Hi forum members,
Good I could log in again. The forum apparently is back up and running. Gratulations for the people that cleared that situation real quick. Avast to the bone,
polonus
An explanation of exactly what happened and how this forum was hacked might be in order. Thanks ???
What if anything did this forum loose and what if anything did the hackers gain???
i am glad it was cleaned also-by logging into the forum yesterday-my avast was working overtime-i have never seen so many abort connections and trojan horse warnings one after the other and would’nt stop-my windows would not boot back up-had to do a complete os long format restore and drivers to make sure the hacker bs was off…
i was i knew who did this to our forum-i would gladly go to the person’s computer and make computer dust out of it 
wasn’t a happy camper yesterday :-X
++++Welcome Back Forum++++
Basically something hacked the forum Simple Machines PHP software injecting an iframe tag in to each page as it was loaded, that page tried to infect users with the storm worm. Those with Firefox or Opera weren’t vulnerable but those with IE or a clone were vulnerable to attack, however the web shield blocked that attack.
See this topic where I documented the problem, http://forum.avast.com/index.php?topic=30118.0.
Pavel, we know the problem was on Simple Machines forum software.
But, like Bob, I’ll be glad of an explanation 8)
i updated my avast yesterday and every time i opened the forum its said there was virus, and i cant login it. its weird that avast pointed out there was virus in its own website ???
Yesterday I visited avast! forums & it was in large print & I read DavidR’s post about the forums had a virus. I use Opera & my zoom setting was at 100%, so I guess the virus caused the zoom to be large. All other websites were normal, still at 100% zoom.
I didn’t try to login, I didn’t want to take a chance the virus or malware might collect logins & passwords.
Did anyone else experience the large zoom even though the setting was at the normal 100% zoom?
What is weird about detecting a malware infection, no matter where it is and the virus wasn’t on the avast website but a redirect in an iframe tag opening a site that had the infection, which was intercepted by the web shield provider before it got to users systems.
You will note that Firefox and Opera weren’t vulnerable to this exploit only IE and IE clones then the web shield did its job as it should.
Did you not check out the link I gave in reply #3.
@ rdmaloyjr
I noticed other strange actions attachments not correct and a hang when trying to post, but the font size, etc. was unchanged. So it was most certainly screwing with some functions, I’m using firefox though.
rdmaloyjr, I follow all David experiences:
- Good that avast could detect the redirect in the iframe.
- Better for Firefox and Opera users.
- I noticed a hang when trying to post and that forum does not come back to the thread but to a blank page. No font size changes.
DavidR & Tech,
Thanks for your replies.
I was just curious if anyone else had the zoom issue. At first I thought I’d somehow accidentally changed the zoom till I checked & it was at the default 100%, also checked other sites for this behavior. The other sites were normal. No other difference was noticeable.
It is better safe than sorry, so I didn’t login till the infection was cured. 8)
Glad to see things are back to normal.
Hi marc57,
But what if a judge says you can only use Windows or IE henceon, like happened recently. The man on this site is asking for a donation to buy his first Windows XP license, because he is not allowed to use linux anymore to halve his time in the slammer, which is a good deal actually (the pirate is in prison and obviously for a good reason). So a judge’s verdict could make you vulnerable to an IFrame exploit and a trojan/worm, if he visited the Avast webforum site the other day with IE on Windows eXPerience. What if Big M$ whispered into his ear: “We have to monitor them all, then the going becomes narrow on the Internet, don’t you agree?” http://www.sk0t.com/
polonus
An explanation from Alwil to all of this is still lacking; ??? :
and would be greatly appreciated.
I second this (again)…
I second this (again)me too...after it destroyed my laptop with all sorts of goodies-was logging in to forum using ie clone avant browser-no more-firefox all the way
Guys,
I’m also still waiting for a detailed explanation of what actually took place. All I know is that the scum took advantange of a vulnerability in SMF 1.1.12 (that was installed on the server). Kubecj (our web admin) is out of the country but we were able to have him fix the issue yesterday late night. He should be coming home tonight so I hope I (and you, too) will get a satisfactory explanation soon.
Thanks
Vlk
curious-why is this still showing this ??? : is it just a precaution…
just a few moments ago…
i know it says previously-but for how long will this show for forum.avast.com link ???
That’s a question for linkscanner’s authors, I guess.
Obviously, they’re “caching” the outcome of a test for some time…
Cheers
Vlk
Thanks Vlk for the information…I’ll be watching.
Thanks to you and your crew for the rescue of the forum. ;D
thanks Vlk…was just curious after the adventure i had with my computer logging into the forum with my ‘previously installed’ avant ie clone browser and the many trojah horse warnings and abort connections fun time i was getting-so bad my computer would’nt reboot : :o