TriS reported as an Attack site

[Kotik]

Their reply is only half-true. They don't block the site, but they deactivate all javascript if you choose 'ignore this warning'. That's why the formatting is all messed up, because for reasons that escape my understanding, the archive part of TriS is relying heavily on javascript, which is unneccessary. Most of what's done in JavaScript can be just as easily implemented using CSS-classes, which are generally much safer than using JavaScript, which is a major source of scurity problems and browser incompatibilities.

[panyasan]

FYI: My computer crashed after trying to visit the forum the other day. Part of my hard drive was gone. I am now working on a different, isolated hard drive. Still fear I have to bring in my computer for some major repairs. I also heard from another member that she was infected with a nasty virus when she visited the site. It turned out to be that kind of software which is aimed to get personal information. She had to repair her computer.
Hopefully everything is solved now.

[Kevin Thomas Riley]

My Google doesn't block it. However, I got a Norton warning that it had blocked whatever it is. I could still see the main page though (it doesn't always do that whem it say it has blocked something).

It said that it was a Web Attack: Blackhole Toolkit Website 5

The attacking URL is: vfgkpjtq.co.tv/forum.php?to=dd05b6b7bbcae20d

whatever all that means?

[Cogito]

It does look as if the site has been compromised by having that dodgy script from .co.tv inserted into the home page.

Luckily the Firefox NoScript blocked it for me, and Firefox warned about the infection anyway. But others might not be so lucky.

[Silverbullet]

KKTR, I have been notified a few times in the past day sthat the blackhole Toolkit Web 5 had been blocked when it attacked my computer. Apparently my firewall is successful at fending it off. I ran a anti Malware program but it came up with nothing. I have a anti spybot program but don't think that the blackhole toolkit Web 5 is a spybot.

I did say the other day I had a warning about this. Unfortunately my memory is bad so I used Blackbox tooolkit instead of Blackhole Toolkit Web5. TW the notice said it ws a Web attack.

SB

[justTripn]

Cogito, I got your message and somehow removed the alert. Without knowing the IT aspects of this, I beleive you are right. We should probably take down the site until we can figure out what is wrong. Someone please turn this post into an alert by clicking on the exclaimation point.

Thank you,

Ann

[justTripn]

OK, I was able to turn my own post into an alert. I'll try to contact Elessar.

[justTripn]

Well, it looks like our IT guys have at least heard about the problem. I hope they are dashing to our rescue. Thanks Cogito.

[Elessar]

As I said, we're aware of it and we've been working on it. We appreciate your diligence, we've already contacted BadWares and removed the offending script but it is self-replicating. We're looking into it further with the Host to see what we can do to increase security.

In the meantime, I apologize for the inconvenience but it would seem to be an overreaction at this time to take the site down. Most browsers and all anti-virus clients will keep you safe from the malware, which is likely aimed at retrieving personal information, not causing widespread havoc and system failures. I cannot say with certainty there's no connection but it's unlikely - the era of 14 yr olds programming doomsday viruses for a laugh has long since been replaced with greed-driven worms and trojans designed to retrieve personal browsing information to sell to advertising firms. Your machine is probably compromised or attacked by bugs like this on a daily basis, as many sites are routinely compromised by 3rd party malwares of this nature.

Again, we're doing everything we can to isolate and remove the offending code. For now, I would suggest everyone make sure they're running antivirus clients (as you already should be...) and that they are fully up to date. We'll post updates as they become available.

I would also suggest to anyone concerned about the integrity of their system to install and run Spybot Search & Destroy

[justTripn]

NEVER MIND! The Triaxian Silk facebook page is legit.

[Silverbullet]

Got latest updates and then ran Spybot Search and destroy. Nada. Came up empty. No spy bots apparently. Have no idea what this Web Attack Blackhole Toolkit Web 5 is.

SB

[Kotik]

Got latest updates and then ran Spybot Search and destroy. Nada. Came up empty. No spy bots apparently. Have no idea what this Web Attack Blackhole Toolkit Web 5 is.

SB

I've read the Symantec analysis of the thing and in all my 16 years of experience as a professional programmer, I've never seen such an evil piece of work That thing goes to ridiculous lengths to conceal itself within websites and anyone short of a professional would never even notice a thing, although one has to concede that most producers of websites provide a fertile environment for such things to succeed, since most people these days use WYSIWYG tools to create their websites by point-and-click, rather than good ol' handcraft, for which you don't need anything but a paint program and a text editor, else people would recognize the suspicious block of hex-dump suddenly appearing in the resulting HTML source.
I hate to sound like an old man, but the best way to be sure of safety is programming sites like in the olden days, even if it is significantly slower and the source has to be monitored regularily. To the untrained eye, things like this blackhole toolkit are practically invisible, which is, why it is so dangerous.

[justTripn]

The Triaxian Silk facebook page is legit.

[Silverbullet]

Kotik, obviously my computer is being attacked but the firewall is holding and blocking The blackhole Toolkit Web 5. How in Hell does one get rid of the damned thinig for good. I am afraid that it just might succeed in its attack once which is all it will need.

why in gods name ae these people doing this. Bad enough that those kids used to let loose their little pieces of hate.

Like you I am too damned old for this shit.

SB

[Kotik]

Silverbullet,

What your firewall is blocking, is the trojans attempts to call home and/or downloading more trojans. Removing them completely is usually a very tedious bit of work. I once had a trojan infection on my main development machine and it took me several hours to get rid of it completely and only over a decade of experience made it possible at all.

I'm afraid, once it is infected, you can't really avoid to let an expert take care of your machine. Sometimes a complete re-installation is unavoidable as latest generation trojans do not only contain code to conceal themselves, they actually contain code to actively fight removal.

About the motivation to write such things? Well for most of those "l33t hax0rz" it is first and foremost a binary penis enlargement. They feed their ego by hiding behind a ridiculous nickname and tell everybody that they wrote this or that virus and think they are great.
The sad bit is, that some of them are actually bloody good programmers. I've seen a few dissected trojans or dissected them myself and the coding was excellent. This is why some of them are so dangerous - they aren't written by some dimwitted script-kiddie, but by brilliant coders with a character and a social problem.