View Full Version : Sorry about that, folks...


Chris Hurd
January 11th, 2008, 05:51 PM
Okay, so we got hosed by a malicious script due to a security leak in our image gallery and were offline for about an hour and a half. Anybody who was online at the time and saw that, you might want to run a spyware sweep on your system just to be on the safe side.

No forum data was lost -- everything (recent posts, etc.) is intact -- the security breach has been plugged and I don't think it'll happen again. My apologies for the inconvenience. I'm just glad it happened at the end of the week but before the weekend started.

Nothing to see here... carry on...

Mikko Wilson
January 11th, 2008, 05:56 PM
Glad to see you are back up with nothing lost Chris. :)


- Mikko

Glenn Chan
January 11th, 2008, 05:57 PM
That was fixed pretty fast! Good job. :)

Liam Carlin
January 11th, 2008, 06:01 PM
good job you got it fixed :)

Josh Chesarek
January 11th, 2008, 06:06 PM
Glad to see all is well. I did some scans with Hijack This, Ad Aware, and Spybot and nothing has turned up. Im on Vista 64.

Tom Hall
January 11th, 2008, 06:15 PM
DVXuser was worried. Good to here you guys are back up

Christopher Witz
January 11th, 2008, 06:29 PM
wow.... good job! I got a bit scared there.... don't know what I'd do without my dvinfo addiction!

Hugh Mobley
January 11th, 2008, 06:41 PM
I use Malware Pro it found what ever it was something I haven't seen before, but it always finds that stuff. good program!

Frank Granovski
January 11th, 2008, 07:10 PM
There is an image gallery?

Sam Houchins II
January 11th, 2008, 07:11 PM
Nice recovery! Thanks for staying on top of it and restoring this great service. Somebody must've perceived what a valuable target DV Info is. Whew! Y2K8 and still serving.

Joe Lawry
January 11th, 2008, 09:05 PM
That was ridiculously fast. Well done Chris!

Mike Andrade
January 11th, 2008, 10:28 PM
That was fast. I ran into it on my computer at work. What steps should I take to ensure it didn't leave any nasties behind. Its a Mac.

Evan C. King
January 12th, 2008, 09:43 AM
Great job containing that guys. I was on at the time on my work computer and was like wtf. Why do people have to be such douchebags?

Bill Pryor
January 12th, 2008, 09:56 AM
Hey, Mike, I don't think we picked up anything on Macs.

Greg Boston
January 12th, 2008, 10:17 AM
Hey, Mike, I don't think we picked up anything on Macs.

I opened it with my Vista machine and it downloaded a .RAM file to the desktop. I immediately deleted that file then disconnected from the net and ran a scan. It came up clean.

I opened it with the Mac and Safari gave me a pop up about not having the correct plug-in for a mime type of unknown.

I'm hopeful that nobody had their system compromised.

-gb-

Mikko Wilson
January 12th, 2008, 12:40 PM
The page included a Real Audio music file that played when you opened it. If you don't have Real Player installed, then that's probabaly what the warning was. The .RAM file is a Real Audio file, so it's probably the same thing.

Glad to hear no-one's scanners picked up any nasties. My XP/IE6 seems to be running just fine too, no warnings from my Symantec AntiVirus.

- Mikko

Greg Boston
January 12th, 2008, 12:50 PM
The page included a Real Audio music files that played when you opened it. If you don't have Real Player installed, then that's probabaly what the warning was. The .RAM file is a Real Audio file, so it's probably the same thing.

Glad to hear no-one's scanners picked up any nasties. My XP/IE6 seems to be running just fine too, no warnings from my Symantec AntiVirus.

- Mikko

Did you open the .ram file? I know that's supposed to be a Real Audio Media file, but I figured it was one of those tricks where they change the extension so that you'll open it and get a nasty surprise (perhaps one that isn't so obvious).

Another trick they do is to use filename.ext (then a bunch of spaces).ext and your system will use the last three for the real extension while you only see the first bogus one as most file views are truncated like that.

I think most of these clowns are trying to install back door key logging on your system so that they can steal your login and password for things like online banking and credit card transactions.

-gb-

Mikko Wilson
January 12th, 2008, 01:00 PM
I have Real Player installed, so it just played the music automatically. I didn't see any files downloaded.

I have my system set to show all file extensions, so I see the whole filename every time.

- Mikko

Meryem Ersoz
January 12th, 2008, 01:58 PM
that was pretty freaky. but i have to commend chris for tearing down at lightening speed.

so you computer jocks who have macs didn't have any issues? what would i run to test my machine? any suggestions?

Chris Hurd
January 12th, 2008, 02:03 PM
i have to commend chris Not me, but the omnipotent and all-mighty Jenn, she's the hero.

I wasn't even at the desk when it went down.

Mike Andrade
January 12th, 2008, 02:16 PM
Bill,

I was pretty sure we weren't susceptible to anything but just wanted to make sure. You know where I work and I'd never here the end of it.

Lorinda Norton
January 12th, 2008, 06:58 PM
Here’s a vignette with a cast of four DV Info members—Dylan Couper, Bradley Marlow, Greg Boston and yours truly. Hope they don’t mind me telling it, but I have to smile at the little episode that played out from my home. I retrieved all the times from my cell phone:

2:30 pm: I click on the site and see the page. My PC doesn’t download and play the audio file because I don’t have whatever it needed. *whew.* But what should I do about this awful thing that has happened??? I know…
2:31 pm: Send a text message to Dylan telling him to go to the site if he doesn’t want to miss seeing a hacker’s calling card on DV Info. (Heh heh…sorry, Chris. :)
2:33 pm: I call Brad Marlow and get him out of the shower because now I’m wondering if maybe it’s just some bad thing only on my computer. He logs in—buck nekkid, he tells me—and sees the page for himself. He notes the creepy music. I decide to call Greg.
2:36 pm: Greg checks the site and says, “Oh, crap—it downloaded something!” Then he says something about calling Chris and hangs up the phone in my ear. (Actually, I think we squeezed a goodbye in there. ;)
2:40 pm: After hearing Greg say something about a download I get worried that because of my text message to Dylan I could be responsible for his PC getting hosed. I call him. He hasn’t received my message so I explain about the site and then add, “Don’t do it!” There is a pause and then Dylan says, “What is that?” (*sigh* I guess it’s like telling someone not to think of a pink elephant.) What he says after that I can’t repeat because of Chris’ policy concerning naughty words…
2:49 pm: I call Brad again. He has finally put on some boxers, so walks me through clearing stuff off my PC. While we’re talking I receive a voicemail from Greg apologizing for hanging up abruptly (not necessary) and telling me that the site is down. Later, he kindly calls again and explains more about spyware and my money being stolen.
That night: Just to be safe I download a free spyware "doctor" but it only tells you what ugly things are on your PC—you must buy the program if you actually want them killed. Anyway, I’m about to give out my credit card info for it but then I think, “Now, if that’s what the spies are after, is this wise?” So, I guess I’ll do it the old-fashioned way and buy something at the store.

The End.

Addendum: I love this place. And I love the friends I’ve made here who provide me with so much info…and entertainment! :)
Now, if whoever caused the little ruckus is reading this, I can only say, “Be nice, and go do something GOOD with your skills.” Jeff and Chris have better things to do with their time.

Jenn Kramer
January 13th, 2008, 05:52 AM
We probably would have been back up faster than an hour and a half if I hadn't been operating on three hours of sleep and had spent the six hours before the crack painting a room at my office. Oh well, these things seem to always happen at the most inopportune times.

Trond Saetre
January 16th, 2008, 09:52 AM
I use Malware Pro it found what ever it was something I haven't seen before, but it always finds that stuff. good program!
For your info, Malware Pro, Spyware Pro and Adware Pro, are NOT programs to remove spyware/malware.
Today there was an article about this software in a Norwegian computer magazine.
The best thing you can do is to uninstall/remove Malware Pro, and use another anti spyware software instead.
Link to the Norwegian article:
http://www.idg.no/pcworld/article83044.ece
(text in Norwegian only)