# May 10th, access problems - Being looked into.



## Bob Hubbard (May 10, 2005)

We are experiencing some serious access issues today.  Massive page no found errors, etc.  The situation is being looked into and I will update as possible.


----------



## Bob Hubbard (May 10, 2005)

Issue should now be resolved.  If you still can't see the site.....you obviously can't read this.


----------



## Ceicei (May 10, 2005)

Was it a configuration problem, or something far more serious than that (like a virus or hack)?

 - Ceicei


----------



## Bob Hubbard (May 10, 2005)

DNS issue.  I'm waiting on more intel at the moment.


----------



## Gin-Gin (May 10, 2005)

It seems to be working now--*YAY!!!* artyon:


----------



## eyebeams (May 10, 2005)

Uh, DNS issue? My copy of Symantec corporate and the couple of hours I've spent trying to fix the Trojan pushed by the front page url would disagree.

 Specfically, the trojan pushes itself as Active Desktop web content along with a fake shortcut button on the right hand side of the windows taskbar that nags you about spyware. Symantec automatically blocked the content. It's manfested as files called r.exe and file[1].exe.

 Firefox shields you. Unfortunately, I stupidly thought Firefix might have a bug, so I switched to IE, which is how I got it.


----------



## Bob Hubbard (May 10, 2005)

Ok, thats the second notice I have that happened.  Can you send me more details please? I didn't see any AVS notices myself. (Running AVG and Firefox on 2k with popups disabled.)


----------



## eyebeams (May 10, 2005)

Kaith Rustaz said:
			
		

> Ok, thats the second notice I have that happened. Can you send me more details please? I didn't see any AVS notices myself. (Running AVG and Firefox on 2k with popups disabled.)


 Edited my post. 2 random-number.exe files and an .ani file, to boot. Identified as a desktop-hijacking trojan by Symantec. Running Hijakcthis didn't pull anything suspicious. I've still got the fake icon (looks like a triangle and exxlamation point with an XP-style alert.


----------



## Andrew Green (May 10, 2005)

I got a page with 3 iframes sized 1x1 one tried to open a pop up, but I'm on a Linux system and din't get hit by a the trojan.

  I'll PM you the three sites that where in the iframes, so no one clikcs them by accident 

 PS - This was only on the main page, all others gave file not found errors, plus a extra we couldn't find the error page bit.


----------



## Bob Hubbard (May 10, 2005)

Thanks.  I'm looking into this more.

In the mean time, make sure your AVS is updated, maybe run Stinger as well - http://vil.nai.com/vil/stinger/

I'll post more ASAP.


----------



## shesulsa (May 10, 2005)

I was receiving 404 errors (server unavailable).

 NAV also blocked a trojan horse for me:



> ... Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-395077c2-614aad08.zip
> Click for more information about this threat:  Trojan.ByteVerify


----------



## Bob Hubbard (May 10, 2005)

AKA: Java/ByteVerify

This virus abuses the security vulnerability in Java Virtual Machine described in MS03-011, which gives posibility of runing potentially dangerous operation to java program (like working with files).

Trojan horse using this vulnerability changes Internet Explorer Home page.

The fix is available on Microsoft web pages like WindowsUpdate.Microsoft.com


----------



## Bob Hubbard (May 10, 2005)

Ok, based on my research so far, something compromised the server causing random traffic to redirect to a site that contained the ByteVerify virus. This happened between 10:45AM and 1:15PM Eastern Time.

If your antivirus caught it, you should be ok.

If you were running IE, and have either not kept the system up to date, are not running antivirus software, or are but are way behind on your updates, you may have been compromised.

I strongly recommend that you verify your antivirus is current, and running, and then do a complete system check.
Also, make certain your OS is upto date as well.
Doing a spyware scan couldn't hurt either.

This issue only effects Windows users, using non-updated OS and IE.
Linux/Mac folks should be fine, as should those running current FireFox or other non-IE browsers and current AVS.


----------



## Andrew Green (May 10, 2005)

Kaith Rustaz said:
			
		

> This issue only effects Windows users, using non-updated OS and IE.


 Which is a very common theme for attacks...

 Lesson being, up date your system regullarly and don't run IE or you are at a very high risk of infection.


----------



## Rick Wade (May 10, 2005)

Kaith Rustaz said:
			
		

> Issue should now be resolved.  If you still can't see the site.....you obviously can't read this.




From this moment on you shall be called MOTO.

Master of the Obvious.  LOL  you are the man, thanks for working so hard so the rest of us have something to do at work.

V/R

Rick


----------



## BrandiJo (May 10, 2005)

if we dont use IE should we still have some problems? i never was propted by my anit virus stuff that something hit, and its up to date, and im on a school server ...so should i be ok?


----------



## Ceicei (May 10, 2005)

BrandiJo said:
			
		

> if we dont use IE should we still have some problems? i never was propted by my anit virus stuff that something hit, and its up to date, and im on a school server ...so should i be ok?


 If you're on a school server, the IT people usually are quick to catch those problems.  I think you're ok.

 - Ceicei


----------



## Rick Wade (May 10, 2005)

I am running IE and just did another scan in addition to the one that is constantly running and found nothing.  I also had the glitch earlier.

V/R
Rick


----------

