RCU Virus Infected
#26
My Feedback: (7)
Join Date: Aug 2004
Location: La Porte,
IN
Posts: 2,505
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU Virus Infected
ORIGINAL: apalsson
Goes to prove there is a security problem
If you need all kinds of third party browsers and enhancements to suppress the popups, there is a SERIOUS problem with the site.
Goes to prove there is a security problem
If you need all kinds of third party browsers and enhancements to suppress the popups, there is a SERIOUS problem with the site.
Just one of the many security issues MSIExploder has.......but they're working on it.
Here is what I see
Unacceptable!
Unacceptable!
Since I am using FireFox and add-ons, they prevent me from ever getting hit with such, properly setup that is.
My NSS doesn't even notice this (note image in post);
http://www.rcuniverse.com/forum/fb.asp?m=10357451
Did anyone try the https://www.rcuniverse.com
My MSIE reverted BACK to http://www.rcuniverse
But FireFox can handle it.
#28
Senior Member
My Feedback: (51)
RE: RCU Virus Infected
The script screams of Chinese incursion. If you go to the link OP posted, you're directed to a page with cyrilic Chinese characters. All that money we send to the Reds via Walmart and ARF's is being used to fund the Red Army's Cyber Division- The reds snoop and hack the US on a daily basis. It's basic intel gathering. I see this stuff every day as an IT Pro.
#29
My Feedback: (7)
Join Date: Aug 2004
Location: La Porte,
IN
Posts: 2,505
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU Virus Infected
ORIGINAL: w8ye
mine did too
I think you can block redirects too?
mine did too
I think you can block redirects too?
Look here in the Classifieds and Auctions;
http://www.rcuniverse.com/forum/default.asp?fh=1
Javascript is the biggest danger......right behind unprotected MSIE.[:'(]
#30
Thread Starter
My Feedback: (1)
Join Date: Jun 2003
Location: Coffs Harbour NSW, AUSTRALIA
Posts: 2,306
Likes: 0
Received 1 Like
on
1 Post
RE: RCU Virus Infected
[quote]ORIGINAL: a1pcfixer
ORIGINAL: apalsson
Goes to prove there is a security problem
If you need all kinds of third party browsers and enhancements to suppress the popups, there is a SERIOUS problem with the site.
Goes to prove there is a security problem
If you need all kinds of third party browsers and enhancements to suppress the popups, there is a SERIOUS problem with the site.
Just one of the many security issues MSIExploder has.......but they're working on it.
Here is what I see
Unacceptable!
Unacceptable!
The fact that we are seeing the warnings from various Anti-Virus programs is a good thing - they are alerting to the fact that we have a compromised site and the malware has been blocked.
You shouldn't need layers upon layers of gadgets to safely browse a massive commercially run site like RCU
Do you need to turn off scripts, block popups and generally "wear rubber" to browse Google?
#31
Senior Member
My Feedback: (12)
Join Date: Jun 2010
Location: Orlando, FL
Posts: 1,520
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU Virus Infected
Well you guys I have no problem whatsoever. Not a pop up, not a virus warning, noit slow down.
Besides this is a free website, as far as I see it we cant complain too much
Besides this is a free website, as far as I see it we cant complain too much
#32
My Feedback: (7)
Join Date: Aug 2004
Location: La Porte,
IN
Posts: 2,505
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU Virus Infected
ORIGINAL: apalsson
.............I prefer to see the problem fixed........................
.............I prefer to see the problem fixed........................
You shouldn't need layers upon layers of gadgets to safely browse a massive commercially run site like RCU
Such is also at the very core of so many DoS attacks, and 'bots' running rampant of millions of pc's across the planet.
Multi layered security is needed now days, or run the risk of infection.
Many of us wish it was still simple & easy.
#33
Senior Member
My Feedback: (1)
RE: RCU Virus Infected
You still should be expecting the sites visited to be running scans and performance checks on their stuff and taking the steps needed to remove infections. RCU does not apper to be doing that, and in their failure is establishing the time and manner of RCU's demise. Site owners have to care about that they have enough to keep it. A calvalier attitude of letting the users take care of the problem cannot work.
Then again, perhaps a couple of PC repair businesses are setting up a means of developing new revenue. This kind of activity is being watched closely on another site.
Then again, perhaps a couple of PC repair businesses are setting up a means of developing new revenue. This kind of activity is being watched closely on another site.
#37
My Feedback: (53)
Join Date: Jul 2003
Location: milwaukee, WI
Posts: 941
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU Virus Infected
The problem is not universal. I am on RCU and the Forums 2 or 3 times a day. I have not had any issues since the switch over problems
were taken care of. I am using explorer.
Chris923
were taken care of. I am using explorer.
Chris923
#38
My Feedback: (7)
Join Date: Aug 2004
Location: La Porte,
IN
Posts: 2,505
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU Virus Infected
ORIGINAL: Tired Old Man
You still should be expecting the sites visited to be running scans and performance checks on their stuff and taking the steps needed to remove infections. RCU does not apper to be doing that, and in their failure is establishing the time and manner of RCU's demise. Site owners have to care about that they have enough to keep it. A calvalier attitude of letting the users take care of the problem cannot work.
You still should be expecting the sites visited to be running scans and performance checks on their stuff and taking the steps needed to remove infections. RCU does not apper to be doing that, and in their failure is establishing the time and manner of RCU's demise. Site owners have to care about that they have enough to keep it. A calvalier attitude of letting the users take care of the problem cannot work.
Fixing the barn door AFTER the horses left isn't the cure.
Consider those visiting RCU, whom don't have any A/V program &/or haven't updated it,
and such users are blindly surfing, while getting infected, and haven't a clue it's happened to them.
THAT's spooky!!!!
Has anybody truly determined if any 'payload' is associated with this issue?
Consider a 'payload' to be any; rootkit/trojan/virus/worm/bot/etc &/or combination.
So far, on the surface, this seems to be someone proving they can penetrate RCU's internet security (or lack thereof).
I am seeing intrusion attempts in my router's incoming log;
73.53.80.1
221.192.199.46
{both China sourced}
IP address [?]: 221.192.199.46 [Whois] [Reverse IP]
IP country code: CN
IP address country: ip address flag China
IP address state: Hebei
IP address city: Hebei
IP address latitude: 39.8897
IP address longitude: 115.2750
ISP of this IP [?]: China Unicom Hebei province network
Organization: China Unicom Hebei province network
#40
Thread Starter
My Feedback: (1)
Join Date: Jun 2003
Location: Coffs Harbour NSW, AUSTRALIA
Posts: 2,306
Likes: 0
Received 1 Like
on
1 Post
RE: RCU Virus Infected
ORIGINAL: Tired Old Man
You still should be expecting the sites visited to be running scans and performance checks on their stuff and taking the steps needed to remove infections. RCU does not apper to be doing that, and in their failure is establishing the time and manner of RCU's demise. Site owners have to care about that they have enough to keep it. A calvalier attitude of letting the users take care of the problem cannot work.
You still should be expecting the sites visited to be running scans and performance checks on their stuff and taking the steps needed to remove infections. RCU does not apper to be doing that, and in their failure is establishing the time and manner of RCU's demise. Site owners have to care about that they have enough to keep it. A calvalier attitude of letting the users take care of the problem cannot work.
Securing a website against becoming a vehicle for propagating viruses and malware is the legal responsibility of the website owner.
Securing against infections like the one plaquing RCU at the moment is a relatively simple task but it needs someone to take interest in it and responsibility for it.
What normally happens is a privileged user account is exposed and the hacker makes entry with sufficient privileges to plant scripts in an area of the server. From there on, the script runs by a schedule and over writes given pages (normally the header page) to insert links to the actual malicious website.
If anyone could be bothered to monitor the source of the header page of RCU, they will see top line entries appear every couple of hours. These links are the ones causing the virus warnings.
If unaddressed, it will absolutely lead to the demise of RCU. If people start finding their computers were infected from browsing this site (because they had insufficient protection in the first place) and their bank details and other transaction logs are exposed to the hackers, there will be somevery kranky customers.
I would be absolutely concerned if there is evidence that a number of users are receiving warnings from the site but my PC didn't show any. That would mean the local protection is insufficient and the malware is being given an opportunity to do its thing.
At some stage, the black list services around the world will start blacklisting RCU and once sites such as Google blacklist it, RCU days are numbered.
Yes, I am very familiar with IT Security and Corporate IT Management and Responsibilities. It has been my field of profession for the last 28 years or so
#42
Join Date: Jul 2006
Location: Inverness, FL
Posts: 963
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU Virus Infected
HI
WHOEVER is reponsible for this web sites protection please take note of the concerns posted here it would be a real shame to loose this web site or cause virus issues to the people who visit this place a lot BEST RGARDS TONY
WHOEVER is reponsible for this web sites protection please take note of the concerns posted here it would be a real shame to loose this web site or cause virus issues to the people who visit this place a lot BEST RGARDS TONY
#43
Senior Member
RE: RCU Virus Infected
A virus? I haven't noticed anything when I browse the other forums in the last few days. The i-mac safari seems to work fine on my end.
#44
My Feedback: (7)
Join Date: Aug 2004
Location: La Porte,
IN
Posts: 2,505
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU Virus Infected
ORIGINAL: w8ye
I run ''NoScript''
Here are some scripts trying to load that I have blocked . . . .
51yes/com
cnzz.com
gds.or.kr
tuow.info
I run ''NoScript''
Here are some scripts trying to load that I have blocked . . . .
51yes/com
cnzz.com
gds.or.kr
tuow.info
This is one of the nice things I like about running FireFox with NoScript,
your A/V doesn't get a chance to see such malware sites since they're blocked.
Part of a multi-layered defense.
Disable NoScript & I'll bet your A/V complains about those sites!
#46
Senior Member
Join Date: Nov 2009
Location: , ON, CANADA
Posts: 974
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU Virus Infected
I used RCU on a PC today, and it seemed to just stop loading halfway through and freeze up. I have not had any problems on my Macs, though.
But of all the websites, why RCU? I would rather live without Wikipedia, Facebook, or more or less any other site!
#47
My Feedback: (16)
RE: RCU Virus Infected
The tuow.info is real and is not misspelled
It is a remote data base access problem
http://safeweb.norton.com/report/show?name=tuow.info
http://www.symantec.com/business/sec...jsp?asid=50031
It is a remote data base access problem
http://safeweb.norton.com/report/show?name=tuow.info
http://www.symantec.com/business/sec...jsp?asid=50031
#48
Junior Member
My Feedback: (10)
Join Date: Jun 2008
Location: Manchester ,
GA
Posts: 24
Likes: 0
Received 0 Likes
on
0 Posts
RE: RCU Virus Infected
I dont know what has happen to the old RCU but this place has gone to the dog's. I use to come here and buy and sell all the time. The last two things i have posted here all i got was ppl offering to buy but never coming through with it. Then there is ppl here that you work out a deal with on something only to find out later they sold it to someone else after you made the deal. I think RCU got way to far in over there heads to run a site like this. Maybe we need to go back to a smaller bunch of guys and gals.
#49
Thread Starter
My Feedback: (1)
Join Date: Jun 2003
Location: Coffs Harbour NSW, AUSTRALIA
Posts: 2,306
Likes: 0
Received 1 Like
on
1 Post
RE: RCU Virus Infected
To all of you guys who are saying "you don't have a problem with the site" or "you are not seeing any virus popups"
1. The very fact that you are not seeing anything may be a serious concern, or that the malware is let through on your computer without a warning, or;
2. Your security software "silently" blocks the infection attempts
Both are equally bad, - silent blocking takes away from you the ability to be aware what is going on and respond in an proper fashion.
My strong advice to anyone is this:
If you store your credit card details or other financial details on RCU, REMOVE IT NOW
As long as there is evidence the site is infected with malware which purpose is to snoop such details and forward to a central repository, keep no sensitive personal details on the site!
1. The very fact that you are not seeing anything may be a serious concern, or that the malware is let through on your computer without a warning, or;
2. Your security software "silently" blocks the infection attempts
Both are equally bad, - silent blocking takes away from you the ability to be aware what is going on and respond in an proper fashion.
My strong advice to anyone is this:
If you store your credit card details or other financial details on RCU, REMOVE IT NOW
As long as there is evidence the site is infected with malware which purpose is to snoop such details and forward to a central repository, keep no sensitive personal details on the site!
#50
My Feedback: (16)
RE: RCU Virus Infected
After this post began, I saw evidence of intrusion on the site and posted such in this thread.
For the last two days, I have not seen anything.
If those sites are in the source code for the page, there is a red flag in the lower right corner of my screen. I can click on the flag and it tells me what they are.
However, none of my credit card information is on my computer or in RCU
For the last two days, I have not seen anything.
If those sites are in the source code for the page, there is a red flag in the lower right corner of my screen. I can click on the flag and it tells me what they are.
However, none of my credit card information is on my computer or in RCU