Downloader.Exploit.64 by qwerty

FIREFLYFANS.NET CENTRAL

Downloader.Exploit.64

POSTED BY: QWERTY
UPDATED: Tuesday, June 26, 2007 05:31
SHORT URL:
VIEWED: 5502
PAGE 1 of 1

Tuesday, June 19, 2007 4:45 AM

Hi, Don't know if anyone else has reported this issue, but this morning when I logged onto the site, and as I've been perusing around, my anti-virus software has been going a bit nuts, saying my machine is getting hit with "Downloader.Exploit.64".

It's nothing malicious, my AV software is easily quarantining it and deleting the files, but it is rather annoying.

Do you know where this might be coming from? Any new ads or anything that could be spawning this?

This is the information provided to me by me AV software: http://securityresponse.symantec.com/security_response/writeup.jsp?doc
id=2006-041114-2838-99

Thanks!

NOTIFY: Y | REPLY | REPLY WITH QUOTE | TOP | HOME

Tuesday, June 19, 2007 4:48 AM

KANEMAN

Spam...here?

NOTIFY: N | REPLY | REPLY WITH QUOTE | TOP | HOME

Tuesday, June 19, 2007 6:03 AM

ICHIBAN

I think it's something to do with three items posted to the Blue Sun Room - they show up on the main page.
There's what I guess is supposed to be an image used in the title of all three, browser starts to download it.
The site the image is downloading from has all sorts of Chinese on it and has a reference to IE 0day - which seems to be some sort of browser exploit.

I tried looking stuff up on google about it, but all the results are too technical for me.

My anti virus isn't going crazy - but that's either cause I'm using Firefox or because my anti virus is rubbish - hope it's not the latter.

EDIT- just looked at the source, it's a java script thingy not an image - sorry

NOTIFY: Y | REPLY | REPLY WITH QUOTE | TOP | HOME

Tuesday, June 19, 2007 7:02 AM

PHOENIXROSE

You think you know--what's to come, what you are. You haven't even begun.

Yeah, my virus protection had some major freakouts when I first tried to get on today, so I used a different bookmark to bypass the homepage and it seemed fine. Was more than a little irritating.

Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.
A troll's hair is still pointy, even when it's wearing a hat.

NOTIFY: N | REPLY | REPLY WITH QUOTE | TOP | HOME

Wednesday, June 20, 2007 1:17 PM

LEIASKY

It's still happening to me when I click on the Blue Sun Room, and then click on 'show me more fanfics'. My virus software is still going nuts. This is the site, in addition to the download explorer thing I'm also getting, is: idfirstc.com/wawrar/07004.htm

I just won't load this site at home (my work virus software is much better) until I know this issue has been fixed.

"A government is a body of people usually notably ungoverned."

NOTIFY: Y | REPLY | REPLY WITH QUOTE | TOP | HOME

Monday, June 25, 2007 2:38 AM

JODIE

Hi -
Thought I was imagining things, thinking it was this site...but just when i thought the problem was resolved, up it pops again!

I got nothing - until I went back to the Blue Sun page before the current one (fics from 20 June and previous).

Please - anyone have any ideas?? I don't want to have to quit this site - it has me a bit weirded out.

The following is from the Symantec site:

Downloader.Exploit.64 is a heuristic detection for the Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability (Bugtraq ID 17462).

An attacker who exploits this vulnerability could execute arbitrary code with the privileges of the logged-on user. The attack has be launched by visiting a website that hosts the malicious code. The exploit requires no user interaction to trigger.

Applies to: Windows NT/2000/XP (including SP2)/2003

Files that are detected as Downloader.Exploit.64 may be malicious.

Anyone understand all this?

NOTIFY: Y | REPLY | REPLY WITH QUOTE | TOP | HOME

Monday, June 25, 2007 11:04 PM

MISSTRESSAHARA

Yup, happened to me today. I'm worried because we haven't updated our virus definitions because we haven't the coin.

Guesse I'll just avoid the BSR.

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
~*Peter* Peter*; power *re-peater*~
`@/
/Y
/_)

*Petrelli for President. Together we can soar.*
**********~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**********~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**********~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**********~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**********~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HEROE'S IS MY CRACK!
~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~

NOTIFY: Y | REPLY | REPLY WITH QUOTE | TOP | HOME

Tuesday, June 26, 2007 5:31 AM

PHOENIXROSE

You think you know--what's to come, what you are. You haven't even begun.

I downloaded the Explorer Security Update and haven't had a problem since. It's free if you have Windows, so those who can't update their virus definitions might want to go that route. Either that or just don't go to the Blue Sun page that has that posting on it.

NOTIFY: N | REPLY | REPLY WITH QUOTE | TOP | HOME

YOUR OPTIONS

SHARE THREAD

NEW POSTS TODAY

USER	POST DATE

USER

POST DATE