Virus on FT?
#1
FlyerTalk Evangelist
Original Poster
Join Date: Aug 2005
Location: BOS/EAP
Programs: UA 1K, MR LTT, HH Dia, Amex Plat
Posts: 32,064
Virus on FT?
I know this sounds strange, but I only had one browser open with FT and my virus scan was going crazy ... took me a couple of minutes to clean the mess. I was in the NW forum and it found Exploit MS06-006 in a file movie[1].qtl
I am right now using the wireless network @ PDX airport, which might be part of the issue, but I thought I better post this ...
I am right now using the wireless network @ PDX airport, which might be part of the issue, but I thought I better post this ...
#4
Join Date: Feb 2001
Location: SEA once more (previously CDG and NRT)
Programs: Former DL DM and UA 1k, now a J class free agent (UA Gold, AS MVP Gold)
Posts: 2,450
Just today I've started encounter viruses targetting the MS06-014 vulnerability on Flyertalk. Seems to be coming from the bottom of page adds.
#6
FlyerTalk Evangelist
Join Date: Sep 2001
Location: FW, TX, USA, Earth, Milky Way
Programs: 2008 FT1 Fantasy Football Champion
Posts: 10,584
Sounds like one of the ad purveyors got infected. I've got FF + ......., so I'm not having the issue.
I would bet the latest posts in this thread ate the same issue.
I would bet the latest posts in this thread ate the same issue.
#7
FlyerTalk Evangelist
Join Date: May 2001
Location: MSY; 2-time FT Fantasy Football Champ, now in recovery.
Programs: AA lifetime GLD; UA Silver; Marriott LTTE; IHG Plat,
Posts: 14,518
I just got an attack (Sun 10/07 10:00 am CDT). IE7 showed a warning bar that the page was trying to run an add-on Microsoft Outlook, and a popup prompt to install an ActiveX.
Here's what Norton AntiVirus reported.
Details: Attempted Intrusion "HTTP Quicktime RTSP URI BO" against your machine was detected and blocked.
Intruder: 80.93.56.229(http(80)).
Risk Level: High.
Protocol: TCP.
Attacked IP: <my manchine name>.
Attacked Port: 1640.
Here's what Norton AntiVirus reported.
Details: Attempted Intrusion "HTTP Quicktime RTSP URI BO" against your machine was detected and blocked.
Intruder: 80.93.56.229(http(80)).
Risk Level: High.
Protocol: TCP.
Attacked IP: <my manchine name>.
Attacked Port: 1640.
#8
FlyerTalk Evangelist
Join Date: Aug 2002
Location: Department of Homeland Sincerity
Programs: WN Platinum
Posts: 12,085
here's what my Avast reported when I opened Flyertalk with Firefox:
Virus Source: [urld]http://80.93.48.89/weriyuicewrtret/[/urld]
Malware: JS:Agent-Q [Trj]
Type: Trojan Horse
Avast VPS database: 000778-5, 10/06/2007
Virus Source: [urld]http://80.93.48.89/weriyuicewrtret/[/urld]
Malware: JS:Agent-Q [Trj]
Type: Trojan Horse
Avast VPS database: 000778-5, 10/06/2007
#9
FlyerTalk Evangelist
Join Date: Aug 2002
Location: Intermountain West
Programs: Too many to list
Posts: 12,083
I git infected with "Internet Speed Monitor" yesterday & again today. This is with only FT open. Can somebody get to the root of this?
Also, Randy, can you dump the annoying "you're the xxxx winner" banner ads? Very annoying!
Also, Randy, can you dump the annoying "you're the xxxx winner" banner ads? Very annoying!
#10
FlyerTalk Evangelist, Ambassador: World of Hyatt
Join Date: Jul 2001
Location: NJ
Programs: Hyatt Globalist, Fairmont Lifetime Plat, UA Silver, dirt elsewhere
Posts: 46,919
127.0.0.1 tribalfusion.com
127.0.0.1 a.tribalfusion.com
127.0.0.1 speedera.net
127.0.0.1 tribalfusion.speedera.net
127.0.0.1 pagead2.googlesyndication.com
Also, Randy, can you dump the annoying "you're the xxxx winner" banner ads? Very annoying!
#11
FlyerTalk Evangelist
Join Date: Oct 2000
Location: He who dies with the most miles wins!!
Programs: WorldPerks Demoted again to SE, DL 3.1MM Hilton Diamond, SPG Gold
Posts: 11,674
The porn pop-ups are bad enough....but a virus is something else.
Please get this crap off FT!!!
#12
FlyerTalk Evangelist
Original Poster
Join Date: Aug 2005
Location: BOS/EAP
Programs: UA 1K, MR LTT, HH Dia, Amex Plat
Posts: 32,064
#15
Join Date: Apr 2005
Posts: 2,255
We just wanted to chime in here and thank you all for the tremendous information you've been providing. We're obviously intently focused at the moment on finding out what is causing this issue and expect to have it resolved as quickly as possible.