PDA

View Full Version : Blackhole Toolkit Attack from Forum's URL?



wingsdad
June 11th, 2011, 10:27 AM
I don't know what it is, or any other of that stuff...it's why a dummy like me has Norton's Internet Condom protecting my pc. But my first attempt to come here this morning resulted in this, as the Forum site was stopped from connecting:
http://i17.photobucket.com/albums/b81/wingsdad/BlackholeToolkitAttack061111_9A.jpg
I cropped off my web address info, of course...Am I reading this correctly, that the attacking computer URL somehow originated from here?
Anyone else have this happen?

ET335
June 11th, 2011, 01:54 PM
I just now came online here and have never had that happen...also running norton.

Robert will probably be able to find out hopefully.

Robert
June 11th, 2011, 03:02 PM
Hmm, sounds strange. It seems to be coming from that protecto-avi address, not the Fret. Perhaps your computer is infected already?

ZMAN
June 11th, 2011, 03:03 PM
Me to!

Robert
June 11th, 2011, 03:33 PM
Me to!

You too have the Norton warning when you went to the Fret, is that what you mean?

ZMAN
June 11th, 2011, 06:11 PM
You too have the Norton warning when you went to the Fret, is that what you mean?
Yes, and it was around the same time.
I didn't look into the pop up, My system has not been affected in any way.

marnold
June 11th, 2011, 06:33 PM
There's a lot of stuff about that rootkit on the Net. You might want to have whoever is in charge of The Fret's server check it out.

Tig
June 11th, 2011, 09:39 PM
I get nothing from home or work. Of course, work spends more per month in network protection than my house is worth!

For home, I'm running the latest Norton for anti-virus, Zone Alarm for firewall, and Malwarebytes for anti-malware.

Tig
June 11th, 2011, 09:43 PM
I ran the protector-avi.co.cc URL through Websense's ACEInsight search, but found no alerts for it. (I used to admin Websense for Waste Management, Inc.).

The URL might be misleading, so I wouldn't focus too much on it.

Robert
June 12th, 2011, 11:46 AM
I upgraded the forum to the latest version.

Does this solve this issue?

I believe it was a CSS cross-site scripting attack, using an exploit in the forum software. This new upgrade should solve that - let me know please.

Ch0jin
June 12th, 2011, 03:27 PM
It fixed the issue that I was seeing with Avast anti-virus.