Site Attack?

so, just a couple of minutes ago i was just sitting here reading some threads. I did not click on anything, i was just reading, and this came up.... anyone know what the heck this is?

i was doing that fighting thing that everyone else was doing in that thread titled Fight Me! or whatever. and i remember someone saying that norton was reporting something fishy? maybe that thread and the links need to be closed?

 

I was the one that was reporting my Norton's was reporting attacks on each page. I thought it was strange that I was the only one seemingly affected. I haven't been to the site since my last visit when I beat his character.

 

it did not ask me to download or install anything, but yea something is up with that site.

 

As soon as the page was loaded, Norton's popped up saying it blocked downloader.swif, and I hadn't even began to d/l anything, just accessed the page. While I was choosing the fighter, it came up again, and as soon as the fight started it popped up once more.

 

mods, whats your take on this?

 

Downloader.Swif is a Macromedia Flash-based Trojan horse that downloads and executes a file. The downloaded file is typically a copy of Download.Trojan or Infostealer.Bancos.

Not exactly surprised. This is quite an old attack which I first noticed being used with video links on myspace in around 2004/5 .. I'm not sure about in this case.. to play obviously needs 2 way communication and it may be a false positive.

Anybody feel brave and actually download this thing and have a look-see what it does?

 

I get the same message on other sites(and I don't have Norton), for example on TPB. Not sure why, it doesn't always happen. I would be surfing for a few minutes on the site, and then suddenly I get that warning( on pages that worked just fine before). I ignore the message and continue, but is frustrating, as I have no idea why it is happening. I scanned the system and all that and didn't find anything.

 

homey--

just got that same window as you did from AD. was looking at 360 thread that will prob get closed in a few for multiposting and a new window popped up saying site attack blah blah. schools computers are also running norton i believe.

 

here is the thread in question http://forums.afterdawn.com/thread_view.cfm/764956

now I guess once you have a certain cookie or whatever bit of malware installed by accessing the site then it will trigger at random times whenever you encounter any live flash content.. that could be ads and popups.

funny thing is.. the first time I tried to have a look at that game (because I'm paranoid about flash games online.. they are in the same category as free download games and screensavers.. malware traps for kids XD) I was redirected to that crustat page myself.. but I have java and flash content blocked by default anyway.. since the first redirect it seems to ignore the redirect and loads.. I have no interest in playing some stupid game.. but it looks like a cookie has been set in my browser also.. konqueror goes mad about more cookies than I can shake a stick at.. I gave up after blocking about 60.

 

i am running norton as well (360). i think i will be staying away from that site. I am not worried about a virus eating my hard drive. just worried about key loggers and things like that.

 

Varnull-

I got the warning from a different thread than the fight me one. The one I got it from was a help me replace my xbox drive. And I haven't been to the fight me site on the computer I was using.

 

that's very interesting. are you having any problems with the bottom of pages not loading properly too? Last night I was having strange css errors which I guess could be related. the blue bit at the bottom wasn't loading first time.

 

could it be related to an ad trying to load on here?

 

It certainly could.. especially a flash based ad.

 

havent had that problem, but have had the page not fully load the background, it will just say the blue color that the border is, and then the thread text will be a shade darker blue, but usually if i refresh the page it will fix itself. does it prob once or twice a week on different computers i use.

 

I start to think that maybe there is a little tinkering behind the scenes testing aspects of the new site setup in preparation for the big changeover in a couple of months..

That's a guess.. anyway.. everything seems to be back to normal today after a day of cdn2 being slow as a donkey

 

I guess your right, its a matter of testing, but very annoying.
-------
Bob at: SPAM Central

 

lol i was going to say what? but hes suspended so.. nevermind. lol.

 

If you saw such a message, you are already infected with something. My ESET has captured a few trojans from this site in the past month...here is a list:
JS/TrojanDownloader.Iframe.NDY trojan
Win32/TrojanProxy.Small.NCX trojan
JS/TrojanDownloader.Zlob.B trojan
JS/TrojanDownloader.Agent.NHJ trojan

Do yourself a favor and get a good resident scanner like I have.