More Awesome Than You!

TS2: Burnination => The Podium => Topic started by: Surelyfunke on 2006 October 27, 14:24:25



Title: Virus at Simchic - enter at your own risk
Post by: Surelyfunke on 2006 October 27, 14:24:25
Hmm, surprised this hasn't been mentioned already.

If you so much as glimpse the front page of Simchic, you'll be bombarded with a ton of viruses, spyware etc. Just thought I'd give a heads up.


Title: Re: Virus at Simchic - enter at your own risk
Post by: ZiggyDoodle on 2006 October 27, 14:26:24
A stupid question perhaps, but how can you confirm this?  Do you get warnings from your a.v./firewall software?


Title: Re: Virus at Simchic - enter at your own risk
Post by: Surelyfunke on 2006 October 27, 14:27:24
It didn't happen to me personally, but others have gotten non-stop warnings from their anti-virus softwares, yes.


Title: Re: Virus at Simchic - enter at your own risk
Post by: selzi on 2006 October 27, 14:36:59
I can confirm that - just visited the website out of curiosity, and Antivirus instantly popped up with two viruses that were found. How sick is that??? Was Sim Chic hacked by some psycho?  ???


Title: Re: Virus at Simchic - enter at your own risk
Post by: Surelyfunke on 2006 October 27, 14:40:51
Edit: I misquoted the number. I think she said about 10 viruses detected.


Title: Re: Virus at Simchic - enter at your own risk
Post by: ZiggyDoodle on 2006 October 27, 14:43:28
Well, I just went there and got nada.  No sirens, flashing lights, warnings, etc. of any kind and I have ZoneAlarm and a good a.v. program running.

What were the names of the viruses you found, Selzi?


Title: Re: Virus at Simchic - enter at your own risk
Post by: gypsylady on 2006 October 27, 14:55:19
Here is some more info
http://www.insimenator.net/showthread.php?t=26770


Title: Re: Virus at Simchic - enter at your own risk
Post by: Rose Outlaw on 2006 October 27, 15:10:41
Where exactly is the info beside the chitchat in that thread?


Title: Re: Virus at Simchic - enter at your own risk
Post by: Indiasong on 2006 October 27, 15:31:05
Yes troyan downloader and constructor.perl infected in my quarantine .


Title: Re: Virus at Simchic - enter at your own risk
Post by: noname on 2006 October 27, 15:32:16
I got nothing when I went there, but I do have Firefox w/ NoScript.


Title: Re: Virus at Simchic - enter at your own risk
Post by: ZiggyDoodle on 2006 October 27, 15:54:40
Am running Firefox with no script as well.  Has anyone who actually experienced a virus/trojan warning passed on that info to the webmaster or owner of the site?  Certainly would be appropriate.


Title: Re: Virus at Simchic - enter at your own risk
Post by: Theo on 2006 October 27, 16:00:22
I got nothing when I went there, but I do have Firefox w/ NoScript.
8)

And for added precaution, modify your hosts file so that the domains fdghewrtewrtyrew.biz, and clvcnt.com point to an invalid IP (like 127.0.0.1) ;)


Title: Re: Virus at Simchic - enter at your own risk
Post by: Motoki on 2006 October 27, 16:00:35
I just went there now and a file called "xpl(1).wmf" downloaded on my work computer and attempted to open. When I checked the properties (right click on the file) Windows said in the "Security" section at the bottom the follow message:

This file came from another computer and might be blocked to help protect this computer.

Of course that could be some general CYA message for any downloaded file, but still it did download and attempt to open something without my permission.

Now having said all this, I don't think SimChic themselves are trying to give people virii. I think they just got greedy and tried to put more ads and crap like that up to make even more money and just picked one that was really scammy and sleazy.


Title: Re: Virus at Simchic - enter at your own risk
Post by: Surelyfunke on 2006 October 27, 16:15:36
FWIW, I'm also using Firefox, but I have no idea if I have NoScript installed or not. I went onto Simchic yesterday when the virus was first announced, and nothing happened. Did a couple of scans, nothing.


Title: Re: Virus at Simchic - enter at your own risk
Post by: Venusy on 2006 October 27, 18:12:48
I just went there now and a file called "xpl(1).wmf" downloaded on my work computer and attempted to open. When I checked the properties (right click on the file) Windows said in the "Security" section at the bottom the follow message:

This file came from another computer and might be blocked to help protect this computer.
I think the virus was trying to use the WMF exploit (http://en.wikipedia.org/wiki/WMF_exploit) to gain access to your PC.

EDIT: Remember, there is still another way (http://paysites.mustbedestroyed.org/booty/simchic/) to get the files from Simchic if you must...


Title: Re: Virus at Simchic - enter at your own risk
Post by: ZiggyDoodle on 2006 October 27, 18:34:34
Absolutely delicious.  Thank you, Venusy!   ;D


Title: Re: Virus at Simchic - enter at your own risk
Post by: selzi on 2006 October 27, 20:48:36
What were the names of the viruses you found, Selzi?
When I enter the website Antivirus gives the following message:

(http://i13.tinypic.com/3z8bxox.jpg)

Then I said to delete that file, and instantly Windows tried to download the file "xpl.wmf", just like Venusy said:

(http://i141.photobucket.com/albums/r78/selzi/Virus2.jpg)

Of course I said "Cancel", and immediately another virus popped up:

(http://i141.photobucket.com/albums/r78/selzi/Virus3.jpg)

When I deleted that file as well everything was OK ...  ::)


Title: Re: Virus at Simchic - enter at your own risk
Post by: ZiggyDoodle on 2006 October 27, 22:41:00
Well, I tried it again but this time from home.  No warnings from my firewall (Zone Alarm Pro) or a.v. (Symantec). 

Perhaps it has something to do with my extreme paranoid settings.

Not complaining, mind you.


Title: Re: Virus at Simchic - enter at your own risk
Post by: Paperbladder on 2006 October 27, 23:21:04
Yeah, it seems to be clean now because my AV (avast!) and Firewall (Comodo) showed nothing when I visited it earlier.  I don't believe there's a point to .wmf files, especially when .svg(z) can be viewed in most browsers now.


Title: Re: Virus at Simchic - enter at your own risk
Post by: Surelyfunke on 2006 October 28, 02:08:19
Think it's fine to go now. I'm not about to try, though. Not that I need anything from Simchic anyway :P


Title: Re: Virus at Simchic - enter at your own risk
Post by: noname on 2006 October 28, 04:18:35
FWIW, I'm also using Firefox, but I have no idea if I have NoScript installed or not. I went onto Simchic yesterday when the virus was first announced, and nothing happened. Did a couple of scans, nothing.

Go to Tools->Extensions for a list of all the extensions you have installed. Additionally, NoScript puts a icon in your status bar of either an "S" or an "S" with a strike through it.


Title: Re: Virus at Simchic - enter at your own risk
Post by: Surelyfunke on 2006 October 28, 04:21:24


Go to Tools->Extensions for a list of all the extensions you have installed. Additionally, NoScript puts a icon in your status bar of either an "S" or an "S" with a strike through it.

Lovely, thanks :)


Title: Re: Virus at Simchic - enter at your own risk
Post by: lordrichter on 2006 October 29, 12:59:36
What were the names of the viruses you found, Selzi?
When I enter the website Antivirus gives the following message:

Wow.  That virus changed your language to German!

:-)


Title: Re: Virus at Simchic - enter at your own risk
Post by: J. M. Pescado on 2006 October 29, 15:03:20
You should never name your user account after yourself. Pick a generic, meaningless name instead. In the future, black out your name if it appears in any screenshots.


Title: Re: Virus at Simchic - enter at your own risk
Post by: selzi on 2006 October 29, 21:14:49
You should never name your user account after yourself. Pick a generic, meaningless name instead.
Thanks for pointing that out to me - but honestly I don't see why ...  ???

Quote
In the future, black out your name if it appears in any screenshots.
My name also appears in my signature, so it's not a secret (my FULL name is, but not the first name by itself), but if that is what you're telling me I'll do that in the future, of course ...  ;)


Title: Re: Virus at Simchic - enter at your own risk
Post by: crechebaby on 2006 October 30, 08:37:53
Hi, everyone.
Just a quick update--tech support has been able to resolve the security issue we were struggling with, and it is now safe to visit once again. Thanks for being so patient, and I apologize for the inconvenience.

While talking with tech support they mentioned that there is A LOT of this going around right now, and a great deal of totally legitimate sites have been infected--so make sure your virus protection software is up to date. This is the only way to be 99.999999% protected!

Thanks again for your emails and concern. I'm so relieved to have this cleaned up and taken care of.


Title: Re: Virus at Simchic - enter at your own risk
Post by: Lady Moiraine on 2006 October 30, 13:54:55
While talking with tech support they mentioned that there is A LOT of this going around right now, and a great deal of totally legitimate sites have been infected--so make sure your virus protection software is up to date. This is the only way to be 99.999999% protected!

 Who is your host?  I remember about a year ago, IPower had a trojan on their server and was spreading the virus through all their sites on that server, my site happened to be on that server also, it was a nightmare trying to get them to realize the virus was actually coming from them.   >:(  I tried to call tech and there was like an hour wait to get through on the phone--I waited.


Title: Re: Virus at Simchic - enter at your own risk
Post by: BlueSoup on 2006 November 01, 15:32:25
Hi, everyone.
Just a quick update--tech support has been able to resolve the security issue we were struggling with, and it is now safe to visit once again. Thanks for being so patient, and I apologize for the inconvenience.

While talking with tech support they mentioned that there is A LOT of this going around right now, and a great deal of totally legitimate sites have been infected--so make sure your virus protection software is up to date. This is the only way to be 99.999999% protected!

Thanks again for your emails and concern. I'm so relieved to have this cleaned up and taken care of.

Well, your canned message is here too, so I might as well reply here as well.

First, what is a "legitimate" site?  Is it one that takes your money in exchange for a service?  Because that's you.  Or is it one that will actually take their virus-infected site offline while repairs are being made, so as to make sure their paying customers don't actually have to end up reformatting their entire computer, losing everything in the process?  Cuz I guess if that's what you mean, well, you're right. You're not a legitimate site.  And if you really did thank people for their emails, then you'd actually reply to them, wouldn't you?


Title: Re: Virus at Simchic - enter at your own risk
Post by: miros on 2006 November 01, 16:05:18
If it's coming from a trojan on the server, even putting up a "site closed due to virus" front page isn't going to do much... that page will quickly get infected and even visiting it will get you infected, so you might as well download! 

Additionally, TSR has quite a few direct links into simchic for meshes... so they'd have to redirect all traffic to the "site closed" page.  That's not a minor job for a not-super-technical webmaster!


Title: Re: Virus at Simchic - enter at your own risk
Post by: idtaminger on 2006 November 01, 17:47:57
But if you just take the entire site offline, that would do the trick, wouldn't it? I'd think taking a site offline to prevent infection would be more important than letting pple know that the site is down for repairs.


Title: Re: Virus at Simchic - enter at your own risk
Post by: Elven Ranger on 2006 November 01, 18:40:51
Bleh!!!
I just deleted the bloody link to her site ... The fact its virused ans STILL UP (or was at the time) tell's me EVERYTHING I need to know! ::)


Title: Re: Virus at Simchic - enter at your own risk
Post by: BlueSoup on 2006 November 01, 18:57:11
Wait, so the viruses are still there?


Title: Re: Virus at Simchic - enter at your own risk
Post by: miros on 2006 November 02, 01:35:15
But if you just take the entire site offline, that would do the trick, wouldn't it? I'd think taking a site offline to prevent infection would be more important than letting pple know that the site is down for repairs.

Yes, you can brute force move your pages to a subdirectory or delete them.  Again, the webmaster may not have the skills or experience to know how to do that.  They also may not have a clean copy on their pc to restore from, so they're going to have to do a page by page cleanup.


Title: Re: Virus at Simchic - enter at your own risk
Post by: J. M. Pescado on 2006 November 02, 01:38:04
That's what you get for hosting on a WINDOZE server.

/me spittoo.

WINDOZE IS NOT FOR SERVERS!


Title: Re: Virus at Simchic - enter at your own risk
Post by: miros on 2006 November 02, 01:39:54
Especially if Front Page Extensions are turned on.  Might as well hang up a sign that says "Come hack my server."