
Symantec Security Response
As you can see, Norton cannot find the problem either and needs the same kind of information I have been requesting, i.e. screen shots, browser and AV version information to further investigate. And users advised to update to the latest definitions.
6. It is possible the server has been hacked although thorough scans have not revealed that and if it were, a clean reinstall of the forum software on December 24th should have eliminated it. Over the years I have been threatened on rare occasions that someone's hacker boyfriend was hack into the server but those are pretty obsessed, disturbed people.
In the early hours of December 23rd, SMF (the forum's software) released a security patch update which we installed within hours. Hackers often exploit vulnerabilities in software that is not updated. There is a reason why there are virtually no modification packages added to the forum since each one, if not updated, exposes a vulnerability. The software running on the site has and is current and up to date.
Sigs will be reenabled within a day or two but some of you may find that your sig content isn't displaying correctly or not at all. We have disabled all php and script coding that can come through a sig file. If you suspect someone's sig contains something hinky, report it via the "Report to Moderator" link on the post.
7. Google ads have been known to deliver malware via AdSense ads before. Google is currently being very slow in responding to my reports, perhaps in part because we don't know exactly which ad it could be that is infected or if the malware is coming from AdSense. Nonetheless, I have blocked ads displaying on Ehell from these domains which several people have reported as having been identified as "attacking URLs":
zarerd.com/news
knalds.com/news
static-host.net
8. While we have an obligation on our end to keep the server and the software updated to eliminate vulnerable openings for malware to exploit, each person has a responsibility to guard their own computers by updating to more modern, less buggy browsers; buying more reliable, well rated AV software rather than relying on free AV; keeping browsers/AV software/AV definitions/Apps like Adobe Flash updated and current; becoming knowledgeable about the latest ways malware can attack your computer; and be very cautious about clicking on links and pop ups, even if they are disguised to look like your browser or AV software. Being safe online means you need to be diligent. It's a sad state of affairs that we all have to gird ourselves and be suspicious when surfing lest cyber criminals "wolves" dressed as sheep deceive into infecting with viruses.
Ceallach:
Thank you. It's not surprising that amongst such a large user base there will be viruses, and that this site may seem to be the common link among them. It sounds as though you're well across the risks and protecting eHellions as much as within your power to do so.
artk2002:
Something for people who make the automatic assumption that "I had EHell open last, therefore EHell gave me the virus": Post hoc ergo propter hoc. It's a logical fallacy -- one that's very easy to fall into, but a fallacy nonetheless.
Wonderflonium:
Art, that doesn't apply here. From your link:
--- Quote ---The fallacy lies in coming to a conclusion based solely on the order of events, rather than taking into account other factors that might rule out the connection.
--- End quote ---
We aren't coming to the conclusion based soley on the order of events. We are basing the conclusion on multiple factors. The 2 main ones are the fact that the virus tried to download when we were only on eHell (not just that it appeared when we had eHell open, but that it was actively blocked from loading onto formerly clean computers when only eHell was open) and the fact that it was the ONLY site that we all had in common.
Of course correlation doesn't prove causation, but at the same time, Occam's Razor (and common sense) should be considered.
TheBardess:
--- Quote from: Wonderflonium on December 29, 2011, 08:30:45 PM ---Art, that doesn't apply here. From your link:
--- Quote ---The fallacy lies in coming to a conclusion based solely on the order of events, rather than taking into account other factors that might rule out the connection.
--- End quote ---
We aren't coming to the conclusion based soley on the order of events. We are basing the conclusion on multiple factors. The 2 main ones are the fact that the virus tried to download when we were only on eHell (not just that it appeared when we had eHell open, but that it was actively blocked from loading onto formerly clean computers when only eHell was open) and the fact that it was the ONLY site that we all had in common.
Of course correlation doesn't prove causation, but at the same time, Occam's Razor (and common sense) should be considered.
--- End quote ---
There's also the fact that several people got the virus more than once- and each time they got it, it was while browsing EHell (sometimes only EHell).
I do, however, appreciate the efforts that have been made to ensure that the site is clean and its users safe.
Navigation
[0] Message Index
[#] Next page
Go to full version