Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingIs Trade Me spreading virus again? (updated: metservice)
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
taniwha
961 posts

Ultimate Geek

Trusted

  #507887 17-Aug-2011 13:16
Send private message

Ragnor: So it sounds like the ad server got compromised which led to a java (not javascript) applet being served to the browser in the metservice pages, the applet used an exploit the java vm to install personal shield pro on the machine.

Nasty.?

Might pay to update java http://www.java.com/en/download/?


well, javascript injected at metservice, lead browsers to java applet.

anyone know which OSes could be infected with the final virus? How cross platform was the payload?



freitasm
BDFL - Memuneh
80661 posts

Uber Geek
+1 received by user: 41081

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #507888 17-Aug-2011 13:17
Send private message

The payload is Windows only.

I didn't see anything because I don't have Java installed on my system ;)




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

wjw

wjw
174 posts

Master Geek
+1 received by user: 5


  #507890 17-Aug-2011 13:19
Send private message

From another website I'm on:

http://deletemalware.blogspot.com/2011/07/how-to-remove-personal-shield-pro.html

Two people so far have said this removal process works



jonb
1796 posts

Uber Geek
+1 received by user: 545

Trusted

  #507906 17-Aug-2011 13:39
Send private message

freitasm: The payload is Windows only.

I didn't see anything because I don't have Java installed on my system ;)




Interesting. We got a new laptop last month and haven't yet installed java on it either - there seems to be less and less reason for a consumer pc to have java installed anymore?  My reason was mainly to not have those annoying java updates every few weeks, but if there's security issues aswell then that's another reason.

I need it on my work computer, but for home use, it seems like we don't. (btw, we don't play minecraft..)

wreck90
780 posts

Ultimate Geek
Inactive user


  #507912 17-Aug-2011 13:45
Send private message

I use an adblocker, would this have stopped the metservice virus?

My machine is fully patched and Microsoft security essentials up to date. Does this protect too?

If not, how do I know if my machine has this metservice virus? I've not noticed any strange behaviour yet.


[edit] And metservice should warn people on their main webpage, including a link to removal instructions. 

DonGould
3892 posts

Uber Geek
+1 received by user: 164


  #507928 17-Aug-2011 13:53
Send private message

wreck90: [edit] And metservice should warn people on their main webpage, including a link to removal instructions. 


+1 Did you email them and suggest that?




Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

 
 
 
 

Shop now for Dell laptops and other devices (affiliate link).
wreck90
780 posts

Ultimate Geek
Inactive user


  #507937 17-Aug-2011 14:09
Send private message

DonGould:
wreck90: [edit] And metservice should warn people on their main webpage, including a link to removal instructions. 


+1 Did you email them and suggest that?



Nope. However,  I'd feel negligent if my website spread a virus and I didn't warn people .  Thats just me though.  

 

freitasm
BDFL - Memuneh
80661 posts

Uber Geek
+1 received by user: 41081

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #507941 17-Aug-2011 14:14
Send private message

I wonder if we could have here a quick poll with people's replies: "Which OS were you using when your PC got infected?"

Somehow I'm inclined to think this was all on Windows XP/2003...





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

McNulty
152 posts

Master Geek
+1 received by user: 23


  #508019 17-Aug-2011 15:57
Send private message

johnr: Give me one good reason why TM / NZherald / Met service would spread a virus?

You emailed them they must be rolling around on the floor laughing


Not laughing now, ay?




If you always do what you always did, you'll always get what you always got!

graciem

32 posts

Geek

Trusted

  #508020 17-Aug-2011 15:57
Send private message

freitasm: I wonder if we could have here a quick poll with people's replies: "Which OS were you using when your PC got infected?"

Somehow I'm inclined to think this was all on Windows XP/2003...



Windows XP

DonGould
3892 posts

Uber Geek
+1 received by user: 164


  #508031 17-Aug-2011 16:04
Send private message

freitasm: I wonder if we could have here a quick poll with people's replies: "Which OS were you using when your PC got infected?"

Somehow I'm inclined to think this was all on Windows XP/2003...



Can we start with - how do you detect it and how to you fix it?

What do I need to do to confirm that my users don't have it?  So far I've read that AVG and MSE aren't stopping it.

D




Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

 
 
 
 

Shop now at Mighty Ape (affiliate link).
l43a2
1784 posts

Uber Geek
+1 received by user: 591

ID Verified
Trusted

  #508036 17-Aug-2011 16:07
Send private message

my sisters laptop was running WinVista Firefox an AVG managed to stop the infection.





Lifejockey
11 posts

Geek


  #508037 17-Aug-2011 16:07
Send private message

Debian Linux 6.0 :)

freitasm
BDFL - Memuneh
80661 posts

Uber Geek
+1 received by user: 41081

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #508038 17-Aug-2011 16:07
Send private message

If we know what exploit was used, perhaps you can focus your efforts? If you know it's not affecting IE9 on Windows 7 then you know you don't have to spend time on that...





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

DonGould
3892 posts

Uber Geek
+1 received by user: 164


  #508046 17-Aug-2011 16:12
Send private message

http://www.stuff.co.nz/the-press/news/5460586/Malware-virus-hits-MetService-website

It's on the stuff web site now.




Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright