|
booradly07
|
01-22-2009, 01:02 AM
Post subject: FTR possibly has a problem?
|
#1 (permalink)
|
|
Straight
Join Date: Dec 2004
Posts: 120
|
|
Hi Moderators,
I haven't been around here in a long time and I happened to login today and found a problem that I am sure you will want to take care of for your community. Hopefully it is not a big deal to run down and fix.
It looks like you might have a trojan on your site. I'm not an expert on this but I do work in IT and one of the guys I work with deals with this sort of thing all the time.
The way he explained it to me was that one of your advertisement links may have been hijacked and is trying to download a trojan onto the unlucky viewers computer.
Luckily I am protected from this particular one by Trend OfficeScan.
Anyway, I thought you might want to know. I only had this problem when I clicked on a post by Fnord in the LIve Poker forum. So i assume it may be one of the advertisements there that has been compromised.
Here is the link but beware if you don't have reasonably up to date AV signatures.
http://www.flopturnriver.com/phpBB2/...ot-t80731.html
Trend is labeling this as: TROJ_IFRAME.CP
Here is the link to the trojan information on their website:
http://www.trendmicro.com/vinfo/viru...TROJ_IFRAME.CP
|
|
|
Play for FREE and practice your game at...
Join the FTR Poker Forum to disable these banners and start posting!
|
|
jyms
|
|
Tilting Mod
Join Date: Feb 2006
Posts: 4,836
|
|
unfortunately if this is true the links alternate every time you click on a page so none of those links could be the one. I will tell xianti to look into it now.
|
|
|
|
Xianti
|
|
Administrator
Administrator
Join Date: Dec 2003
Location: facebook.com/xianti
Posts: 5,289
|
|
Thanks. I am alerting the other Admins now.
|
|
|
|
booradly07
|
|
Straight
Join Date: Dec 2004
Posts: 120
|
|
No problem, I hope no damaged was caused to anyone. 
|
|
|
|
Stacks
|
|
4-of-a-Kind
Join Date: Jan 2008
Location: Im opedipus bitch, the original balla.
Posts: 2,605
|
|
oh dat fnord!!!!
|
|
|
|
Xianti
|
|
Administrator
Administrator
Join Date: Dec 2003
Location: facebook.com/xianti
Posts: 5,289
|
|
There's a possibility it may be nothing:
http://www.phpbb.com/community/viewt...p?f=1&t=797915
Quote:
Also be aware that some AV software will report a link as a trojan.
If the link is to a known source of malware a lot of AV software is set to 'know' those links and report it.
It would not mean that your site is infected, only that someone has posted a link to a place that is.
As an anti-malware fighter (and forum owner) I come accross this sort of thing a lot.
|
But we're looking into our banner ads now.
|
|
|
|
bigred
|
|
PROFESSIONAL TROLL
Join Date: Sep 2004
Location: Nest of Douchebags
Posts: 2,184
|
|
Let's replace all advertisements with pictures and banners of how awesome I am. Problem solved. I won't give you diseases...hmmm...on second thought...
|
|
LOL OPERATIONS
|
|
givememyleg
|
|
WHO YA GONNA CALL?!??
Administrator
Join Date: Nov 2005
Location: ISHPERMING MISHIGEN
Posts: 5,040
|
|
Update, we've hired a specialist to look at our site and he said the following:
Quote:
|
I've checked your site, but I am not detecting any virus, trojan or anything by my software. I also was unable to find usual code that they use to stay on websites, like on other client sites that were infected.
|
We're also now having a 2nd specialist look into this for us.
|
Get your own badge! Click profile at the top and FTR Badge from the left nav.
"The Dragon in My Garage" by Carl Sagan
I say onto you, I've felt the dragon! I felt the touch of his tail, the breath of his fire, and I know without a shadow of a doubt that the dragon exists!
|
|
booradly07
|
|
Straight
Join Date: Dec 2004
Posts: 120
|
|
Hmm, this is very strange then.
Since you said nothing was found I went back and checked it again. I got the same alert from Trend that there was a Trojan found. I went to multiple machines, all running Trend, and they all find the same supposed Trojan.
I am not going to bother checking it on a non-protected system at work which is where I am checking it now. When I go home I will try with other systems using other non-Trend AV and see the results.
It could be a false positive but what gets me is it only happens on that one post I linked to. It happens every single time and I cannot find one other post that makes this happen. Since the ads are rotating I am not sure what to say other than false positive or very sneaky Trojan.
If you wanted to see it in action I figure you can probably download a trial of Trend and see it for yourself.
I am running Trend Micro's Office Scan v.8.
|
|
|
|
booradly07
|
|
Straight
Join Date: Dec 2004
Posts: 120
|
|
Well, I tried with McAfee and it didn't detect anything. That doesn't mean there is nothing there, McAfee sucks, but it could certainly be and probably is a false alarm at this point. There is just something on that thread that Trend absolutely does not like.
If the pro's say your site is clean then I guess it is.
Still, it would be nice if one of you also tried Trend and see if you get the same results so you know I wasn't mouthing off about it for no reason. :P
|
|
|
|
mariano57
|
|
|
|
Quote:
|
Originally Posted by jyms
unfortunately if this is true the links alternate every time you click on a page so none of those links could be the one. I will tell xianti to look into it now.
|
im a newbie here and its going to take me a year t get around the site and understand where everything is
|
|
|
|
givememyleg
|
|
WHO YA GONNA CALL?!??
Administrator
Join Date: Nov 2005
Location: ISHPERMING MISHIGEN
Posts: 5,040
|
|
Thanks for bringing this to our attention, booradly07. We appreciate the feedback, we definitely do not think you were just mouthing off! 
|
Get your own badge! Click profile at the top and FTR Badge from the left nav.
"The Dragon in My Garage" by Carl Sagan
I say onto you, I've felt the dragon! I felt the touch of his tail, the breath of his fire, and I know without a shadow of a doubt that the dragon exists!
|
|
tpb221
|
|
3-of-a-Kind
Join Date: Apr 2008
Posts: 69
|
|
Xianti, I just sent you a e-mail about this. I get the same message. I have Trend-mirco PC-cillian 14. I think the problem is with a avatar. It's one of those animated avatars.
|
|
|
|
Xianti
|
|
Administrator
Administrator
Join Date: Dec 2003
Location: facebook.com/xianti
Posts: 5,289
|
|
yes, booradly and tpb. We are taking this very seriously. tpb, thanks for the tip. We'll be looking into the avatar.
|
|
|
|
Xianti
|
|
Administrator
Administrator
Join Date: Dec 2003
Location: facebook.com/xianti
Posts: 5,289
|
|
It has been confirmed that member pokerfan had an avatar that was infected with a Trojan Horse. We have learned that malicious code can be embedded within animated GIF images.
The image has been removed and pokerfan has been alerted.
|
|
|
|
Warpe
|
|
Moderator
Join Date: Sep 2005
Location: Canuckistan
Posts: 3,905
|
|
no animated gifs policy coming soon?
|
|
|
|
Xianti
|
|
Administrator
Administrator
Join Date: Dec 2003
Location: facebook.com/xianti
Posts: 5,289
|
|
Quote:
|
Originally Posted by Warpe
no animated gifs policy coming soon?
|
We're considering it. Thoughts?
|
|
|
|
jyms
|
|
Tilting Mod
Join Date: Feb 2006
Posts: 4,836
|
|
What does it mean for us? As far as having that image in any thread we opened?
|
|
|
|
givememyleg
|
|
WHO YA GONNA CALL?!??
Administrator
Join Date: Nov 2005
Location: ISHPERMING MISHIGEN
Posts: 5,040
|
|
Quote:
|
Originally Posted by jyms
What does it mean for us? As far as having that image in any thread we opened?
|
I'm pretty sure just viewing the picture in the forum would have been fine. To be safe I asked our specialist and will let you know what he says.
|
Get your own badge! Click profile at the top and FTR Badge from the left nav.
"The Dragon in My Garage" by Carl Sagan
I say onto you, I've felt the dragon! I felt the touch of his tail, the breath of his fire, and I know without a shadow of a doubt that the dragon exists!
|
|
lolzzz_321
|
|
NO YOU
Join Date: Oct 2004
Location: My ice is polarized
Posts: 2,797
|
|
I'd be sad 
|
|
|
|
Warpe
|
|
Moderator
Join Date: Sep 2005
Location: Canuckistan
Posts: 3,905
|
|
Quote:
|
Originally Posted by Xianti
Quote:
|
Originally Posted by Warpe
no animated gifs policy coming soon?
|
We're considering it. Thoughts? |
Only allow uploaded pics for avatars, no URLs, and scan the shit out of them when they're uploaded. Still leaves FTR vulnerable to any other infected gifs that get posted elsewhere, I guess. Dunno enough about it to know how you can make FTR completely bulletproof without disallowing pics altogether. What do the experts say?
|
|
|
|
Xianti
|
|
Administrator
Administrator
Join Date: Dec 2003
Location: facebook.com/xianti
Posts: 5,289
|
|
The trojan horse is within the animation code for the GIF, regardless of whether it's uploaded or linked to an outside source. I've always had remote linking disabled. Here's what the code looks like in pokerfan's former animated avatar:
The specialist suggested we disable avatars completely if we want this to be foolproof (as far as image viruses go). But that's a bit extreme. We're considering the possibility of having all avatar uploads screened before the images are saved. That may be the best option, if it's possible to do without slowing down the server.
|
|
|
|
Xianti
|
|
Administrator
Administrator
Join Date: Dec 2003
Location: facebook.com/xianti
Posts: 5,289
|
|
Warning for stupid people:
DO NOT go to the URLs in the circled area!
|
|
|
|
Robb
|
|
4-of-a-Kind
Join Date: Aug 2007
Posts: 3,072
|
|
Quote:
|
Originally Posted by Xianti
Warning for stupid people:
DO NOT go to the URLs in the circled area!
|
This made me LoL.
Dunno about anyone else, but FTR w/o avatars would REALLY suck imo. Don't really care about animations, tho.
|
|
|
|
kb coolman
|
|
Flush
Join Date: Oct 2008
Posts: 596
|
|
Lynch iopq
|
|
|
|
swiggidy
|
|
4-of-a-Kind
Join Date: Sep 2005
Location: Waiting in the shadows ...
Posts: 3,777
|
|
Quote:
|
Originally Posted by Robb
Quote:
|
Originally Posted by Xianti
Warning for stupid people:
DO NOT go to the URLs in the circled area!
|
This made me LoL. |
I tried to click it after X posted this but nothing happened
|
|
(\__/)
(='.'=)
(")_(")
|
|
booradly07
|
|
Straight
Join Date: Dec 2004
Posts: 120
|
|
Hey, glad to hear you figured it out and glad to have helped find the problem.
|
|
|
|
AlKo4g7iC
|
|
Join Date: Mar 2009
Location: Toronto, Ontario , Canada
Posts: 25
|
|
just commenting on the possible trojan , is it fixed ?
|
|
|
|
celtic123
|
|
Full House
Join Date: Jun 2008
Location: **Officially**The worst poster on FTR
Posts: 708
|
|
I wonder to ,myself Is it not illegal to send out trojans?
Dont the police get involved and arrest people that run the site that is circled in red?
|
|
|
|
Xianti
|
|
Administrator
Administrator
Join Date: Dec 2003
Location: facebook.com/xianti
Posts: 5,289
|
|
Quote:
|
Originally Posted by AlKo4g7iC
just commenting on the possible trojan , is it fixed ?
|
Yes. The problem has been corrected. We have modified the avatar upload module to check for malware before allowing any images to be used as an avatar.
|
|
|
|
coozhound
|
|
Join Date: Mar 2009
Posts: 28
|
|
SO NOW I CAN UPLOAD MY ANI,GIF IMGE?
|
|
<<<<<<JUST A TROLL LOOKING FOR A FREE BRIDGE TO CROSS>>>>>>
|
|
coozhound
|
|
Join Date: Mar 2009
Posts: 28
|
|
DON'T WORRY ABOUT IT STILL TRYING TO GET MY SIGNATURE TO SHOW UP ....lol THIS WILL TAKE A MONTH TO UPLOAD PIC.....
BACK TO MY PROFILE...........RUFF START
|
|
<<<<<<JUST A TROLL LOOKING FOR A FREE BRIDGE TO CROSS>>>>>>
|
|
FateAver
|
|
Join Date: Jun 2009
Location: Pokerstars
Posts: 37
|
|
I using PC that have AVG
and it detect the trojan from main page too
|
|
|
|
FateAver
|
|
Join Date: Jun 2009
Location: Pokerstars
Posts: 37
|
|
I got this detected in 3rd June
img514.imageshack.us/my.php?image=70405878.jpg
ps. sorry for double posted and I can't PM because of my post not enough and I can't attach link of picture too
|
|
|
|
givememyleg
|
|
WHO YA GONNA CALL?!??
Administrator
Join Date: Nov 2005
Location: ISHPERMING MISHIGEN
Posts: 5,040
|
|
Thanks, we're looking at removing this.
|
Get your own badge! Click profile at the top and FTR Badge from the left nav.
"The Dragon in My Garage" by Carl Sagan
I say onto you, I've felt the dragon! I felt the touch of his tail, the breath of his fire, and I know without a shadow of a doubt that the dragon exists!
|
|
Lucothefish
|
|
Full House
Join Date: Mar 2009
Location: Cretaceous Park
Posts: 701
|
|
LYNCH POKERFAN
I'm not averse to an avatar free ftr, but I think I'm in the minority.
|
|
<@d0zer> how will you learn if I don't berate you harshly?
|
|
van.dog
|
|
3-of-a-Kind
Join Date: May 2009
Posts: 58
|
|
It's probably a variant of the GDI+ GIF processing vulnerability:
http://www.checkpoint.com/defense/ad...i-02-Sepa.html
I'm new to poker, but do any of the sites use 2 factor authentication? Instead of just username/password.
|
|
|
English
Deutsch
Español
Français
Italiano
Nederlands
Pусский
Svenska
05-26-2012, 03:08 PM Australia Legalized Online Poker coming up in next 6 to 12 Months
Linear Mode
