WARNING! TMSO thread uses imagehoster that has been used to spread infectios JPEGs.

dgatsoulis

dgatsoulis

ele2png user
Donator
Joined
Dec 2, 2009
Messages
2,022
Reaction score
628
Points
128
Location
Sparta
Does anyone else get a warning sign when clicking on the TMSO thread at Addon Development?

Untitled-1.jpg


(Translating from Greek)

"WARNING: Visiting this website may be harmful for your computer!
The website www.orbiter-forum.com contains data from the website s2.noelshack.com, which seems to be hosting malware., (explains what malware is).
Just by visiting a website that contains malware may infect your computer."

(and below that it has the tabs "understanding the risks and visit anyway")

Did anyone else get this? It doesn't come up with any of the other "Latest Posts" threads i click on, just this one.

Can this thread be somehow infected?

I already sent a msg to the webmaster about this, through the Contact us link.

EDIT: I don't want to spread panic here, just want to know what this is, and if it can be harmful to this forum or our computers in any way.
 
Last edited:
Istochnikov said:
Lol... no, in fact, just 5 minutes ago i was posting exactly on this thread... :P
Click to expand...

I know, after DagoO's post was yours and then Yoda's.

Why do i get a warning when i click on this (and ONLY this) thread?

---------- Post added at 05:58 PM ---------- Previous post was at 05:41 PM ----------
jinglesassy said:
s2.noelshack.com appears to be a image hosting site.
Click to expand...

I get that warning sign as soon as i press "http://s2.noelshack.com/" also.
(i typed s2.noelshack.com on Google Chrome)

I do NOT mean to undermine the TMSO thread in ANY way guys, but it's the first time i see this when i click on a thread.

I really hope it's nothing.
 
TheEyes said:
What browser are you using?

That screen is most likely to be malware anyway. Do a system scan.
Click to expand...

Google Chrome.

I did a system scan, as soon as i first saw this warning (Kaspersky PURE 2010 - No files infected)
 
Urwumpe said:
According to Google:

http://safebrowsing.clients.google....t=Firefox&hl=en&site=http://s2.noelshack.com/
Click to expand...

"The last time Google visited this site was on 2010-04-15, and the last time suspicious content was found on this site was on 2010-04-13.
Malicious software includes 118 trojan(s), 74 worm(s)."

On an image hosting website!? (according to jinglesassy, i haven't visited it due to the warning.)

Reminds me of that post i read about "steganography" on the "Evil Addon Developer" thread i posted a few days ago...

Yeah i suggest you stay away from that site
Click to expand...
For sure!
But i'd like to get info from that thread though! I'd really like to see what this thread has to say, but without getting "118 trojan(s), 74 worm(s)." on my system.
 
Last edited:
dgatsoulis said:
On an image hosting website!? (according to jinglesassy, i haven't visited it due to the warning.)

Reminds me of that post i read about "steganography" on the "Evil Addon Developer" thread i posted a few days ago...
Click to expand...

Yes, but different. The trick in this case is abusing a bug in the windows JPEG file handling, that is often not patched, for infecting PCs and create bots, that can be commanded from a command server (system).

The infected homepages are modified with tiny invisible "internal frames" to load the JPEG files from a "trusted" server (this one) and display them in your browser. If you have not fixed the bug, you get a tiny rendering error, and a piece of code got executed in the context of the operating system, usually installing the whole horror. Once infected, your PC can be secretly used for probing new webservers and modify them to link to the infected images. The construction kit for such malware is sold professionally from criminal groups, for serious money. Understandable, if the investment brings you up to 500,000 bots for your network, without a high chance to be caught by the police.
 
Urwumpe said:
Yes, but different. The trick in this case is abusing a bug in the windows JPEG file handling, that is often not patched, for infecting PCs and create bots, that can be commanded from a command server (system).

The infected homepages are modified with tiny invisible "internal frames" to load the JPEG files from a "trusted" server (this one) and display them in your browser. If you have not fixed the bug, you get a tiny rendering error, and a piece of code got executed in the context of the operating system, usually installing the whole horror. Once infected, your PC can be secretly used for probing new webservers and modify them to link to the infected images. The construction kit for such malware is sold professionally from criminal groups, for serious money. Understandable, if the investment brings you up to 500,000 bots for your network, without a high chance to be caught by the police.
Click to expand...
Could "your network" hack into other networks you have in your PC and then somehow become Global? (remember the http://en.wikipedia.org/wiki/Six_degrees_of_separation)
 
MeDiCS said:
Yes.

But I'm not getting any warning. Firefox 3.6.2.
Click to expand...

FFox 3.6.3 here, and I get it. Maybe you have disabled this feature, it is not mandatory.
 
Urwumpe said:
FFox 3.6.3 here, and I get it. Maybe you have disabled this feature, it is not mandatory.
Click to expand...
3.6.3 also (typo).

No, I haven't disabled it, but the images are blocked without warning.
 
Firefox 3.6.3 and I get the warning.

I also never knew about the JPEG thing, 'tis rather interesting.
 
Last edited:
You must log in or register to reply here.

Similar threads

Matias Saibene
Discussion Preparing CMake to compile Orbiter add-ons (my experience)
Replies
7
Views
5K
Matias Saibene
Matias Saibene
Soheil_Esy
Science Atmospheric Science
Replies
0
Views
6K
Soheil_Esy
Soheil_Esy
DagoO
Project TMSO
Replies
11
Views
5K
Istochnikov
Istochnikov
jedidia
Doctor Who classic season 1 review
Replies
6
Views
16K
PhantomCruiser
PhantomCruiser
Bj
Question Problem with JS/PHP script
Replies
9
Views
12K
Bj
Bj
Back
Top