MALWARE on zerotohundred

[^pomen_GTR^]

my newly installed chrome detected malware again on all zth...today...

 

[kanan]

me too

 

[Tom]

hi everyone, thanks for replies,

we've been attacked yet again. the files are scanned and removed at this time.

If your antivirus prompts a mesage, I would appreciate it greatly if you could post the messages here

thanks!

 

[ShaolinTiger]

You're still using vBulletin 3.8.5 which is a vulnerable version. I suggest upgrading to 3.8.6 Patch Level 1 which is the latest stable version in 3.8x tree.

 

[Tom]

hi shaolin tiger,

thanks for the recommendation, we'll be upgrading soon to the latest patch.
though the affected areas were in fact not vbulletin this time but the openX adserver

Thanks!
Tom

 

[ShaolinTiger]

Ah, no worries. Best to keep everything up to date just to be safe.

You might wanna implement some more security measures on the server side too as I presume you're on a dedicated servers. Things to check out:

SuPHP - http://www.suphp.org/Home.html
Suhosin - http://www.hardened-php.net/suhosin/
mod_security - http://www.modsecurity.org/
CSF - http://www.configserver.com/cp/csf.html

All make sure all the permissions are correct (not 777) and scan the machine with chrootkit or similar.

There's also some tips here regarding OpenX specifically:

http://www.openx.org/fr/docs/2.8/adminguide/Securing+OpenX

You probably got this too:

http://www.thewebhostinghero.com/articles/openx-vulnerability-this-site-may-harm-your-computer.html

 

[kian27]

my avast detected virus just now..isit kena attacked again?

 

[Tom]

hi kian27

would you by any chance have the report with you?
this would help us detect the infected files better

Thanks!

 

[kian27]

this 1? if nt mayb other avast user can tell me where/how to find it, i will try my best. Those at july 1 is zth affect by malware period also. That time i thought was my pc problem so i just ignore it until other forumer file a report at here i just realize.

last time when here is affected by malware when i log to zth page then avast will warn me & something about java will pop up (i didn't read it just close the pop up). hope it helps.

 

[Tom]

hi Kian

thanks for the reply
do continue to update us if you find any future notices

There was in fact a suspicious JavaScript file earlier which we've fixed.

It's now 100% safe. Your anti-virus shouldn't show any more pop-ups

thanks!
Tom

 

[papagoines]

You might want to take a look at this
http://safebrowsing.clients.google....dypart-virs.html&client=googlechrome&hl=en-US

 

[Tom]

hi ppgoines, thanks

To everyone, I'd to apologize for the inconvenience caused (yet again).
Again, despite the various methods taken to secure Zerotohundred.com since the last 2 attacks, the attack yesterday came from one of the advertising network we work with.

here is a full explanantion from Innity:

Further to our earlier email, we have managed to rectify the issue of our ad server displaying a malware warning issue on your site. In summary, a portion of our domain; innity.net, which operates as a content delivery network focused on delivering static banner files to our end user, was affected in Indonesia and this led to Google classifying our domain as being infected by malware. While we have quickly resolved the issue and are now back to normal operation, Google’s aggressive malware prevention policy may result in users continuing to see warnings until Google completes its re-review process. As a result, the entire innity.net domain has been blacklisted. Websites that are embedded with the Innity tag have been affected by this problem and this has caused a warning message to be displayed when a user visits the websites when they are using either Google Chrome or Firefox.

We have excluded the affected delivery network from our advertising network until the service provider rectifies the issue from their side. We have also initiated the Google review process, and requested Google to recheck the site and declassify it as malware. The process could take up to 48 hours as the situation is complicated due to the fact that there is no detailed report as to why Google has classified us as a malware distributor.

We have also taken short-term steps to lock down our domain in Indonesia completely while we determine the true technical root cause of the initial malicious files.

We take the integrity of our infrastructure extremely seriously, and will post a detailed follow-up as the investigation completes. We sincerely apologize for any inconvenience caused to you and your visitors, and you have our assurance that part of the investigation also includes reviewing our early-detection mechanism for this type of glitch specifically.

You can temporarily remove the Innity tag from your site, and sign up for Google Webmaster Tools for a review. Details can be found on the site below: http://www.google.com/support/webmasters/bin/answer.py?answer=168328

Additionally, we would appreciate your help in sharing with us the information that is being displayed on your Google Webmaster Tools under the malware section to [email protected] .

Please refer to this page- http://www.innity.com/announcement/ for further updates on this issue. You can also write to us at [email protected] or call +603 78805611 for further questions.



Regards,
Innity Marketing Team

T: +(60)3 7880 5611 F: +(60)3 7880 5622

 

[TitanRev]

Hope everything is back to normal now..

 

[papagoines]

no worries bro... i can browse via firefox...

---------- Post added at 09:10 PM ---------- 6 hour anti-bump limit - Previous post was at 09:07 PM ----------

here's one comment from lowyat.net about the issue
http://www.lowyat.net/v2/malware-attack-cripples-innitys-advertising-network.html

 

[Tom]

thanks for the link, it's comforting in a way to know there are many other site who were affected