Page 1 of 3 123 LastLast
Results 1 to 10 of 27
Like Tree64Likes

Thread: AVF is infected with Malware

  1. #1
    emu
    emu is offline
    AVF Regular
    Join Date
    Nov 2016
    Location
    West Australia
    Posts
    2,007

    AVF is infected with Malware

    Just a heads up for all the AVF users, just done a scan of AVF and it is showing that the site is infected with malware. Make sure you are using a good malware defence program and anti virus software so you don't become another victim.
    We all love this place and I for one won't stop coming here but I think everyone should know about the risks so you can cover ya butt so to speak.

    You can check it out yourself for free here: https://sitecheck.sucuri.net/

    Just copy and paste the URL of the forums homepage and click "scan website"

    Hopefully Jato will see this and do something about it for all of our sakes.

    Below is a screenshot of the scan I just done....

    shaneo likes this.

  2. #2
    AVF Regular
    Join Date
    Jan 2015
    Location
    W.A
    Posts
    3,028
    Yep i get a pop up all the time if im not signed in


    Big shout out to AVF and Everyone that helped me on my Journey to quit the the Death Sticks

  3. #3
    Super Moderator
    Join Date
    Aug 2012
    Location
    Central Vic,up near the Murray
    Posts
    18,991
    I am not a supergeek ( hopefully someone will come along and confirm or beat me about the head with a wet salmon )
    but isnt a js obfuscator a java script jumbler that is used as a PROTECTION feature ( as opposed to Malware?)

    I dont trust many scanning sites that offer to sell you a fix to a "problem" they find
    its interesting that clicking the link in the site for the DEFINITION sent my Windows Defender into attack mode as the link itself from the website was malicious :/

    I might be wrong

    But I mailed Jato a link to this thread to make sure

    and yes pop-ups are still a problem but I am beating a dead horse over that one
    Psilo, shaneo, DocM and 1 others like this.
    EPM V2-18490 (X2 ),GP Spheroid V2.5 and GP Piccolo V2.5 ,BBCB, Provari mini's, REO mini V2.1, 18490 REO , Jazz Carto Pipes ( fitted with GA tank and churchwarden stem Totally Evil!!! ), Meerschaum pipe ,e-holly35W,Phideas, AIOS,Taifun atties, PC Pipe mods.PC Squonker, Svapiamo squonker, GP Paps Heron combo.

    Vaping since 2007 totally smoke free since 2011


    AVF Rules , Read and understand them

  4. #4
    emu
    emu is offline
    AVF Regular
    Join Date
    Nov 2016
    Location
    West Australia
    Posts
    2,007
    I hear ya Fatman, that link is a copy of the malware that was found here by the scan, I wouldn't click on that one if I were you. There definitely needs some action to be taken to rid the site of the malware, those pop ups are the warning sign that something is amiss.
    I'm using that Malwarebytes anti malware program and it blocks malware from AVF all the time, the log file is to big to screenshot but I think ya know what I mean. Peeps here are all friends and we all need to know about these types of risks, life's hard enough without any extra's thrown in the mix. Hope Jato can sort it all soon.
    Fatman and DocM like this.

  5. #5
    Super Moderator
    Join Date
    Aug 2012
    Location
    Central Vic,up near the Murray
    Posts
    18,991
    Concur ... it does my head in too lol
    DocM, AllyP and emu like this.
    EPM V2-18490 (X2 ),GP Spheroid V2.5 and GP Piccolo V2.5 ,BBCB, Provari mini's, REO mini V2.1, 18490 REO , Jazz Carto Pipes ( fitted with GA tank and churchwarden stem Totally Evil!!! ), Meerschaum pipe ,e-holly35W,Phideas, AIOS,Taifun atties, PC Pipe mods.PC Squonker, Svapiamo squonker, GP Paps Heron combo.

    Vaping since 2007 totally smoke free since 2011


    AVF Rules , Read and understand them

  6. #6
    Super Moderator
    Join Date
    Aug 2012
    Location
    Central Vic,up near the Murray
    Posts
    18,991
    I just tried 2 other free scan sites .. one said malicious the other said fine lol
    https://app.webinspector.com/public/reports/75381746
    DocM, AllyP and emu like this.
    EPM V2-18490 (X2 ),GP Spheroid V2.5 and GP Piccolo V2.5 ,BBCB, Provari mini's, REO mini V2.1, 18490 REO , Jazz Carto Pipes ( fitted with GA tank and churchwarden stem Totally Evil!!! ), Meerschaum pipe ,e-holly35W,Phideas, AIOS,Taifun atties, PC Pipe mods.PC Squonker, Svapiamo squonker, GP Paps Heron combo.

    Vaping since 2007 totally smoke free since 2011


    AVF Rules , Read and understand them

  7. #7
    emu
    emu is offline
    AVF Regular
    Join Date
    Nov 2016
    Location
    West Australia
    Posts
    2,007
    That's 2 to 1 and the malware is winning.
    That last scan you done only scanned one URL being the forums home page Fatman, the scan I done scans the whole forum which might explain the positive result of that link you posted above.

    Anyhow I not going anywhere because I have good anti virus running and it's working fine, like I said it's just a heads up for everyone to take precautions (don't want an unwanted pregnancy) lol
    DocM likes this.

  8. #8
    AVF Regular
    Join Date
    Jan 2015
    Location
    Griffith, NSW
    Posts
    3,201
    mcafee site checker says clean.

    None of my own personal shit has picked up anything....
    To be fair 90% of the time its not running, the sites i visit finding things for people. Those scanners really dont like it.


    Quote Originally Posted by Fatman View Post
    pop-ups are still a problem
    really, didn't know AVF had pop-ups.
    I havent seen a popup since i installed ABP to stop those fkn youtube ads
    DocM, Dhufish, AllyP and 2 others like this.

  9. #9
    LNB
    LNB is offline
    AVF Regular
    Join Date
    May 2014
    Location
    Sydney
    Posts
    4,106
    Quote Originally Posted by Fatman View Post
    I am beating a dead horse over that one
    I remember those "beating a dead horse" days big fella....
    Stomp, Fatman, DocM and 1 others like this.

  10. #10
    AVF Newbie | Be nice to me
    Join Date
    Nov 2013
    Location
    Melbourne
    Posts
    73
    Quote Originally Posted by Fatman View Post
    I am not a supergeek ( hopefully someone will come along and confirm or beat me about the head with a wet salmon )
    but isnt a js obfuscator a java script jumbler that is used as a PROTECTION feature ( as opposed to Malware?)

    I dont trust many scanning sites that offer to sell you a fix to a "problem" they find
    its interesting that clicking the link in the site for the DEFINITION sent my Windows Defender into attack mode as the link itself from the website was malicious :/

    I might be wrong

    But I mailed Jato a link to this thread to make sure

    and yes pop-ups are still a problem but I am beating a dead horse over that one

    Javascript dev for the past 15 years here.

    Obfuscated JS is basically a process of making it very difficult to be human readable. It started out as a way to reduce the file size (called minification) and then as way to protect intellectual property, and then by attackers as a way to inject malicious javascript into a website for phishing and malware without easily being decoded.

    I've had a look at the file on this site that was picked up by the Sucuri site. I ran it through a deobfuscator to try and figure out what it's doing.

    The file is very heavily obfuscated and injects a connection to an external website via a client-side request.

    From inspecting the web connections made after loading aussievapers.com, it appears the connection is to a site called go.pushnative.com, which is a high risk malware site according to McAfee:

    https://www.mcafee.com/threat-intell...pushnative.com

    I would say this script is definitely malware as its disguised as an MD5 (encryption algorithm) script that sits with all the client side VBulletin script files (the forum software that this site runs).

    All the legit scripts are easily readable and have header information, whereas this script looks like its been placed there deliberately by an attacker (probably a common exploit in the VBulletin software that allowed hackers to put the script there).

    This script isn’t run if you are logged in, it only appears in the client side scripts folder when first visiting the site.

    While typing this the browser on my test machine has crashed twice since visiting the forum home page.

    I’m not sure whether the popups are related to this as they seem to be advertising related. Maybe someone can confirm if Jato is monetising this site using the popup ads? If not then its clear that AussieVapers has been hacked sometime in the last few months.

    The first thing Jato should do is to delete the clientscript/vbulletin_md5.js file as this seems to be the offending file, then update VBulletin and run a scan on the whole aussievapers.com.au domain to make sure there are no other malicious files on the server.

    Update: The popup issue and VBulletin vulnerability confirmed with potential fix here:

    http://labs.sucuri.net/?note=2016-09-23
    Last edited by Dogamondo; 28-09-17 at 12:46 PM. Reason: Added Update
    gtadmin, Fatman, edski2 and 8 others like this.

 

 
Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin® Version 4.2.4
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO 3.6.0
All times are GMT +11. The time now is 04:08 AM.