Came to the homepage this morning, asked me to install an ActiveX (now thats new???). Clicked, and bang. Virus. WTF??????????


Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Bloodhound.Exploit.109

Discovered: January 3, 2007
Updated: February 13, 2007 1:03:05 PM
Type: Trojan Horse, Worm, Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Bloodhound.Exploit.109 is a heuristic detection for Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability (as described in BID 21829).
ProtectionInitial Rapid Release version January 3, 2007
Latest Rapid Release version January 3, 2007
Initial Daily Certified version January 3, 2007
Latest Daily Certified version January 3, 2007
Initial Weekly Certified release date January 10, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat AssessmentWildWild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
DamageDamage Level: Low
DistributionDistribution Level: Low

Writeup By: Costin Ionescu

http://www.symantec.com/enterprise [...] p.jsp?doci d=2007-010315-5708-99

It appears to be gone now, but I did run into it earlier.

Nope, it's still there...

It just happenned to me, I got the activeX popup, I didn't click it and IE just crashed.

tut tut tom

I didn't run into it.

I'm using FireFox, it doesn't have ActiveX

yea, Firefox!

how fast you have your Q6600?

I just got mine "reinstalled", new mobo, my old board was the 680i SLI AR version that wouldn't go over 1200FSB, so got it RMA swapped for the A1. I pulled a late night and got it back and running already at 3.0Ghz at default voltage.

can't wait to get home and really start pushing it, hoping for 3.6Ghz like my old C2D but would be happy with 3.3 or so.

I ran into the bloodhound exploit this week (maybe it was on THG???). It's the first time in a LONG time that I can remember my anti virus popping up saying it had quarantined something...

When I opened tomshardware.com this morning, I didn't click on any bars at the top of the page but Trend Micro immediately found a virus named XML_HACK.AO in a .mov file in my temporary internet files. On the Trend site it said Quicktime 7.1.3 was vulnerable to this so I immediately updated to 7.2 and deleted my browser cache.

Like one of the guys above said, this is the first time my virus scanner has detected a virus in a long time.

I also just detected the Bloodhound.Exploit.109 virus about 5 minutes ago. I guess it came from here. This is not the first time THG has been infected with a virus... Gotta love their security and competence.

It's been reported! Thanks - 3rd party banner ads, I think.

i'm using firefox and the virus message didn't pop up althoguh somtimes lately i get this message when i access THG from firefox ....

"access to http://www.tomshardware.com/us/ is forbidden" something similar to posted message.

recently asus website was hecked so i wouldn't be surprissed that the same thing happens to tomshardware.


on the other hand nice to report such thing lets support THG for their good work by being patient. Keep it up THG

Time Module Object Name Threat Action User Information
8/8/2007 11:01:36 AM IMON file
Name: http://www.google-counter.com/cgi- [...] =347186945 6
Threat:
Exploit.Multi.Qtp.B trojan
Action
Connection terminated

To note, I am also using firefox 2.0.0.6 and NOD32 picked it up.