Virus warning

[RickW]

<p>Someone who viewed one of my photos got a virus warning about "Blackhole Exploit Kit (type 1889)".</p>

<p>The photo is http://www.photo.net/photo/12868904.</p>

<p>I scanned my Mac with Norton Anti-Virus and MacScan before processing and uploading the photo, so I don't think it's from my system.</p>

<p>Rick</p>

[rashed_s]

<p>Coud this be whats effecting the site at the moment and non of the members first page can be opened?</p>

 

[joshroot]

<p>Member pages should be fixed.</p>

<p>However, we can't figure out why anyone would be seeing a virus warning. Can anyone who sees one take a screenshot of the page you are on and email it to contact@photo.net?</p>

[William Kahn]

<p>According to McAfee, Blackhole is a low-risk trojan that's been around since 2004. Heee's their info:</p>

<p>This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.</p>

<p>Just for info...</p>

[wogears]

<p>I got the same message--I can pull it up in Nortons. Will submit a screen grab.</p><div></div>

[Former P.N Member]

<p>I got the same message as Les the first time I clicked the link. Subsequent clicks nothing happened - other than displaying the image.</p>

[mdunker]

<p>I received the same message from Norton when opening the photo.net homepage. </p>

[joshroot]

<p>Just out of curiosity, do any of the people who are seeing the warning also have "spotify" accounts?</p>

<p>http://cyberinsecure.com/spotifycom-software-hit-by-malicious-third-party-advertisements-around-9-million-users-affected/</p>

[pierceart]

<p>I've gotten the same warning, on THIS page! Josh, I don't have the "Spotify" account. Do the site managers know about this?</p>

[joshroot]

<blockquote>Do the site managers know about this?

<p><a name="pagebottom"></a></p>

</blockquote>

<p>Given that I am the one who runs photos.net, I would say yes.</p>

<p>We are working on it as quickly as we can. The more information we can gather, the faster we can track it down.</p>

[joshroot]

<p>To anyone who sees the warning, do you see the warning again if you return to or reload whatever page you saw it on?</p>

<p>We can't find any trace of anything malicious on our servers and are trying to track down if one of the adservers has been compromised.</p>

[sknowles]

<p>I only get it when clicking the first time, reloading seems to avoid it. It seems you're on the right path with the ad servers since they change and the Photo.net pages don't. What you need is a global disable routine which replaces all the ads with blank spaces (gifs/jpgs) to preserve page format and presentation. This way you can set a yes/no value or semaphore to able or disable all the ads to test if any problem is Photo.net or elsewhere. Just a thought.</p>

[mdunker]

<p>No spotify account here. I did not get the notification when coming back to photo net. It retrospect, I may have received the Norton alert when accessing the Unified forum page, but I had not traveled farther then that. </p>

<p>thanks Josh. </p>

[Former P.N Member]

<p>"To anyone who sees the warning, do you see the warning again if you return to or reload whatever page you saw it on?"<br>

Only saw it the one time but in checking my Norton log I see it's been intercepted a few times. (Just checked - only twice)</p>

<p>No spotify account.</p>

[wogears]

<p>No Spotify account here. I do get some 'invalid certificate' notices, but I'm too damn stupid to have written them down. I'll grab the next one, I promise!</p>

[Jeff Lear]

<p>Some weird things were happening earlier. I was getting strange "unable to open PDF" warnings followed by a browser (Safari) crash when navigating to my community member page. Everything seems to be back to normal now. No Spotify here.</p>

[pierceart]

<p>I think that my Norton stops warning me on the same page, but will warn me on the next page it catches. It blocked that warning three times, and I looked at three different pages, mine included.<br>

;-D</p>

[WJT]

<p>3/27/2011 12:27:37 PM HTTP filter file <a href="http://lockba.com/adserver/display.cfm/731/1534/45613/j/cd/?pbnt=515a4dgﾮt=481643&imprx=18211123187">http://lockba.com/adserver/display.cfm/731/1534/45613/j/cd/?pbnt=515a4dgﾮt=481643&imprx=18211123187</a> JS/Kryptik.X trojan connection terminated - quarantined. Threat was detected upon access to web by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.</p>

<p>The above is what my Eset av produced several times that day when I visited the site, from home and at the office. This is from the log file; I should have grabbed a screenshot, sorry.</p>

[joshroot]

<p>Has anyone seen any warnings today? We think we have the issue wrapped up. But I want to know ASAP if anyone sees anything.</p>

[Former P.N Member]

<p>"Has anyone seen any warnings today? We think we have the issue wrapped up. But I want to know ASAP if anyone sees anything."</p>

<p>Nothing today even after visiting the original link that started this thread. It would be interesting to know what the suspected problem was.</p>

[WJT]

<p>So far so good...visited several fora and member's pages.</p>

[joshroot]

<blockquote>

<p>It would be interesting to know what the suspected problem was.</p>

</blockquote>

<p>We think it was a bad ad as all of our servers came up clean. I doubt that it was done maliciously, this sort of thing happens because of bad programming. But you never know. So we want to track it down as far as we can.</p>

[pierceart]

<p>So far, no warning for me either. Looks like you caught it. ;-D</p>

[rashed_s]

<p>I also got the Safri crash number of times when opening photnet, I re open again and it do it successfully but I am of nu understanding of virus, I use the mac 27 inches all in one computer, when the crash takes place, the system ask, reopen and then report of ignore, I do not get this when I open any other site.</p>

[songtsen]

I had a 'malware warning' in Opera 11 a few minutes ago.<div></div>