Turbinator
New member
Same here with AVG Antivirus.
New ORBITER MAP!
- Thread starter Chipstone306
- Start date
cjp
Addon Developer
Oops.. it wasn't my intention to lead people to virus infected sites. I understand why the URL was removed from my post, and I agree to it. I suggest we keep it this way until we have figured out what is going on here (e.g. until the virus is removed from the site).
WARNING: other links on orbiter-forum.com (and on other Orbiter community sites) link to the same website! You can find another example in this very same thread!
Does anyone know whether the virus on the site targets Linux machines? I know most virus writers aren't interested in targeting Linux, and I keep my Firefox up-to-date, but I also know Linux isn't invulnerable.
I found information about "Trojan.Malscript.B" that it redirects the browser to another site with potentially harmful content, presenting it as fake anti-virus software. Also, virus scanners use 'heuristics' to detect it, so this could be a false positive.
Maybe (I'm just guessing here) it was triggered by the 'av' in the domain name, which sounds like 'antivirus'? Google suggests that 'frieslandav' stands for Friesland Audio/Video. AFAIK, McDuck lives in Friesland, so maybe he is connected to the Friesland AV company.
I couldn't find useful information on JS:Illredir-C [Trj]. Maybe it's another name for the same thing?
If I can find the time, I think I'm going to do some HTML/JS 'hacking'. Trying to be smarter than the virus...
WARNING: other links on orbiter-forum.com (and on other Orbiter community sites) link to the same website! You can find another example in this very same thread!
Does anyone know whether the virus on the site targets Linux machines? I know most virus writers aren't interested in targeting Linux, and I keep my Firefox up-to-date, but I also know Linux isn't invulnerable.
I found information about "Trojan.Malscript.B" that it redirects the browser to another site with potentially harmful content, presenting it as fake anti-virus software. Also, virus scanners use 'heuristics' to detect it, so this could be a false positive.
Maybe (I'm just guessing here) it was triggered by the 'av' in the domain name, which sounds like 'antivirus'? Google suggests that 'frieslandav' stands for Friesland Audio/Video. AFAIK, McDuck lives in Friesland, so maybe he is connected to the Friesland AV company.
I couldn't find useful information on JS:Illredir-C [Trj]. Maybe it's another name for the same thing?
If I can find the time, I think I'm going to do some HTML/JS 'hacking'. Trying to be smarter than the virus...
- Joined
- Oct 16, 2007
- Messages
- 6,586
- Reaction score
- 140
- Points
- 138
- Location
- Houston
- Website
- youtube.com
I did a full scan after clicking the link and found no virus on my machine. Firefox actually crashed shortly after I clicked that link initially, so I'm not sure exactly what the situation is with that link, but to be safe we removed it from this thread.
adamb193
Lighting Geek
I got a warning as well using AVG, wonder how a virus got there.
Turbinator
New member
That's because that software is substandard.
So true.
Scrooge McDuck
Addon Developer
- Joined
- Mar 18, 2008
- Messages
- 515
- Reaction score
- 30
- Points
- 28
- Location
- The Netherlands
- Website
- orbitermap.no-ip.org
Thanks for the heads up people!
It should be fixed now!
Cause of the infection:
A while ago, some of my FTP passwords where stolen by a bot. A bot modifies the "index.html/php" files on the server, by adding some lines at the bottom of the source. Some browsers didn't get affected by this, that's why I didn't notice at first.
My advise to web developers:
It was caused by a securety problem in the (popular) FTP client called "FileZilla".
So to anyone who uses FileZilla: it's safe to use, but don't use the "site manager" to store your passwords! After the infection I did a full clean install on that particular computer, and changed all my FTP passwords, so the problem should not occur again.
About the Orbiter Fan map site: I'm planning to change the layout of the site, and finally add some useful stats. Right now the map is getting kind of small for all those markers. The Google maps part will be bigger. May also use the Google Earth plugin or Flash as alternative interface.
Regards,
mcduck
It should be fixed now!
Cause of the infection:
A while ago, some of my FTP passwords where stolen by a bot. A bot modifies the "index.html/php" files on the server, by adding some lines at the bottom of the source. Some browsers didn't get affected by this, that's why I didn't notice at first.
My advise to web developers:
It was caused by a securety problem in the (popular) FTP client called "FileZilla".
So to anyone who uses FileZilla: it's safe to use, but don't use the "site manager" to store your passwords! After the infection I did a full clean install on that particular computer, and changed all my FTP passwords, so the problem should not occur again.
About the Orbiter Fan map site: I'm planning to change the layout of the site, and finally add some useful stats. Right now the map is getting kind of small for all those markers. The Google maps part will be bigger. May also use the Google Earth plugin or Flash as alternative interface.
Regards,
mcduck
Last edited:
Similar threads
