PDA

View Full Version : Malware on NYCAviaion...... woops... too late



Derf
11-02-2009, 11:49 PM
The website at nycaviation.com contains elements from the site altunbilgisayar.com, which appears to host malware software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for altunbilgisayar.com.

************************************************** ****************


Diagnostic page for altunbilgisayar.com

What is the current listing status for altunbilgisayar.com?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 4 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-11-02, and the last time suspicious content was found on this site was on 2009-11-01.
Malicious software includes 2 scripting exploit(s), 2 trojan(s), 2 exploit(s).

This site was hosted on 1 network(s) including AS34104 (GLOBAL).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, altunbilgisayar.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 3 domain(s), including cutlerkauai.com/, halter.gov.tr/, jxcomputertech.com/.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.




MY Pc at work got infected with this today but I had 6 different websites open, Using google chrome, I got this message and found that I had it open with IE and that is why I am typing this message. It got past IE with no problem. I love Google Chrome and do not thing I am going to use IE anymore as it just sucks. It is slow, annoying and just never as quick or nice to use a Chrome. If your using IE....Sorry to say you are probably infected too :(



Sucks to be on the attack guys, sorry to be the one to have to notify on this. Possible it is a false positive....NOT PROBABLE :(

Matt Molnar
11-03-2009, 04:29 AM
Thanks for the heads up, Fred.

Just to confirm, you are just receiving a warning, correct? You have not actually been infected?

This is related to the attack we suffered a couple of weeks ago. While we removed all the offending code that we could, there is apparently still be some difficult-to-trace badness buried somewhere.

From the best we can tell:

a.) Nothing from NYCA is actually infecting anyone!

b.) Occasionally, pages on NYCA (both the forums and the main site) are attempting to load a file from altunbilgisayar.com, but the altunbilgisayar site is down and nothing is actually being downloaded, which is good.

c.) It seems Chrome and Firefox have recently added the altunbilgisayar.com url to their blacklists, so if nyca attempts to download a file from there, you'll see a warning, even if the load fails.

d.) Obviously, we don't want our site attempting to download anything we didn't ask it to, even if it's not successful

e.) Unfortunately we've been unable to track down the problem, up to now. Now that blacklists are involved this will be the toppest of top priorities. Thankfully, my schedule should allow more time for this to happen this week than the past couple of weeks.

f.) We would never knowingly put you in danger. If we have to shut down the site for a few days to fix it, we will. But hopefully we won't have to.

Derf
11-03-2009, 08:13 AM
pc at work was infected with a Trojan but the security found it and deleted it and gave me notification. When using Google chrome I CURRENTLY get a big red STOP page that the website is currently infected and that is the info I pasted above. I still get the same message this morning and will not attemp with IE as it let's me in with no issues. My security has not seen the infection or is not picking it up. Until Google says it is safe I will post from my IPhone.



Sent from my iPhone and don't*forget to check out my web site WWW.Longislandwallpapers.com (http://WWW.Longislandwallpapers.com)

Matt Molnar
11-03-2009, 09:17 AM
Darn. Okay.

PhilDernerJr
11-03-2009, 06:19 PM
I would just like to clarify that it is not sure that what Derf encountered was caused by NYCAviation. We have no other indication that there is a threat to anyone by coming to the site. regardless, we are working to cleanse the entire site.

NIKV69
11-03-2009, 07:50 PM
If it helps you guys my virus blocked a trojan on 10/24 (exploit i frame) 4 times around 6pm not sure what I was surfiing at the time

mirrodie
11-03-2009, 09:34 PM
Actually, our IT at work said I had a trojan virus on my PC. Of the dozen in my office, only my personal PC was affected. This was found on ....last Firday 10/30. NO idea on whether or not its site related.

wunaladreamin
11-04-2009, 04:57 PM
My computer is fine so far but lately, I've been experiencing a burning sensation every time I tinkle. Not sure iffin it's site related.

mirrodie
11-04-2009, 07:44 PM
Nah. Ever take sex ed? It might be some OTHER type of virus.


-your friendly neighborhood doctor.

Derf
11-06-2009, 08:30 AM
Now the homepage is going to a different site...the same one that had given me the trojan a few days ago.
IT notified me at work ad asked that I not visit the site. I told them off ten ways to China (on the inside).




What is the current listing status for altunbilgisayar.com?
Site is listed as suspicious - visiting this web site may harm your computer.

What happened when Google visited this site?
Of the 4 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-11-05, and the last time suspicious content was found on this site was on 2009-11-05.
Malicious software includes 2 scripting exploit(s), 2 trojan(s), 2 exploit(s).

This site was hosted on 2 network(s) including AS34104 (GLOBAL), AS21844 (THEPLANET).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, altunbilgisayar.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 10 domain(s), including olimpianet.net/, samojede.org/, cutlerkauai.com/.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

PhilDernerJr
11-06-2009, 10:14 AM
Workin on it...

Fighting_falcon_51
11-07-2009, 04:28 PM
There was another attack today..... If you visited this site and you were unprotected I strongly recommend that you download these two programs to make sure you did not pick anything up.

http://download.cnet.com/AVG-Anti-Virus ... ?tag=mncol (http://download.cnet.com/AVG-Anti-Virus/3000-2239_4-10385707.html?tag=mncol)

http://download.cnet.com/Malwarebytes-A ... ?tag=mncol (http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol)

Mellyrose
11-07-2009, 08:59 PM
You guys...if you go to the homepage and are redirected to that strange site, just don't click anything. The "warning" that it gives you is not a virus software, it's just the homepage to the bot site. You can't get infected if you don't click anything. Do people realize this? In the meantime, just come straight to the forums: www.nycaviation.com/forum (http://www.nycaviation.com/forum)

Fighting_falcon_51
11-07-2009, 09:25 PM
Mellyrose I am not trying to knock you down or anything but malware is designed to loads itself on to your computer without user consent, so you just have to visit a malware infected website to get it on your computer. This is why I stress having protection. Anyway I bet the NYCA team is working around the clock to get this issue sorted out.

btw- Im not talking about www.nycaviation.com (http://www.nycaviation.com) but malware in general.

Mellyrose
11-07-2009, 10:36 PM
I know you aren't trying to knock me down...what I meant though, is that some people are quoting the warning that the website is giving, as what their anti-virus is giving as a warning. If your virus software isn't showing something, I don't think you have reason to worry.

And yes, I can vouch that the NYCAviation staff is working diligently to fix this problem...I live at NYCA HQ :)

Matt Molnar
11-08-2009, 04:33 AM
UPDATE

We have found and destroyed what we think was the last of the malicious code. Please let us know if you get anymore warnings in the coming days.

Speedbird1
11-08-2009, 06:13 AM
I had severe problems with malware infections 2 weeks ago but it didn't come from NYC Aviation. Part of my problem was that the anti-virus program I was using, Avira was ineffective. My PC was crashing and the video drives were corrupted; I got fluorescent colors and giant print on all sites. I finally got rid of it. I was so frustrated that I was ready to dump the PC in the trash. It was my first PC too but is working fine now.

Gerard
11-08-2009, 09:59 PM
Just saw a piece on "60 Minutes" tonite about hackers breaking into our infrastructure. Some pretty scary stuff
going on EVERY DAY!!

Speedbird1
11-09-2009, 06:24 AM
I have Avast Anti-virus protection downloaded into my PC. Hopefully it will prevent a virus from entering my PC.

T-Bird76
12-10-2009, 08:20 PM
My computer is fine so far but lately, I've been experiencing a burning sensation every time I tinkle. Not sure iffin it's site related.

Sorry Kenny should have told you before hand.

wunaladreamin
12-11-2009, 05:55 PM
My computer is fine so far but lately, I've been experiencing a burning sensation every time I tinkle. Not sure iffin it's site related.

Sorry Kenny should have told you before hand.
You Tiger'd me!!!

YOU BITCH!!! :lol: :lol: