Trojan warning

[Lillie]

Note. As I seem to have been mistaken, and I was the only one having this problem, I have edited out the name of the site.
My apologies to them.

The *********** site seems to have a trojan.

I went there yesterday, and my anti virus (MSE) warned me that there was something bad there.
It then blocked and removed a trojan.

I thought it might be a bad ad, or something like that, and I forgot about it.

I went there again today (I clicked a link from Duo, without thinking about it). Exactly the same thing happened.

The trojan is Trojan:JS/Alescurf.D

I don't know if they are aware of this, or if I should warn them.
And if I should, then how? As I don't want to go back to the site.

Anyway. Just putting this up as a warning for anyone else that might go there.

If I shouldn't have posted this, then please remove it.
I didn't know what was the best thing to do.

 

[defcon6000]

Thanks for the warning, Lillie.

I haven't been on their site for a bit, so I can't remember if they have ads or not. Usually it's a the ads (because Google doesn't screen them like they say they do). I remember Dragon Cave had an issue like that around the holidays.

Best thing to do is to have an ad blocker (if it is ads).

 

[Lillie]

Yeah, maybe.

I have Ad Block Plus, and NoScript.
The thing on Dragon Cave never bothered me. I wouldn't have known it was happening, if not for the fuss.
I was there all the time, with no worries.

I don't think MSE has been triggered to warn me about anything for a couple of years. So that's part of what worried me.

Yes, I agree, everyone should have an ad blocker. A good one.
But it wasn't ABP that blocked this, it was MSE.

Anyway, I don't want to make a fuss over nothing, or to cause trouble for Wily Writers, but I went there twice, and exactly the same thing happened. So I thought it ought to be mentioned.

Maybe I'm wrong. I never know what to do for the best with things like this.

 

[defcon6000]

Hmm, I'm going to try something 'cause I use Avast antivirus and it's not picking up anything. I'll do a bootscan 'cause something might've snuck in under radar.

 

[goldmund]

Lillie, thank you for warning us about a Trojan on our site.
Unfortunately, your warning wasn't quite right for us, so I'm afraid we're going to pass, but we think your warning had merit, so we wish you the best of luck in placing it elsewhere.

 

[Lillie]

Lol

 

[defcon6000]

Well, did some investigating. This is the Trojan's description. Though oddly, I didn't catch it from their site, however, I have noticed in the past that their site will try to redirect you to another. So I'm guessing it doesn't always come up. They'll need their webmaster or webhost to look at the site and see if it has been compromised, so telling them would be a good idea -- if they're unaware.

As for me, I cleared out a bunch of nasty cookies.

Definitely recommend getting an anti-spyware like SUPERAntiSpyware or malwarebytes (though malwarebytes seems to dislike some files in firefox/seamonkey and will flag them as false positives) to catch any buggies that your antivirus doesn't catch.

 

[Lillie]

Well, I'm glad you didn't get anything

But if it was just me, I'll feel like a right tit.

 

[defcon6000]

It's a Trojan embedded in the script, so you may have gone on a certain page that I didn't and triggered it.

But I do think it's there since their site has behaved oddly in the past.

 

[MacAllister]

1. Why your adblocker is hurting the sites you love

2. Often malware is designed with a sort of built-in "time-bomb" parameter that instructs it to wait until you've visited X number of URLs before activating. You pick up some little bug that lays dormant for hours, days, or even a couple of weeks if you're not a heavy web browser, then ta-DA, it activates, and up pops your anti-virus or firewall warning. It might well have nothing at all to do with the page you're actually currently visiting.

 

[dgrintalis]

I saw this post last night and the zine name, but was on my way to bed. I meant to post this this morning and totally forgot. I, too, received the same alert (regarding the same Trojan specified above) from Malwarebytes upon visiting that site. I left a message for the editor on the private HWA message boards and I've sent her an email as well.