Trojan Horse

**SuperJuice** · Tue 3 Aug '10, 5:11pm

Have you read the error?

It refers to /a/tmp/des.jar on the 'attacking computer'

Check if that file is available on your webserver, if it is.. get the mop out.

Not sure how this has any real relevance to the CMS unless there is proof that the CMS was the attack vector.

**nsglazer** · Wed 4 Aug '10, 11:51am

No such file is on my computer. I beleive this is being caused by something in the vbulletin CMS because we only see this warning on CMS pages of vbulletin. Thoughts?

Neil

**djbaxter** · Wed 4 Aug '10, 3:19pm

Dump Norton.

**SuperJuice** · Wed 4 Aug '10, 6:13pm

Originally posted by nsglazer

No such file is on my computer. I beleive this is being caused by something in the vbulletin CMS because we only see this warning on CMS pages of vbulletin. Thoughts?

Neil

I'm not talking about your computer, read the error.

It specifies the host and the file, first thing to do is check if that exists.. if you own the host / IP find out how it got there.

Are you on a shared host?

If you go to http://79.135.152.196/ Firefox reports it as a Reported Attack Page.

**setishock** · Wed 4 Aug '10, 9:26pm

I hang out at a forum that was having an issue similar to that. The owner had switched ad companies and as it turned out getting some ads laced with some nasty s**t.
I run nod32 on all my rigs and it was flipping out when I visited the forum. The other members running free and pay AV reported the same alerts. When the owner switched them off it stopped. I must also note he went back to the one he didn't have problems with before and it's been quiet since.
The intermittent showing up may be not all of the ads are bad. Just certain ones.
This might or might not be the case here but most certainly worth looking in to.

vBulletin 4 End of Life

Trojan Horse

[CMS] Trojan Horse

Comment

Comment

Comment

Comment

Comment