Author Topic: Oranjemundonline gets Hacked with a Trojan!  (Read 3491 times)

0 Members and 1 Guest are viewing this topic.

Offline Michael Alexander

  • *****
  • Administrator
  • Oranjemunder
  • *****
  • Posts: 16167
  • Karma: +53/-17
  • Location: Oranjemund 1972 - Present
    • Oranjemund Online
Oranjemundonline gets Hacked with a Trojan!
« on: May 12, 2011, 08:14:34 PM »
Sandy just informed me that the mainsite at www.oranjemundonline.com has a trojan, so I have taken the site down for an hour.

For you techies, this is interesting, if I look at the source code of my index.htm page, a line of code that links to a russian website has been inserted, This happened at 16H11 this afternoon and I am not too sure how they managed to insert the line of code.... nevertheless , not to critical, will just remove the offending line of code and try upload....

OPS 1976-1982 : CBC 1982-1988

Offline SandyB

  • Oranjemunder
  • *****
  • Posts: 5232
  • Karma: +41/-0
  • Oranjemund 1956 - 1980 now in Woodstock Cape Town
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #1 on: May 12, 2011, 09:25:28 PM »
My Trend  protection picked it up .. could not clean or quarrantine .. did a new upload of  latest protection .. did another scan and viola  sorted out .. PC still a bit cautious about Om have to  do 2 or 3 tries  to get to a page .. only prob its affected my documents settings  slightly .. should resolve
To see  sometimes  requires that you  first believe .

Offline Michael Alexander

  • *****
  • Administrator
  • Oranjemunder
  • *****
  • Posts: 16167
  • Karma: +53/-17
  • Location: Oranjemund 1972 - Present
    • Oranjemund Online
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #2 on: May 12, 2011, 09:28:15 PM »
Thanks 4 that Sandy, My AVG picked it up after you told me to go there... the source code to the page had changed, found the bad line, deleted it....it points you to some russian site.... then reuploaded the page.... seems fine now....

The problem, that bothers me, is how on earth did they do that.....

Interesting and shall research it a wee bit.....

thanks

OPS 1976-1982 : CBC 1982-1988

Offline Bertie Horak

  • Oranjemunder
  • *****
  • Posts: 2685
  • Karma: +33/-0
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #3 on: May 13, 2011, 06:55:11 AM »
Vee Rushions arr evvrywear!  image21
Oranjemund 1965-1982.

Offline Charles Scheepers

  • Oranjemunder
  • ****
  • Posts: 335
  • Karma: +22/-4
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #4 on: May 13, 2011, 05:34:20 PM »
Don't one need a Username and Password to upload to the FTP URL??? You might have a key stoke recorder hidden on your PC Mike...
We should take care not to make the intellect our god; it has, of course, powerful muscles, but no personality. - Albert Einstein (18791955)

Offline SandyB

  • Oranjemunder
  • *****
  • Posts: 5232
  • Karma: +41/-0
  • Oranjemund 1956 - 1980 now in Woodstock Cape Town
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #5 on: May 14, 2011, 10:41:35 AM »
My poor  laptop having a hard time .. since that attack  its got  7 quarrantined files and the  antivirus not yet  got update to  fix ,, and I keep on getting  popups showng  conhost exe being blocked .. have taken my virus protection up one notch but it slows everything down ...  not even going near my online banking till  its all clear ...
To see  sometimes  requires that you  first believe .

Offline Mike Stenson

  • Moderator
  • Oranjemunder
  • *****
  • Posts: 2327
  • Karma: +34/-0
  • Still in Oranjemund
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #6 on: May 14, 2011, 02:42:22 PM »
"Conhost.exe is a trojan"
http://www.adwareaway.com/definitions/c/conhost.exe.php

The is also a legit version of Conhost.exe  on every Windows 7/Vista PC, not sure about XP which is needed to run your PC, this Trojan masks under the the same name. So be careful what you delete you could bonk your PC.

For safe banking use a Linux Live Cd.
Linux has the ability to run straight from a cd, this means that every-time you boot the cd, you can be sure its bug free.

Might be time to move to Windows 7.......

You may have to Use a Spy-ware removal program to get rid of it.

Read this to..http://www.articlesbase.com/security-articles/conhost-exe-removal-how-to-uninstallremove-conhost-exe-easily-from-your-pc-3830014.html
« Last Edit: May 14, 2011, 05:54:23 PM by Mike Stenson »
"Computers are like air conditioning, Nether work when you open windows !"

Offline Michael Alexander

  • *****
  • Administrator
  • Oranjemunder
  • *****
  • Posts: 16167
  • Karma: +53/-17
  • Location: Oranjemund 1972 - Present
    • Oranjemund Online
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #7 on: May 14, 2011, 08:00:58 PM »
@ Charles, you are indeed right, you do need a username and Password to upload onto the Server with FTP......

I can also assure you that there are no Keyloggers on my PC's......

Still interesting though....
OPS 1976-1982 : CBC 1982-1988

Offline SandyB

  • Oranjemunder
  • *****
  • Posts: 5232
  • Karma: +41/-0
  • Oranjemund 1956 - 1980 now in Woodstock Cape Town
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #8 on: May 14, 2011, 11:06:45 PM »
currently  my poor laptop in distress ...  continual popups warning me .. Trend not there yet  all quarrantined  but no action ,,  .. ok a new one crxxs exe ... just popped up ...  gonna have to take sick child t experts .. hell this russian opened up a total can of worms ..  for bankong gonna use the work laptop only ..
To see  sometimes  requires that you  first believe .

Offline Mike Stenson

  • Moderator
  • Oranjemunder
  • *****
  • Posts: 2327
  • Karma: +34/-0
  • Still in Oranjemund
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #9 on: May 15, 2011, 08:50:06 AM »
Trend probably will never be there.... you got to use a Spy-ware remover..... Might not be part be part of Trend if you using the Free Version.
The are lots on the Internet... Google around....
Conhost.exe is not a new Trojan... has been around for years..

Try this....http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=rb_content;contentMain

Don't be surprised to find other bugs to....

http://anti-spyware-review.toptenreviews.com/malwarebytes-anti-malware-review.html

« Last Edit: May 15, 2011, 09:03:02 AM by Mike Stenson »
"Computers are like air conditioning, Nether work when you open windows !"

Offline Charles Scheepers

  • Oranjemunder
  • ****
  • Posts: 335
  • Karma: +22/-4
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #10 on: May 16, 2011, 07:37:53 PM »
Key loggers also hide ON the host site. There are quit a lot of open ports between a normal PC and a Host. Even after or before a fire wall.These days its a art to keep a site with constant traffice safe. I think your site just fell in the boundle with heavy traffic. The need to hi-jack data is the same as a tik addiction. What I can't understand is, why screw with the code....what will he gain by this......???
We should take care not to make the intellect our god; it has, of course, powerful muscles, but no personality. - Albert Einstein (18791955)

Offline SandyB

  • Oranjemunder
  • *****
  • Posts: 5232
  • Karma: +41/-0
  • Oranjemund 1956 - 1980 now in Woodstock Cape Town
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #11 on: May 16, 2011, 09:41:26 PM »
My laptop currently  in " hospital" seems I picked up the start of the attack before Mike managed to wrest it out of Omundonline  , according to the Nerds working on gettting it back in shape ... the amount of attempts to breach defenses  caused the antivirus to shut down all acess .. somthing like  3900 attempts in a  very short  space of time  .. that despite the trojan being quarrantined , it had cohorts trying to  do other damage  ...  bloody russians ///   ThatStinks2
To see  sometimes  requires that you  first believe .

Offline Robert Bruce

  • Oranjemunder
  • *****
  • Posts: 1127
  • Karma: +47/-0
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #12 on: January 11, 2012, 10:16:37 AM »
As long as my security software keeps your bugs and trojans out, I am happy!

I now use Norton. Previously I used a number of the branded products like Kaspersky, ZoneAlarm etc but have since last year, found Norton to be the best.

Norton is low maintenance. The others tended to be too clunky and needy of updates. Well worth the investment.
ROBERT BRUCE

Offline SandyB

  • Oranjemunder
  • *****
  • Posts: 5232
  • Karma: +41/-0
  • Oranjemund 1956 - 1980 now in Woodstock Cape Town
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #13 on: January 11, 2012, 10:21:09 AM »
Trend updates  at least twice daily automatically  , and will scan if  one has not  set up sheduled  scans  or done a manual scan ..   no system is perfect   cos there is always some  crazy somewhere cooking up  even more devious  attacks ....
To see  sometimes  requires that you  first believe .

Offline Robert Bruce

  • Oranjemunder
  • *****
  • Posts: 1127
  • Karma: +47/-0
Re: Oranjemundonline gets Hacked with a Trojan!
« Reply #14 on: January 11, 2012, 10:54:22 AM »
In all honesty Sandy, I blame Bill Gates for the rise of the trojan and other malware issues we have.

Notice that it is only Windows OS that gets attacked. Thiis is because his business model was based on licencing other PC manufacturers (IBM, Dell etc) to mess about with their coding.

Stave Jobs and WOz refused to permit any 3rd party access to the Apple OS code. And so Apple remains malware free.Yes it has it's own coding bugs but we are not subjected to the constant attacks which Windows OS has allowed to happen.

So go Apple or Linux or any OS that has not been licensed out to 3rd party PC manfacturers. Drop Windows.... says he who operates a Windows 7 laptop made by HP and has to update regularly......!
ROBERT BRUCE