OT: virus on the wild?

Faramir faramir.cl at gmail.com
Thu Jan 22 08:19:00 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello!
      I know this is off-topic, but this is related with security, and
as we know, if the computer is infected, the game is over. Tonight, a
friend told me he was searching for a site at google, and his AV warned
him about a virus, and asked me what could it be (I recommended him the
AV we both use). So I went to google, entered the name of the site and
clicked "search". Right after the results page loaded, the AV said it
had just blocked a virus (yes, I didn't even have time to click on the
link to the site). I searched the name of the virus (without much hope,
I never find any info about the virus Avast detects), and found the
following info:

- ---quoting---
Jan 18th - On Friday January 16th, a large number of websites worldwide
became the focus of a targeted attack. A malicious script was added to
the attacked pages, which redirects visitors to malicious servers
operated by the attackers and results in the the users' computers
becoming infected. This malicious script is detected by avast! as
JS:Packed-AB [Trj]. We have recorded almost 5000 attacks during the last
48 hours detected on more than 2000 websites worldwide.

At the moment, avast! is the only antivirus software fully detecting
this new malware.
- ---end of quote---
source: http://www.avast.com/eng/press-release-js-packed-ab-trj-.html

So, my first question is about if this is too much off topic to talk
here about it (I figure PGP-Basics OT can the a better place, but I
thought it was a good idea to send this message here, since it seems
it's a "big issue", and not everybody uses pgp-basics-ot).

And the second question is: Does somebody know about this virus? Is is
as fast spreading as it looks like?

And the third and last question is: why the AV detected the virus
_before_ I visited the site?

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJJeB3kAAoJEMV4f6PvczxAxf4H/2z0VyXLOUMHaw6vZHwh4Nt2
71wMA2MJDgozda7478CBV6qyvJST1qDoNjZAiJ1b1kchow7k3Rsf17hKBh6bW9zB
osInC9g7p5uM4dK8IFjIgLkj1loMiqiw4GX2mcgP3hm/l8KT76n6H4XFfOSFyNrj
PtQ64m/jdU/55rDLfJLW2HV9FTM2N2FmdztmTflQRQzXquAyRaLW0j7I/4zpqx4S
fiZTaUDVtGMqIMaBrMMdz4OBvH9j37jU0uCd4dKq7mz3OcCnOllmLHlurWe6OnQE
pnl8qnVepv0cLIwhAP4sfYS9gTPJ6CJdzUDzSNMMC2a7azeKm7HS5XKjCQ6Q7Rg=
=7t/g
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list