[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 492: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 113: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 5133: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3843)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 5133: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3843)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 5133: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3843)
[Fixed] Virus on BAA Site Alert! - Buggy Alumni Association

[Fixed] Virus on BAA Site Alert!

User avatar
Elmo Zoneball
Posts: 132
Joined: Sat Aug 22, 2009 3:31 pm
Organization: SAE
Graduation Year: 1979
Location: Bottom of Flagstaff, watching the chute, collecting samples...

[Fixed] Virus on BAA Site Alert!

Postby Elmo Zoneball » Thu Apr 28, 2011 10:19 pm

Beware:

I just accessed the BAA site, and got a notice that said "unable to display content, click here to download necessary component" (paraphrasing) and MS Security Essentials jumped in and said it's a trojan....


It's "TrojanDownloader: Java/exdoer"

Thankfully, the Virus software caught and removed it.


more info here:

http://www.microsoft.com/security/porta ... 2147644716 <http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=TrojanDownloader%3aJava%2fExdoer&threatid=2147644716>

DO NOT CLICK ON LINKS TO DOWNLOAD SOFTWARE FROM THE BAA SITE!
"I love the smell of solvents in the morning -- they smell like... victory."

User avatar
swiftsam
Site Admin
Posts: 172
Joined: Sat Sep 13, 2008 10:33 am
Organization: Fringe
Graduation Year: 2004
Real Name: Sam Swift
Location: NYC
Contact:

Re: VIRUS ON BAA SITE ALERT!

Postby swiftsam » Thu Apr 28, 2011 10:33 pm

Thanks for the warning, I'm looking into it now. If anyone else noticed anything out of the ordinary, please post it here to help me figure out what's going on.

User avatar
Elmo Zoneball
Posts: 132
Joined: Sat Aug 22, 2009 3:31 pm
Organization: SAE
Graduation Year: 1979
Location: Bottom of Flagstaff, watching the chute, collecting samples...

Re: VIRUS ON BAA SITE ALERT!

Postby Elmo Zoneball » Thu Apr 28, 2011 11:20 pm

It appeared when I clicked on the PiKA news story.

I'm using Firefox 3.6.1.6 on XP SP3....
"I love the smell of solvents in the morning -- they smell like... victory."

CrzRsn
Posts: 8
Joined: Wed Oct 28, 2009 10:00 pm
Organization: SigNu
Graduation Year: 2012
Real Name: Mike S

Re: VIRUS ON BAA SITE ALERT!

Postby CrzRsn » Fri Apr 29, 2011 2:22 am


User avatar
swiftsam
Site Admin
Posts: 172
Joined: Sat Sep 13, 2008 10:33 am
Organization: Fringe
Graduation Year: 2004
Real Name: Sam Swift
Location: NYC
Contact:

Re: VIRUS ON BAA SITE ALERT!

Postby swiftsam » Fri Apr 29, 2011 9:52 am

Thanks to those that quickly let me know that there seemed to be a problem yesterday, and I am super sorry to anyone that got something nasty from our site.

Thanks to people's feedback, I was able to find and remove malicious code and then put the server into a lock-down sort of a mode. We may have to have some down-time as I wipe and rebuild things, but pending any more trouble I think that can wait until things slow down on the site.

Don't hesitate to post here or email admin@cmubuggy.org if you notice anything else amiss.

shafeeq
Posts: 238
Joined: Tue Oct 28, 2008 6:40 pm
Organization: CIA
Graduation Year: 2000
Real Name: Shafeeq S

Re: Virus on BAA Site Alert!

Postby shafeeq » Fri Apr 29, 2011 10:05 am

Symantec AV is still reporting "Web Attack: Malicious ToolKit Iframe Injection 3" on

http://www.symantec.com/business/securi ... asid=24175

I'm guessing this is the first stage of tricking people into downloading the virus.

User avatar
swiftsam
Site Admin
Posts: 172
Joined: Sat Sep 13, 2008 10:33 am
Organization: Fringe
Graduation Year: 2004
Real Name: Sam Swift
Location: NYC
Contact:

Re: [Fixed] Virus on BAA Site Alert!

Postby swiftsam » Sat Apr 30, 2011 4:25 pm

Ok, I thought I had it beat the first time, now I think it's kicked for real, we're back in business.

Again, I am super sorry to those who downloaded something unpleasant from the site, and I appreciate those that alerted me to the problem. If you think you may have clicked "yes" to a plugin/java/extension type of request from your browser while on cmubuggy yesterday or thursday, you should run a virus scan.

If you're the computer/details type, it seems we had a case of the awkwardly-named "" which got in through an exploit in wordpress on a different domain on my server. I did a complete wipe of my server, reinstalled everything and carefully copied the content back on, scanning every line of code for the malicious bits. That said, let me know if you see anything funky going on.

User avatar
Elmo Zoneball
Posts: 132
Joined: Sat Aug 22, 2009 3:31 pm
Organization: SAE
Graduation Year: 1979
Location: Bottom of Flagstaff, watching the chute, collecting samples...

Re: [Fixed] Virus on BAA Site Alert!

Postby Elmo Zoneball » Sat Apr 30, 2011 5:28 pm

Thanks.
"I love the smell of solvents in the morning -- they smell like... victory."

User avatar
janicesg
Posts: 37
Joined: Fri Oct 10, 2008 11:49 am
Organization: Fringe
2nd Organization: Sweepstakes
Graduation Year: 2001
Real Name: Janice (Golenbock) Schneekloth
Location: CT/NYC

Re: [Fixed] Virus on BAA Site Alert!

Postby janicesg » Sat Apr 30, 2011 9:52 pm

thanks, Sam, for all the work you do on this site, and for how quickly you got it back up and running! Good thing this didn't happen 2 weeks ago!
Janice (Golenbock) Schneekloth
BAA Chairman 2010-2012
Sweepstakes Chair 2002-2004
Fringe Driver 1998-2002

shafeeq
Posts: 238
Joined: Tue Oct 28, 2008 6:40 pm
Organization: CIA
Graduation Year: 2000
Real Name: Shafeeq S

Re: [Fixed] Virus on BAA Site Alert!

Postby shafeeq » Sun May 01, 2011 11:48 am

Thanks again, Sam for fixing this, at a time when you have a ton of other important stuff to deal with!


Return to “Buggy”



cron