VIRUS ON THG?

Discovered: January 3, 2007
Updated: February 13, 2007 1:03:05 PM
Type: Trojan Horse, Worm, Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Bloodhound.Exploit.109 is a heuristic detection for Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability (as described in BID 21829).
ProtectionInitial Rapid Release version January 3, 2007
Latest Rapid Release version January 3, 2007
Initial Daily Certified version January 3, 2007
Latest Daily Certified version January 3, 2007
Initial Weekly Certified release date January 10, 2007
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat AssessmentWildWild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
DamageDamage Level: Low
DistributionDistribution Level: Low

Writeup By: Costin Ionescu

http://www.symantec.com/enterprise [...] p.jsp?doci d=2007-010315-5708-99

Nope, it's still there...

tut tut tom

I'm using FireFox, it doesn't have ActiveX

I ran into the bloodhound exploit this week (maybe it was on THG???). It's the first time in a LONG time that I can remember my anti virus popping up saying it had quarantined something...

I also just detected the Bloodhound.Exploit.109 virus about 5 minutes ago. I guess it came from here. This is not the first time THG has been infected with a virus... Gotta love their security and competence.

i'm using firefox and the virus message didn't pop up althoguh somtimes lately i get this message when i access THG from firefox ....

"access to http://www.tomshardware.com/us/ is forbidden" something similar to posted message.

recently asus website was hecked so i wouldn't be surprissed that the same thing happens to tomshardware.


on the other hand nice to report such thing lets support THG for their good work by being patient. Keep it up THG

it seems to be gone now?

I have been getting the "Forbiden" message everyday for the past week.

ey... me!

see my question above. Some banner as suspected, but I can't be sure if it's gone for good...
I have to assume that no more reports mean it's all OK now...

I agree with eric54. WTF response is that? Viruses on a tech site and no real explanation for what happened?

What does it actually do for those who may have been infected? If people havent gotten a warning message, it probably means they're infected. How serious is it etc etc.

Just some thoughts. I'm fine - I picked it up early this AM, but maybe some other people are concerned.

Having not used Interturd Exploiter for even longer than I've not been to either the UK or USA website should I be concerned?

Firefox + Linux = no worries, I click on .exe attachments for fun.

I'm using FF 2.0.0.6 (and Mozilla 1.7.x) - and I've never had any of those problems. There are lot's of false positives with some hurestics functions. But, I've never seen any of these issues some (only a few actually) are reporting.

You do realize that Vista 64-bit (unless it's IA64, which I *highly* doubt) runs 32-bit code, right? Internet Explorer 7 does apparently run in a kind of a chroot jail of sorts and if you are smart and don't run as Administrator, the virus may not have been able to do much. If you run as Administrator like most people, then the virus could have trashed all of your user files without even tripping UAC. You'd have been in the same boat as any other Windows user. UAC would have only been tripped if you didn't shut it off and the virus tried to change some system settings or files, which is the only thing that Vista would have done differently than any other Windows OS.

MoNeY3865: I also use Firefox on x86_64 Linux, but you should know as well as I do that it's not invulnerable; in fact, far from it. Yes, an .exe binary cannot run by default on a Linux machine as an ELF file cannot execute on a Windows machine. But if you have WINE installed as many do, there's a chance that the virus would have enough Windows compatibility DLLs to execute and carry out its functions. Oops! The joke is on YOU then if you double-click it and WINE runs is. Don't play around with viruses unless you know what you're doing, and that usually involves a "disposable" machine with a stout firewall tracking and blocking access to anything on the network or Internet to analyze what it's doing, a decompiler, and other tools to analyze the mechanism of action and propagation and the code of the virus. If you're clicking on the .exes for fun, my guess is that you're not doing this.

Also, Firefox on Linux is usually as vulnerable to exploits as Firefox on Windows as the program is largely similar. Java, Flash, etc. are just as vulnerable as they are much the same program. Granted then the virus would have to know what to do to a Linux machine afterwards and most don't, but the vector still remains. They could still DDOS Firefox at least. Linux and UNIX machines are high-value targets as they are much more useful if cracked than a Windows box (due to what tools are on them), and I can't tell you how many hits on my firewall I see of people looking for port 22 (SSH.) Linux may be more secure by design than Windows, but NEVER get complacent. If you ever get rooted, you'll realize this in a second. I've never been rooted, but I've known people that have been- our local LUG server was- and it is a real big pain to have that happen.