VIRUS ON THG?

fishboi · Aug 8, 2007

Came to the homepage this morning, asked me to install an ActiveX (now thats new???). Clicked, and bang. Virus. WTF??????????

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Bloodhound.Exploit.109

fishboi · Aug 8, 2007

Discovered: January 3, 2007
Updated: February 13, 2007 1:03:05 PM
Type: Trojan Horse, Worm, Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Bloodhound.Exploit.109 is a heuristic detection for Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability (as described in BID 21829).
ProtectionInitial Rapid Release version January 3, 2007
Latest Rapid Release version January 3, 2007
Initial Daily Certified version January 3, 2007
Latest Daily Certified version January 3, 2007
Initial Weekly Certified release date January 10, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat AssessmentWildWild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
DamageDamage Level: Low
DistributionDistribution Level: Low

Writeup By: Costin Ionescu

http://www.symantec.com/enterprise/security_response/writeup.jsp?doci d=2007-010315-5708-99

Jim_L9 · Aug 8, 2007

It appears to be gone now, but I did run into it earlier.

chedrz · Aug 8, 2007

Nope, it's still there...

turboflame · Aug 8, 2007

It just happenned to me, I got the activeX popup, I didn't click it and IE just crashed.

perham3d · Aug 8, 2007

tut tut tom 😛

Heyyou27 · Aug 8, 2007

I didn't run into it.

aevm · Aug 8, 2007

I'm using FireFox, it doesn't have ActiveX

warezme · Aug 8, 2007

aevm :

yea, Firefox!

how fast you have your Q6600?

I just got mine "reinstalled", new mobo, my old board was the 680i SLI AR version that wouldn't go over 1200FSB, so got it RMA swapped for the A1. I pulled a late night and got it back and running already at 3.0Ghz at default voltage.

can't wait to get home and really start pushing it, hoping for 3.6Ghz like my old C2D but would be happy with 3.3 or so. :bounce:

ben72227 · Aug 8, 2007

I ran into the bloodhound exploit this week (maybe it was on THG???). It's the first time in a LONG time that I can remember my anti virus popping up saying it had quarantined something...

MisterChef · Aug 8, 2007

When I opened tomshardware.com this morning, I didn't click on any bars at the top of the page but Trend Micro immediately found a virus named XML_HACK.AO in a .mov file in my temporary internet files. On the Trend site it said Quicktime 7.1.3 was vulnerable to this so I immediately updated to 7.2 and deleted my browser cache.

Like one of the guys above said, this is the first time my virus scanner has detected a virus in a long time.

orangegator · Aug 8, 2007

I also just detected the Bloodhound.Exploit.109 virus about 5 minutes ago. I guess it came from here. This is not the first time THG has been infected with a virus... Gotta love their security and competence.

Jake_Barnes · Aug 8, 2007

It's been reported! Thanks - 3rd party banner ads, I think.

juvealert · Aug 8, 2007

i'm using firefox and the virus message didn't pop up althoguh somtimes lately i get this message when i access THG from firefox ....

"access to http://www.tomshardware.com/us/ is forbidden" something similar to posted message.

recently asus website was hecked so i wouldn't be surprissed that the same thing happens to tomshardware.

on the other hand nice to report such thing lets support THG for their good work by being patient. Keep it up THG

metalfandragula · Aug 8, 2007

Time Module Object Name Threat Action User Information
8/8/2007 11:01:36 AM IMON file
Name: http://www.google-counter.com/cgi-bin/nsp1?o6&a=716&p=Af&r=347186945 6
Threat:
Exploit.Multi.Qtp.B trojan
Action
Connection terminated

To note, I am also using firefox 2.0.0.6 and NOD32 picked it up.

Fredi · Aug 8, 2007

it seems to be gone now?

Hawkeye22 · Aug 8, 2007

juvealert :

I had got the forbidden message several times over the past few weeks. I haven't seen it at all this week.

rsetter1 · Aug 8, 2007

I have been getting the "Forbiden" message everyday for the past week.

fishboi · Aug 8, 2007

Has someone from THG responded and come back with an explanation?

Fredi · Aug 8, 2007

ey... me!

see my question above. Some banner as suspected, but I can't be sure if it's gone for good...
I have to assume that no more reports mean it's all OK now...

eric54 · Aug 8, 2007

wtf? man i'm glad i have vista 64 bit. But seriously, whats the deal? Toms with freaking viruses on its site?

fishboi · Aug 8, 2007

I agree with eric54. WTF response is that? Viruses on a tech site and no real explanation for what happened?

What does it actually do for those who may have been infected? If people havent gotten a warning message, it probably means they're infected. How serious is it etc etc.

Just some thoughts. I'm fine - I picked it up early this AM, but maybe some other people are concerned.

ITZ · Aug 11, 2007

Nope the error is still there... I tried to access the site this morning August 11 2007 @ 740am but got the Site is forbidden 403 message....

Mousemonkey · Aug 11, 2007

Having not used Interturd Exploiter for even longer than I've not been to either the UK or USA website should I be concerned? [:mousemonkey:2]

HyperBladeST · Aug 11, 2007

Still getting the "access to http://www.tomshardware.com/us/ is forbidden" with firefox.

No problem with IE but the spybot plug-in (Browser Helper) is saying that it blocked one bad address.

VIRUS ON THG?

Distinguished

Distinguished

Distinguished

Distinguished

Distinguished

Distinguished

Splendid

Illustrious

Distinguished

Distinguished

Distinguished

Distinguished

Splendid

Distinguished

Distinguished

Distinguished

Glorious

Distinguished

Distinguished

Distinguished

Distinguished

Distinguished

Distinguished

Titan

Distinguished

Share this page