Is Trade Me spreading virus again? (updated: metservice)

Forums › Desktop computing › Is Trade Me spreading virus again? (updated: metservice)

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8

961 posts

Ultimate Geek

Trusted

Reply # 507887 17-Aug-2011 13:16
Ragnor: So it sounds like the ad server got compromised which led to a java (not javascript) applet being served to the browser in the metservice pages, the applet used an exploit the java vm to install personal shield pro on the machine. Nasty.? Might pay to update java http://www.java.com/en/download/? well, javascript injected at metservice, lead browsers to java applet. anyone know which OSes could be infected with the final virus? How cross platform was the payload?

freitasm

BDFL
43728 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 507888 17-Aug-2011 13:17
The payload is Windows only. I didn't see anything because I don't have Java installed on my system ;) Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

wjw

150 posts

Master Geek

Reply # 507890 17-Aug-2011 13:19
From another website I'm on: http://deletemalware.blogspot.com/2011/07/how-to-remove-personal-shield-pro.html Two people so far have said this removal process works

jonb

447 posts

Ultimate Geek

Reply # 507906 17-Aug-2011 13:39
freitasm: The payload is Windows only. I didn't see anything because I don't have Java installed on my system ;) Interesting. We got a new laptop last month and haven't yet installed java on it either - there seems to be less and less reason for a consumer pc to have java installed anymore? My reason was mainly to not have those annoying java updates every few weeks, but if there's security issues aswell then that's another reason. I need it on my work computer, but for home use, it seems like we don't. (btw, we don't play minecraft..)

wreck90

780 posts

Ultimate Geek
Inactive user

Reply # 507912 17-Aug-2011 13:45
I use an adblocker, would this have stopped the metservice virus? My machine is fully patched and Microsoft security essentials up to date. Does this protect too? If not, how do I know if my machine has this metservice virus? I've not noticed any strange behaviour yet. [edit] And metservice should warn people on their main webpage, including a link to removal instructions.

DonGould

don@i.am.a.can.do.kiwi.nz
3132 posts

Uber Geek

Subscriber

Reply # 507928 17-Aug-2011 13:53
wreck90: [edit] And metservice should warn people on their main webpage, including a link to removal instructions. +1 Did you email them and suggest that? Promote New Zealand - Get yourself a .kiwi.nz domain name!!! Check out mine - i.am.a.can.do.kiwi.nz

wreck90

780 posts

Ultimate Geek
Inactive user

Reply # 507937 17-Aug-2011 14:09
DonGould: wreck90: [edit] And metservice should warn people on their main webpage, including a link to removal instructions. +1 Did you email them and suggest that? Nope. However, I'd feel negligent if my website spread a virus and I didn't warn people . Thats just me though.

freitasm

BDFL
43728 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 507941 17-Aug-2011 14:14
I wonder if we could have here a quick poll with people's replies: "Which OS were you using when your PC got infected?" Somehow I'm inclined to think this was all on Windows XP/2003... Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

McNulty

80 posts

Master Geek

Reply # 508019 17-Aug-2011 15:57
johnr: Give me one good reason why TM / NZherald / Met service would spread a virus? You emailed them they must be rolling around on the floor laughing Not laughing now, ay?

graciem

19 posts

Geek

Trusted

Reply # 508020 17-Aug-2011 15:57
freitasm: I wonder if we could have here a quick poll with people's replies: "Which OS were you using when your PC got infected?" Somehow I'm inclined to think this was all on Windows XP/2003... Windows XP

DonGould

don@i.am.a.can.do.kiwi.nz
3132 posts

Uber Geek

Subscriber

Reply # 508031 17-Aug-2011 16:04
freitasm: I wonder if we could have here a quick poll with people's replies: "Which OS were you using when your PC got infected?" Somehow I'm inclined to think this was all on Windows XP/2003... Can we start with - how do you detect it and how to you fix it? What do I need to do to confirm that my users don't have it? So far I've read that AVG and MSE aren't stopping it. D Promote New Zealand - Get yourself a .kiwi.nz domain name!!! Check out mine - i.am.a.can.do.kiwi.nz

l43a2

803 posts

Ultimate Geek

Reply # 508036 17-Aug-2011 16:07
my sisters laptop was running WinVista Firefox an AVG managed to stop the infection.

Lifejockey

11 posts

Geek

Reply # 508037 17-Aug-2011 16:07
Debian Linux 6.0 :)

freitasm

BDFL
43728 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 508038 17-Aug-2011 16:07
If we know what exploit was used, perhaps you can focus your efforts? If you know it's not affecting IE9 on Windows 7 then you know you don't have to spend time on that... Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

DonGould

don@i.am.a.can.do.kiwi.nz
3132 posts

Uber Geek

Subscriber

Reply # 508046 17-Aug-2011 16:12
http://www.stuff.co.nz/the-press/news/5460586/Malware-virus-hits-MetService-website It's on the stuff web site now. Promote New Zealand - Get yourself a .kiwi.nz domain name!!! Check out mine - i.am.a.can.do.kiwi.nz

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8