Trojan Horse attacks

[DCBickersteth]

Just a warning, the last three days I've logged on to UKTS & downloaded files (the latest being the Route Riter v6. my PC has been attacked by attempted Trojan Horse methods. Happily all have been blocked & reported by Norton Internet Security. Yesterday's (Monday) came from France, today's from California.

I would recommend everyone has their internet security & virus progs. up to date.

DCB

[jbilton]

Hi
Have a look at the top of the webpage...there is a script that runs and tells you if you have any parasites running....as I suspect there might be on your PC.....as this site has a clean bill of health....so the Trojans are piggybacking from somewhere else.
Jon

[DCBickersteth]

My PC is fuly protected and regularly scanned by updated Norton progs. I wonder if the piggy back may be on some of the commercial sites that can be accessed through web pages mentioned on some forums? Now I think about it, I cannot remember an attack while on the standard UKTS forum or web page.

So my advice remains to all who may be vulnerable - get protected!

David

[alan2]

checks the routers ping bounce back log.

hmm. maybe not.

the router bounces all requests. good or bad, hence trying to host games of unreal tournament v1 fail

[Anonymizeruk]

Hi folks.

I've had the same trouble with the forums - Norton going bezerk, telling me there are Trojan's on my system that can't be fixed.

It happens each time I visit the UKTS or (not sure if I am allowed to say this or not.....) the EB forums.

On my system, a file named exploit(1).htm keeps appearing in My Documents, and a whole load of .jar files are upsetting Norton too.

No idea what it is I'm afriad.

[Lad491]

This has just been posted on a technet site i use. The MyDoom virus is on the move again with a new incarnation

A new version of this one's spreading round the internet again.
The ONLY way to be infected is by opening an e-mail attachment. That's ONLY as in "There is no other way". You must deliberately open that attachment and infect yourself.
Most Anti-virus programs now have definitions to detect it, so it should tell you when an infected mail arrives.
HOWEVER. However, the reason this virus spread so quickly was because of its clever social engineering - the e-mails containing it came with subject lines like "Mail Transaction Failed" - making you think you've sent an e-mail which hasn't gone through so you open the attachment to see which one didn't work.
Never, ever, ever, ever, ever - EVER - open ANY attachment on ANY e-mail unless you know, in advance, that it's safe. That includes attachments that look like they're from safe sources. 'Look like' is how this one spread, and accounts for the several HUNDRED infected e-mails I've received over the past few days.
More information from Symantec, http://securityresponse.symantec.com/av ... .a@mm.html or http://tinyurl.com/2lv95 in Tinyese.

[45002]

hi every one
At about 00.10 hours today 12/11/04 i click on the london brighton link on UKTS then clicked on the Europeanbahn link as soon as i did that my McAfee virus stoped and delete a TROJAN HORSE the europeanbahn site is current down.
The problem looks like it is at Europeanbahn and NOT ukts.
I lookup the trojan horse at McAfee web site and the link below give you details of the virus.
I sent a email to suport@uktrainsim.com just to be on the safe side.
I am running windows xp with McAfee internet security suite 2004 updated via my broadband.
SOME ADIVCE IF YOU HAVE BROADBAND, VIRUSE AND FIREWALL PROGRAMS IS A MUST
BE SAFE OUT THERE ON THE WWW
YOUR MARTIN SANDERSON BIRMINGHAM

http://uk.mcafee.com/virusInfo/default. ... s_k=101033

[DCBickersteth]

See the discussion in the General MSTS discussion thread under 'European Bahn - warning. Seems that others have hit major virus problems - much discussion on solutions to those with infected PC's

[jbilton]

Yep it would appear that it was the EB site all along.....But members accessing both sites were getting confused and thinking the link/trojan had come from UKTS....which it hadn't.

[XPTE]

Well since restoring my PC to factory condition last night, I haven't visited the EB site until I hear that it is completely devoid of those trojan horses/virus problems. And Norton has just reported another atempted Trojan Horse attack on my PC, and the only websites I've viewed since then are this site, Ebay.com, bookingsdirect.com and mail.yahoo.com.

Allthough the EB home page caused me problems yesterday, it appears there other trojan horse attacks from elsewhere too.

[Lad491]

mail.yahoo.com

Thats likely to be the biggest suspect

[LucaZone]

From what ive learned is that the EB site got infected by a visiting user and then passed the worm on via its forums. Users affected have their browser infected so from that point it doesnt matter which site they go to the problem will continue, as well as run the risk of infecting further sites.

From work I contracted the problem, and subsequently experienced errors on the BBC and HSE websites.

EB's site has been refreshed by the Host provider but full system checks are still being run as far as I know to make sure the attack has passed.


on a side note, according to the Matts post about banned EB discussion, it is ONLY that which casts a positive or negative light that is banned. Simply mentioning them, or discussion of activities and stock and additional files related to EB is NOT banned. Check Matts post again for further clairification)

[JohnKendrick]

mail.yahoo.com

Thats likely to be the biggest suspect

Most spam e-mail I receive via Yahoo goes into a bulk file on their server, so I never need open it.

If anyone opens one of the suspect e-mail attachments (usually they seem to be 41k long) then they only have themselves to blame.

John