Notices
Gas Engines Questions or comments about gas engines can be posted here

RCU Virus Infected

Old 03-01-2011, 05:47 PM
  #26  
a1pcfixer
My Feedback: (7)
 
a1pcfixer's Avatar
 
Join Date: Aug 2004
Location: La Porte, IN
Posts: 2,505
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected


ORIGINAL: apalsson

Goes to prove there is a security problem
If you need all kinds of third party browsers and enhancements to suppress the popups, there is a SERIOUS problem with the site.
Worse that that is all web surfers who don't have better security, and get hit with worse malware/worms/bots on any number of web sites.
Just one of the many security issues MSIExploder has.......but they're working on it.

Here is what I see

Unacceptable!
Can't make out anything in that image.

Since I am using FireFox and add-ons, they prevent me from ever getting hit with such, properly setup that is.
My NSS doesn't even notice this (note image in post);
http://www.rcuniverse.com/forum/fb.asp?m=10357451


Did anyone try the https://www.rcuniverse.com
My MSIE reverted BACK to http://www.rcuniverse
But FireFox can handle it.
Old 03-01-2011, 06:02 PM
  #27  
w8ye
My Feedback: (16)
 
w8ye's Avatar
 
Join Date: Dec 2001
Location: Shelby, OH
Posts: 37,576
Received 9 Likes on 9 Posts
Default RE: RCU Virus Infected

mine did too

I think you can block redirects too?
Old 03-01-2011, 06:03 PM
  #28  
osxpro
Senior Member
My Feedback: (51)
 
Join Date: Jun 2002
Location: Winston Salem, NC
Posts: 328
Likes: 0
Received 2 Likes on 1 Post
Default RE: RCU Virus Infected

The script screams of Chinese incursion. If you go to the link OP posted, you're directed to a page with cyrilic Chinese characters. All that money we send to the Reds via Walmart and ARF's is being used to fund the Red Army's Cyber Division- The reds snoop and hack the US on a daily basis. It's basic intel gathering. I see this stuff every day as an IT Pro.
Old 03-01-2011, 06:15 PM
  #29  
a1pcfixer
My Feedback: (7)
 
a1pcfixer's Avatar
 
Join Date: Aug 2004
Location: La Porte, IN
Posts: 2,505
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected


ORIGINAL: w8ye

mine did too

I think you can block redirects too?
You can, but those are of little concern as some sites like RCU make good use of them.
Look here in the Classifieds and Auctions;
http://www.rcuniverse.com/forum/default.asp?fh=1

Javascript is the biggest danger......right behind unprotected MSIE.[:'(]
Old 03-01-2011, 06:17 PM
  #30  
apalsson
Thread Starter
My Feedback: (1)
 
apalsson's Avatar
 
Join Date: Jun 2003
Location: Coffs Harbour NSW, AUSTRALIA
Posts: 2,306
Likes: 0
Received 1 Like on 1 Post
Default RE: RCU Virus Infected


[quote]ORIGINAL: a1pcfixer


ORIGINAL: apalsson

Goes to prove there is a security problem
If you need all kinds of third party browsers and enhancements to suppress the popups, there is a SERIOUS problem with the site.
Worse that that is all web surfers who don't have better security, and get hit with worse malware/worms/bots on any number of web sites.
Just one of the many security issues MSIExploder has.......but they're working on it.

Here is what I see

Unacceptable!
Sorry buddy, I prefer to see the problem fixed rather than have to use third party browsers with propellor-head gadgets to suppress the symptoms.
The fact that we are seeing the warnings from various Anti-Virus programs is a good thing - they are alerting to the fact that we have a compromised site and the malware has been blocked.

You shouldn't need layers upon layers of gadgets to safely browse a massive commercially run site like RCU
Do you need to turn off scripts, block popups and generally "wear rubber" to browse Google?
Old 03-01-2011, 06:19 PM
  #31  
lopflyers
Senior Member
My Feedback: (12)
 
lopflyers's Avatar
 
Join Date: Jun 2010
Location: Orlando, FL
Posts: 1,520
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected

Well you guys I have no problem whatsoever. Not a pop up, not a virus warning, noit slow down.
Besides this is a free website, as far as I see it we cant complain too much
Old 03-01-2011, 06:50 PM
  #32  
a1pcfixer
My Feedback: (7)
 
a1pcfixer's Avatar
 
Join Date: Aug 2004
Location: La Porte, IN
Posts: 2,505
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected


ORIGINAL: apalsson

.............I prefer to see the problem fixed........................
Agreed, it needs fixed.

You shouldn't need layers upon layers of gadgets to safely browse a massive commercially run site like RCU
Those days of no -or- little internet security are long gone!
Such is also at the very core of so many DoS attacks, and 'bots' running rampant of millions of pc's across the planet.

Multi layered security is needed now days, or run the risk of infection.
Many of us wish it was still simple & easy.
Old 03-02-2011, 03:34 AM
  #33  
Tired Old Man
Senior Member
My Feedback: (1)
 
Join Date: Feb 2002
Location: Valley Springs, CA
Posts: 18,602
Likes: 0
Received 3 Likes on 3 Posts
Default RE: RCU Virus Infected

You still should be expecting the sites visited to be running scans and performance checks on their stuff and taking the steps needed to remove infections. RCU does not apper to be doing that, and in their failure is establishing the time and manner of RCU's demise. Site owners have to care about that they have enough to keep it. A calvalier attitude of letting the users take care of the problem cannot work.

Then again, perhaps a couple of PC repair businesses are setting up a means of developing new revenue. This kind of activity is being watched closely on another site.
Old 03-02-2011, 04:02 AM
  #34  
telejojo
 
Join Date: Nov 2006
Location: HUNTSVILLE, AL
Posts: 830
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected

I get a lot of( website not found ) when I click on a thread or anything on RCU,and a few other sites now.
Old 03-02-2011, 04:46 AM
  #35  
Super08
My Feedback: (2)
 
Super08's Avatar
 
Join Date: Dec 2007
Location: Fort McMurray, AB, CANADA
Posts: 4,121
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected

I see it is gone again this morning.
Old 03-02-2011, 06:12 AM
  #36  
mclina
 
mclina's Avatar
 
Join Date: Dec 2006
Location: Westford, MA
Posts: 1,809
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected

A few days ago I was getting a popup virus warning every time I clicked on the 'Forums' button. It only lasted the one day, and now it seems fine.
Old 03-02-2011, 06:46 AM
  #37  
chris923
My Feedback: (53)
 
Join Date: Jul 2003
Location: milwaukee, WI
Posts: 941
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected

The problem is not universal. I am on RCU and the Forums 2 or 3 times a day. I have not had any issues since the switch over problems
were taken care of. I am using explorer.

Chris923
Old 03-02-2011, 06:51 AM
  #38  
a1pcfixer
My Feedback: (7)
 
a1pcfixer's Avatar
 
Join Date: Aug 2004
Location: La Porte, IN
Posts: 2,505
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected


ORIGINAL: Tired Old Man

You still should be expecting the sites visited to be running scans and performance checks on their stuff and taking the steps needed to remove infections. RCU does not apper to be doing that, and in their failure is establishing the time and manner of RCU's demise. Site owners have to care about that they have enough to keep it. A calvalier attitude of letting the users take care of the problem cannot work.
Even more important, is that they need to better defend against such intrusions in the first place.
Fixing the barn door AFTER the horses left isn't the cure.

Consider those visiting RCU, whom don't have any A/V program &/or haven't updated it,
and such users are blindly surfing, while getting infected, and haven't a clue it's happened to them.

THAT's spooky!!!!

Has anybody truly determined if any 'payload' is associated with this issue?
Consider a 'payload' to be any; rootkit/trojan/virus/worm/bot/etc &/or combination.

So far, on the surface, this seems to be someone proving they can penetrate RCU's internet security (or lack thereof).

I am seeing intrusion attempts in my router's incoming log;

73.53.80.1
221.192.199.46
{both China sourced}

IP address [?]: 221.192.199.46 [Whois] [Reverse IP]
IP country code: CN
IP address country: ip address flag China
IP address state: Hebei
IP address city: Hebei
IP address latitude: 39.8897
IP address longitude: 115.2750
ISP of this IP [?]: China Unicom Hebei province network
Organization: China Unicom Hebei province network
Old 03-02-2011, 08:26 AM
  #39  
juanjulian
My Feedback: (9)
 
juanjulian's Avatar
 
Join Date: Nov 2003
Location: guatemala, GUATEMALA
Posts: 544
Likes: 0
Received 1 Like on 1 Post
Default RE: RCU Virus Infected



Have the same problem.

Norton antivirus dowloader alert.

Old 03-02-2011, 10:12 AM
  #40  
apalsson
Thread Starter
My Feedback: (1)
 
apalsson's Avatar
 
Join Date: Jun 2003
Location: Coffs Harbour NSW, AUSTRALIA
Posts: 2,306
Likes: 0
Received 1 Like on 1 Post
Default RE: RCU Virus Infected


ORIGINAL: Tired Old Man

You still should be expecting the sites visited to be running scans and performance checks on their stuff and taking the steps needed to remove infections. RCU does not apper to be doing that, and in their failure is establishing the time and manner of RCU's demise. Site owners have to care about that they have enough to keep it. A calvalier attitude of letting the users take care of the problem cannot work.
Agreed.

Securing a website against becoming a vehicle for propagating viruses and malware is the legal responsibility of the website owner.

Securing against infections like the one plaquing RCU at the moment is a relatively simple task but it needs someone to take interest in it and responsibility for it.
What normally happens is a privileged user account is exposed and the hacker makes entry with sufficient privileges to plant scripts in an area of the server. From there on, the script runs by a schedule and over writes given pages (normally the header page) to insert links to the actual malicious website.
If anyone could be bothered to monitor the source of the header page of RCU, they will see top line entries appear every couple of hours. These links are the ones causing the virus warnings.

If unaddressed, it will absolutely lead to the demise of RCU. If people start finding their computers were infected from browsing this site (because they had insufficient protection in the first place) and their bank details and other transaction logs are exposed to the hackers, there will be somevery kranky customers.

I would be absolutely concerned if there is evidence that a number of users are receiving warnings from the site but my PC didn't show any. That would mean the local protection is insufficient and the malware is being given an opportunity to do its thing.

At some stage, the black list services around the world will start blacklisting RCU and once sites such as Google blacklist it, RCU days are numbered.

Yes, I am very familiar with IT Security and Corporate IT Management and Responsibilities. It has been my field of profession for the last 28 years or so
Old 03-02-2011, 10:23 AM
  #41  
Tired Old Man
Senior Member
My Feedback: (1)
 
Join Date: Feb 2002
Location: Valley Springs, CA
Posts: 18,602
Likes: 0
Received 3 Likes on 3 Posts
Default RE: RCU Virus Infected

And RCU wonders why I've never bothered to update my CC info for the Marketplace. There's no valid reason for RCU to need my credit card number just to view sales ads. None at all.
Old 03-02-2011, 01:46 PM
  #42  
tony0707
 
Join Date: Jul 2006
Location: Inverness, FL
Posts: 963
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected

HI
WHOEVER is reponsible for this web sites protection please take note of the concerns posted here it would be a real shame to loose this web site or cause virus issues to the people who visit this place a lot BEST RGARDS TONY
Old 03-02-2011, 01:52 PM
  #43  
gulfstreamI
Senior Member
 
Join Date: Feb 2004
Location: Upstate New York, NY
Posts: 651
Likes: 0
Received 3 Likes on 3 Posts
Default RE: RCU Virus Infected

A virus? I haven't noticed anything when I browse the other forums in the last few days. The i-mac safari seems to work fine on my end.
Old 03-02-2011, 04:10 PM
  #44  
a1pcfixer
My Feedback: (7)
 
a1pcfixer's Avatar
 
Join Date: Aug 2004
Location: La Porte, IN
Posts: 2,505
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected


ORIGINAL: w8ye

I run ''NoScript''

Here are some scripts trying to load that I have blocked . . . .

51yes/com
cnzz.com
gds.or.kr
tuow.info
The first 3 are based in China, the last maybe a mis-print?

This is one of the nice things I like about running FireFox with NoScript,
your A/V doesn't get a chance to see such malware sites since they're blocked.
Part of a multi-layered defense.

Disable NoScript & I'll bet your A/V complains about those sites!
Old 03-02-2011, 04:19 PM
  #45  
w8ye
My Feedback: (16)
 
w8ye's Avatar
 
Join Date: Dec 2001
Location: Shelby, OH
Posts: 37,576
Received 9 Likes on 9 Posts
Default RE: RCU Virus Infected

What A/V?

I haven't used one in five years and have not had any problems or had to reload the OS.

I use Ubuntu and never been happier
Old 03-02-2011, 04:20 PM
  #46  
DeferredDefect
Senior Member
 
DeferredDefect's Avatar
 
Join Date: Nov 2009
Location: , ON, CANADA
Posts: 974
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected

I used RCU on a PC today, and it seemed to just stop loading halfway through and freeze up. I have not had any problems on my Macs, though. 
But of all the websites, why RCU? I would rather live without Wikipedia, Facebook, or more or less any other site! 
Old 03-02-2011, 04:27 PM
  #47  
w8ye
My Feedback: (16)
 
w8ye's Avatar
 
Join Date: Dec 2001
Location: Shelby, OH
Posts: 37,576
Received 9 Likes on 9 Posts
Default RE: RCU Virus Infected

The tuow.info is real and is not misspelled

It is a remote data base access problem

http://safeweb.norton.com/report/show?name=tuow.info

http://www.symantec.com/business/sec...jsp?asid=50031

Old 03-02-2011, 05:44 PM
  #48  
xcfds65
Junior Member
My Feedback: (10)
 
Join Date: Jun 2008
Location: Manchester , GA
Posts: 24
Likes: 0
Received 0 Likes on 0 Posts
Default RE: RCU Virus Infected

I dont know what has happen to the old RCU but this place has gone to the dog's. I use to come here and buy and sell all the time. The last two things i have posted here all i got was ppl offering to buy but never coming through with it. Then there is ppl here that you work out a deal with on something only to find out later they sold it to someone else after you made the deal. I think RCU got way to far in over there heads to run a site like this. Maybe we need to go back to a smaller bunch of guys and gals.
Old 03-03-2011, 10:34 AM
  #49  
apalsson
Thread Starter
My Feedback: (1)
 
apalsson's Avatar
 
Join Date: Jun 2003
Location: Coffs Harbour NSW, AUSTRALIA
Posts: 2,306
Likes: 0
Received 1 Like on 1 Post
Default RE: RCU Virus Infected

To all of you guys who are saying "you don't have a problem with the site" or "you are not seeing any virus popups"

1. The very fact that you are not seeing anything may be a serious concern, or that the malware is let through on your computer without a warning, or;
2. Your security software "silently" blocks the infection attempts

Both are equally bad, - silent blocking takes away from you the ability to be aware what is going on and respond in an proper fashion.

My strong advice to anyone is this:
If you store your credit card details or other financial details on RCU, REMOVE IT NOW
As long as there is evidence the site is infected with malware which purpose is to snoop such details and forward to a central repository, keep no sensitive personal details on the site!
Old 03-03-2011, 10:59 AM
  #50  
w8ye
My Feedback: (16)
 
w8ye's Avatar
 
Join Date: Dec 2001
Location: Shelby, OH
Posts: 37,576
Received 9 Likes on 9 Posts
Default RE: RCU Virus Infected

After this post began, I saw evidence of intrusion on the site and posted such in this thread.

For the last two days, I have not seen anything.

If those sites are in the source code for the page, there is a red flag in the lower right corner of my screen. I can click on the flag and it tells me what they are.

However, none of my credit card information is on my computer or in RCU

Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.