UTV Homepage Trojan?

Aepos

I'm getting a trojan warning from Kapersky Anti Virus when a banner pop up loads on the www.u.tv homepage, Has anyone else noticed this or is it a false positive?

Cheers

Aepos

PogMoThoin

Yep, its been hacked, this is what i get on firefox 3

Reported Attack Site!

This web site at www.utvlive.com has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

Aepos

Thanks,

God bless Mr Kapersky! It'll take UTV a while to sort that out based on past experience..


Cheers

Ae

MarkR

Had to check. Avg picked it up too.

Sponge Bob

UTV is OWNED by some Chinese hackers


What happened when Google visited this site?

Of the 60 pages we tested on the site over the past 90 days, 20 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 06/29/2008, and the last time suspicious content was found on this site was on 06/29/2008.
Malicious software includes 12 trojan(s), 10 exploit(s), 9 scripting exploit(s). Successful infection resulted in an average of 5 new processes on the target machine.
Malicious software is hosted on 8 domain(s), including heiheinn.cn, en-us18.com, qq117cc.cn.
3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including script46.com, qq117cc.cn, u.tv.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, www.utvlive.com/ did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

• Return to the previous page.
• If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

watty

AVG's pre-emptive link scanning is wrecking the Web more than script kiddies could.

1) Don't click on stupid banners
2) Block flash and only play it if you really want (add in on Firefox)
3) Make sure EVERY tick unticked in network device except TCP/IP or use a router / Firewall.
4) Run upto date Firefox/Opera/Safari not IE
5) Disable remote content in email
6) Don't use IE, or disable all ActiveX
7) Learn how to use PC and get rid of all the AV software. It WILL let you down
8) If really paranoid run Firefox on a Linux distro in a VMware VM on Windows and reset it from backup every time you load (Sandbox).

Other than rootkit stealth. www.silentrunners.org will allow you to identify what SW is getting run automatically.

Sponge Bob

watty wrote: »

AVG's pre-emptive link scanning is wrecking the Web more than script kiddies could.

If you google for (say ) Watty , AVG will check the 10 links that come back before you click on any of them, you may choose not to follow any of them but all 10 websites will get a hit from AVG.

I agree with Watty and turned off link analysis myself in the AVG control panel until they clean the mess up.

Good idea, bad implementation, the check should occur on mouseover or something like that .

azzeretti

watty wrote: »

7) Learn how to use PC and get rid of all the AV software. It WILL let you down

Why would you possibly suggest that having no AV installed is better than having some?

watty

I've been removing viruses from other peoples PCs since 1991. They nearly all had AV software.

I know people that have used computers since the late 1970s and never had a virus on their Windows and don't have AV. Education, configuration, choice of SW, browsing habits & Firewall/NAT beats AV software.

AV software always fails on Social Engineering attacks and new threats. My mail server has a LONG list of executable attachments and eats them. (vbs, cmd, scr etc not just com and exe).
I have file extensions turned on to see partypictures.jpg.exe etc
I don't believe in unsolicited email/links.
I check zips for files like

important.doc                                                                                                                                                            .scr

(or anything else excuteable) Hint. Move the scroll bar...

When I used to install small busineses I made 1 day of security training for all staff mandatory part of package.
Education not AV protects you from Spear Phishing or even ordinary phishing.

It's maybe not for everyone to turn off AV, but it can (and Spybot Search & destroy) can cause more grief and dataloss and waste of time than not having it.

Education, configuration, choice of SW, browsing habits & Firewall/NAT beats AV software, and makes your PC faster

BUT

Don't turn off/uninstall your AV unless you REALLY understand how to live without it.

watty

Sponge Bob wrote: »

If you google for (say ) Watty , AVG will check the 10 links that come back before you click on any of them, you may choose not to follow any of them but all 10 websites will get a hit from AVG.

I agree with Watty and turned off link analysis myself in the AVG control panel until they clean the mess up.

Good idea, bad implementation, the check should occur on mouseover or something like that .

In this case my web site only gets hit by AVG if it's scanning more than the 1st 12 links... I'm definitely not the Watty in the 1st twelve.

I don't know HOW you make that feature better. On some peoples PC & DSL it makes web browsing go about 1/3rd or 1/4 speed till you turn it off. Then of course you are intimidated with a red warning icon in the taskbar.

BoB_BoT

does anyone know how to disable the warning that the link scanner is disabled in avg? Would like to know if something else isn't working instead of the red notice that the scanner is disabled.

And @ Watty it's very true what you said, a little common sense and some training goes a long way in protecting your computer, but there's always some site that could be boobytrapped that the average user might fall prey to. Saying that, if you click yes to a popup, it's your own fault. :P Just like the UTV site is now a dangerous site until cleaned, most users wouldn't know that, unless their antivirus pops up telling them.

Also Watty, I think you may have just pointed out the solution to a problem i'm having with 20 computers and avg lol, not so fun browsing speeds and packet loss :P
Cheers

Sponge Bob

BoB_BoT wrote: »

d
Also Watty, I think you may have just pointed out the solution to a problem i'm having with 20 computers and avg lol, not so fun browsing speeds and packet loss :P
Cheers

maybe its this more so.

http://kb.mozillazine.org/Network.prefetch-next

about:config to get into firefox config

change value

network.prefetch-next true

to

network.prefetch-next false

and firefox will stop pulling them in all the time, less links to check in AVG , chillitude.

GerardKeating

Aepos wrote: »

I'm getting a trojan warning from Kapersky Anti Virus when a banner pop up loads on the www.u.tv homepage, Has anyone else noticed this or is it a false positive?

Cheers

Aepos

And it is still hacked, 12 hours later, i assume no-one works there are the weekend.

craichoe

azzeretti wrote: »

Why would you possibly suggest that having no AV installed is better than having some?

Because when a new virus appears someone has to get it for the Anti-Virii crowds to update their definitions.

Cabaal

Maybe their fixing it now as trying to visit it at the moment brings back:

The u.tv website is currently undergoing essential maintenance.
Please check back shortly.

Lets hope they improve a few things as I've found their site slow as hell the past two weeks,

peejay1986

I get warnings and virus scanner pop ups whenever I go on the site. Its a sign, they're evil!!!

Cabaal

peejay1986 wrote: »

I get warnings and virus scanner pop ups whenever I go on the site. Its a sign, they're evil!!!

nah just means there webmaster or whoever does there content managing is a bloody muppet and is not doing their job

peejay1986

Cabaal wrote: »

nah just means there webmaster or whoever does there content managing is a bloody muppet and is not doing their job

He fits in with the rest of the company then

Sully

UTV claim they are moving network and it should hopefully be resolved tommrow..

I dont think thats the cause of the problem tho, I think its just a common excuse.

Cabaal

well http://www4.u.tv/clicksilveraccountie is still down

peejay1986

The guy I was speaking to in Customer Service didn't even know about this. He was telling me that it must be my computer. Yeah......