GimpTalk.com Attacked :(

Hi guys. I happen to visit Gimptalk.com quite a bit for help on using the GIMP. Anyway, I noticed that when I clicked on my bookmark that Avast went nuts with “trojan blocked” So, I went to UnmaskedParasites and came up with this link:

http://www.UnmaskParasites.com/security-report/?page=www.gimptalk.com/forum/

This is from Google Safe Browsing http://www.google.com/safebrowsing/diagnostic?site=www.gimptalk.com/forum/

I suppose their Admins are aware and are trying to fix the situation. This is certainly bad news for those of us that frequent that site. :frowning:

Yes, it would appear that they are aware of it, and seem to be working on it.

Hi spgSCOTT,

This is or rather was the suspicious domain found:
* link - hxtp://avtassociates.com/images/gifimg.php
Then one gets: failure: HTTP Error 403: Forbidden
Blocked by the avast Webshield, site owned at Bangalore:
hxtp://64.71.235.51/ U.S.A. address is in the abusive host block list
HTTP/1.1 403 Forbidden
Content-Length: 1549
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Apr 2010 13:45:23 GMT
Connection: close

What is the current listing status for avtassociates.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2 times over the past 90 days.

What happened when Google visited this site?

Of the 95 pages we tested on the site over the past 90 days, 1 page resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-04-03, and the last time suspicious content was found on this site was on 2010-04-03.

Malicious software includes 27 exploits, 21 scripting exploits.

Malicious software is hosted on 1 domains, including parveen.in/.

This site was hosted on 1 network including AS27229 (WEBHOST),

Threats found: 1
Here is a complete list:
Threat Name: 23616 also known here as JS:Illredir-AK[Trj],
Then there is this: link to go.microsoft.com/fwlink/?linkid=8180 with
Suspicious Inline Scripts

var enableSiteSurvey ^^ true ^^function isDomainTracking(){var entry ^^^MS.Support.Fms.CookieUtil.getCo broken^by me, polonus

all malicious or suspicious: http://jsunpack.jeek.org/dec/go?report=59c85fe573a27458b08353bd4d49ecf6418a2761
re: hxtp://hi.baidu.com/jayoi6916/blog/item/e88950ca4c72121d7e3e6f21.html

polonus