Something amiss, or is Kaspersky being too keen?

retired_member12 · 23-02-2010, 12:01:57 PM

Almost every page load at Acorn has started flagging this message up in Kaspersky over the past 30 mins or so:

Quote:

Loading object http://mmfav.servehttp.com//ml.php//ml, containing virus HEUR:Trojan.Script.Iframer. detected.

Anyone know what the problem might be? It's only happening at Acorn.

rob · 23-02-2010, 12:22:50 PM

could be a ropey ad or some code injection somewhere along the line

Heur Trojan.script.iframe is a prolific Trojan Horse with several variants. Its primary function is to serve as a downloader. Once inside your PC, it contacts a unknown list of websites without the user knowing. From there it downloads a number of other programs, most of which are Spyware agents, viruses, and keyloggers (programs that record your keystrokes and save the information to a remote server). These viruses are responsible for annoying pop-up advertisements on the desktop and interfering with [Internet Explorer|IE|the internet browser}.

sounds nice

retired_member12 · 23-02-2010, 12:27:29 PM

Quote:

Originally Posted by rob

could be a ropey ad or some code injection somewhere along the line

Heur Trojan.script.iframe is a prolific Trojan Horse with several variants. Its primary function is to serve as a downloader. Once inside your PC, it contacts a unknown list of websites without the user knowing. From there it downloads a number of other programs, most of which are Spyware agents, viruses, and keyloggers (programs that record your keystrokes and save the information to a remote server). These viruses are responsible for annoying pop-up advertisements on the desktop and interfering with [Internet Explorer|IE|the internet browser}.

sounds nice

It's only happening at Acorn though.

mofo · 23-02-2010, 01:28:10 PM

Same here .. just started.

Systreg · 23-02-2010, 01:46:46 PM

The other topic about this is on Acorn here:

http://www.acorndomains.co.uk/forum-...mpromised.html

Other vBulletin sites are reporting the same issue.

SecNam · 23-02-2010, 01:50:31 PM

ive sent admin a text so hopefully he will be along soon to look.

Edwin · 23-02-2010, 01:52:35 PM

A large vBulletin site I run, which uses an up to date version of the software, doesn't seem to have any problems, so it's not a "global" problem. Similarly, there are no issues on *******.com or DomainState.com, both vBulletin sites.

TinkyWinky · 23-02-2010, 01:53:59 PM

it is either an iframe reference that's been bot-placed within the .js file or a document.write on template that references a certain .ru site

Likely engineered from a VB exploit or open PORT

Apparently....

23-02-2010, 01:52:35 PM	#7 (permalink)
Edwin Join Date: Apr 2005 Location: Cambridge, UK Posts: 4,165 No Classified Ratings Domain Trader Rating: (100% / 46)	A large vBulletin site I run, which uses an up to date version of the software, doesn't seem to have any problems, so it's not a "global" problem. Similarly, there are no issues on *****.com or DomainState.com, both vBulletin sites. __________________ Memorable Domains Ltd - Over 7,000 descriptive, generic .co.uk domains for sale Please note:** All sale prices over a week old are automatically invalid. No exceptions. Thanks!

23-02-2010, 01:53:59 PM	#8 (permalink)
TinkyWinky Join Date: Mar 2006 Posts: 643 No Classified Ratings Domain Trader Rating: (100% / 28)	it is either an iframe reference that's been bot-placed within the .js file or a document.write on template that references a certain .ru site Likely engineered from a VB exploit or open PORT Apparently.... __________________ - - - - - - - - - - - - - - - - - - - - - - - - - - - Lifestyle Magazine - Gym Equipment

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Domain Name Community	Replies	Last Post
Russians Not Keen on IDN Top Level Domain - Domain Name Wire (blog)	RSS	Domain Name News	0	22-12-2009 05:59:01 PM
Kaspersky impressed with Conficker botnet's slickness - ZDNet	RSS	Domain Name News	0	21-05-2009 02:59:16 PM
Kaspersky impressed by botnet slickness - ZDNet.com.au	RSS	Domain Name News	0	21-05-2009 05:00:30 AM
Kaspersky, OpenDNS Collaborate to Slow Conficker Worm - PC World	RSS	Domain Name News	0	09-02-2009 11:59:04 AM
Foreign firms keen for Chinese domains - Xinhua	RSS	Domain Name News	0	22-04-2006 02:02:39 AM

23-02-2010, 12:22:50 PM	#2 (permalink)
rob Founding Member Join Date: Jan 2005 Posts: 5,977 No Classified Ratings Domain Trader Rating: (100% / 37)	could be a ropey ad or some code injection somewhere along the line Heur Trojan.script.iframe is a prolific Trojan Horse with several variants. Its primary function is to serve as a downloader. Once inside your PC, it contacts a unknown list of websites without the user knowing. From there it downloads a number of other programs, most of which are Spyware agents, viruses, and keyloggers (programs that record your keystrokes and save the information to a remote server). These viruses are responsible for annoying pop-up advertisements on the desktop and interfering with [Internet Explorer\|IE\|the internet browser}. sounds nice

23-02-2010, 01:28:10 PM	#4 (permalink)
mofo Join Date: Feb 2005 Posts: 273 No Classified Ratings Domain Trader Rating: (100% / 21)	Same here .. just started.

23-02-2010, 01:46:46 PM	#5 (permalink)
Systreg Join Date: Oct 2008 Location: County Cork Republic of Ireland Posts: 4,181 No Classified Ratings Domain Trader Rating: (100% / 106)	The other topic about this is on Acorn here: http://www.acorndomains.co.uk/forum-...mpromised.html Other vBulletin sites are reporting the same issue.

23-02-2010, 01:50:31 PM	#6 (permalink)
SecNam Join Date: Jul 2004 Posts: 4,206 Classified Rating: 100% (1) Domain Trader Rating: (100% / 44)	ive sent admin a text so hopefully he will be along soon to look.