Is Trade Me spreading virus again? (updated: metservice)

Forums › Desktop computing › Is Trade Me spreading virus again? (updated: metservice)

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8

961 posts

Ultimate Geek

Trusted

#507887 17-Aug-2011 13:16

Ragnor: So it sounds like the ad server got compromised which led to a java (not javascript) applet being served to the browser in the metservice pages, the applet used an exploit the java vm to install personal shield pro on the machine.

Nasty.?

Might pay to update java http://www.java.com/en/download/?

well, javascript injected at metservice, lead browsers to java applet.

anyone know which OSes could be infected with the final virus? How cross platform was the payload?

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#507888 17-Aug-2011 13:17

The payload is Windows only.

I didn't see anything because I don't have Java installed on my system ;)

wjw

162 posts

Master Geek

#507890 17-Aug-2011 13:19

From another website I'm on:

http://deletemalware.blogspot.com/2011/07/how-to-remove-personal-shield-pro.html

Two people so far have said this removal process works

jonb

1771 posts

Uber Geek

Trusted

#507906 17-Aug-2011 13:39

freitasm: The payload is Windows only.

I didn't see anything because I don't have Java installed on my system ;)

Interesting. We got a new laptop last month and haven't yet installed java on it either - there seems to be less and less reason for a consumer pc to have java installed anymore? My reason was mainly to not have those annoying java updates every few weeks, but if there's security issues aswell then that's another reason.

I need it on my work computer, but for home use, it seems like we don't. (btw, we don't play minecraft..)

wreck90

780 posts

Ultimate Geek
Inactive user

#507912 17-Aug-2011 13:45

I use an adblocker, would this have stopped the metservice virus?

My machine is fully patched and Microsoft security essentials up to date. Does this protect too?

If not, how do I know if my machine has this metservice virus? I've not noticed any strange behaviour yet.

[edit] And metservice should warn people on their main webpage, including a link to removal instructions.

DonGould

3892 posts

Uber Geek

#507928 17-Aug-2011 13:53

wreck90: [edit] And metservice should warn people on their main webpage, including a link to removal instructions.

+1 Did you email them and suggest that?

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

wreck90

780 posts

Ultimate Geek
Inactive user

#507937 17-Aug-2011 14:09

DonGould:
wreck90: [edit] And metservice should warn people on their main webpage, including a link to removal instructions.

+1 Did you email them and suggest that?

Nope. However, I'd feel negligent if my website spread a virus and I didn't warn people . Thats just me though.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#507941 17-Aug-2011 14:14

I wonder if we could have here a quick poll with people's replies: "Which OS were you using when your PC got infected?"

Somehow I'm inclined to think this was all on Windows XP/2003...

McNulty

152 posts

Master Geek

#508019 17-Aug-2011 15:57

johnr: Give me one good reason why TM / NZherald / Met service would spread a virus?

You emailed them they must be rolling around on the floor laughing

Not laughing now, ay?

graciem

32 posts

Geek

Trusted

#508020 17-Aug-2011 15:57

freitasm: I wonder if we could have here a quick poll with people's replies: "Which OS were you using when your PC got infected?"

Somehow I'm inclined to think this was all on Windows XP/2003...

Windows XP

DonGould

3892 posts

Uber Geek

#508031 17-Aug-2011 16:04

freitasm: I wonder if we could have here a quick poll with people's replies: "Which OS were you using when your PC got infected?"

Somehow I'm inclined to think this was all on Windows XP/2003...

Can we start with - how do you detect it and how to you fix it?

What do I need to do to confirm that my users don't have it? So far I've read that AVG and MSE aren't stopping it.

D

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

l43a2

1779 posts

Uber Geek

ID Verified

Trusted

#508036 17-Aug-2011 16:07

my sisters laptop was running WinVista Firefox an AVG managed to stop the infection.

Lifejockey

11 posts

Geek

#508037 17-Aug-2011 16:07

Debian Linux 6.0 :)

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#508038 17-Aug-2011 16:07

If we know what exploit was used, perhaps you can focus your efforts? If you know it's not affecting IE9 on Windows 7 then you know you don't have to spend time on that...

DonGould

3892 posts

Uber Geek

#508046 17-Aug-2011 16:12

http://www.stuff.co.nz/the-press/news/5460586/Malware-virus-hits-MetService-website

It's on the stuff web site now.

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8