Home Risen Risen2 Risen3 Forum English Russian

Registrieren Hilfe Kalender Heutige Beiträge
Ergebnis 1 bis 8 von 8
  1. #1 Zitieren

    Metasyntaktische Variable
    Avatar von foobar
    Registriert seit
    Sep 2004
    Ort
    Direkt hinter dir! Buh!
    Beiträge
    23.996
    Malicious Javascript from the World of Players


    Dear users,

    we would like to inform you about a security problem with our servers. We do this so that you can take the necessary steps to protect your privacy and the security of your systems.


    What happened?

    The advertisements that you can see in the forum and on our websites and which we use to finance our network is provided by a server. This server runs a special software named “OpenX”. This software had a programming error which allowed an unknown attacker to manipulate the data it sends out (using a so-called SQL injection). In addition to the normal advertisements, the server also delivered a malicious Javascript. This happened at December 10th, at around 15:00 CET.

    If the browser executes this script, it loads more malicious code from the internet and attempts to execute it. It is believed that this additional code would then try to gain control over the system.


    What did we do?

    We reinstalled the ad-server completely from scratch and closed the security flaw in the software. By that, we can ensure that the ads delivered by this server are now clean again.


    What does that mean for you?

    If your webbrowser does not execute Javascript (e.g. because you use the Firefox addon “NoScript” and made no exception for the World of Players), then your system never was in any danger. You are equally safe if you are using an ad-blocker that block everything (not just images!) from our ad-server.

    Otherwise, there is a possibility that your system has been compromised. Since we do not know what exactly the malicious code from the internet was supposed to do (the server were taken offline rather quickly), we prefer to err on the side of caution and assume the worst. That is that your system could now be under control of someone else.

    Please note that using a virus scanner or a so-called “personal firewall” does not provide reliable protection against this kind of attack. You could still be affected.


    What can be done?

    You do not have to be infected but you could be. Basically, two options are available. One is more secure, the other is easier and involves less work. Choose according to your needs of security and/or level of paranoia.

    The simple solution

    For a simple check if your system has been infected, we suggest that you download at least one (better more) system rescue discs from renowned antivirus companies. Start your system from these discs and use them to scan your computer.

    A selection of rescue discs:

    The reason for this is: If your computer is already infected, you cannot trust the running system anymore (including any antivirus software running on it). It could already be manipulated. Hence, you have to boot from a medium that is guaranteed to be clean and then perform your scan from there.

    If the scanner finds something, you can rename the files into something harmless (e.g. “SUSPICIOUS.EXE” into “SUSPICIOUS.EXE.TEST”) and see if this has any negative impact on your system.

    However, if the scanner does not find anything, this does not mean that there’s nothing on your system. Virus scanner are, by their very nature, not 100% accurate. Also, there is no guarantee that renaming or deleting any infected files remove all manipulations of your system.


    The secure solution

    If you want to make absolutely sure that your system is cleansed of all possible infections, you have to install it from scratch. Format your hard disks and install the operating system and applications from sources that are known to be clean (e.g. original medium).

    Short guideline:
    1. Get yourself a rescue system like Knoppix or the System Rescue CD
    2. Disconnect from the internet
    3. Boot the rescue system and backup all your personal files, documents, settings
    4. Completely erase all hard disks (including MBR)
    5. Install operating system and required applications
    6. Install all patches and updates available (you can use WSUS Offline Update on another computer to create a medium that will automatically install all Windows and Office updates)
    7. Configure your system and applications to maximum security (e.g. close all unneeded ports)
    8. Now you can reconnect to the internet
    9. Restore your data backup, but make sure that is clean and not manipulated


    Please note that all data that was stored or entered on the system while it was compromised must be considered public knowledge. That includes passwords, PINs and other information. Change all passwords, keep a close eye on your bank account and credit card bill (if applicable) and inform other parties that may be impacted by this leak.


    Final comments

    We would like to apologize for the inconvenience. Unfortunately, stuff like this happens. It is a sad reality that all software is written by humans and thus, prone to errors. Some of which can be exploited by bad people.

    You might think that it would be wise to block our ad-server in the future but we urge you to reconsider. The money from those ads pays for our servers and internet connection. Without it, the World of Players cannot function. And if something like this happens again, there is no guarantee that it will affect the ad-server again. It might as well hit something else in the network. So please do not block the ads.


    Any questions and comments can be posted in this thread.

    foobar ist offline Geändert von foobar (11.12.2012 um 20:12 Uhr) Grund: typo

  2. #2 Zitieren
    Demigod Avatar von Dino
    Registriert seit
    Sep 2006
    Ort
    Home
    Beiträge
    9.046
    I got an error msg from the Java software last morning(11.12.2012 @ ~08:30 AM gmt+2) that requested me to install some updates and stuff. Naturally I cancled it. Do you think that, despite the fact that I did cancel and terminated my Java, there's a chance for my computer to be corrupted by the malicious software attack? I have disabled pop-ups and set up some general security programs, firewall & other protection settings and utilities.

    I needed to format the HDD and reinstall the OS anyway, due to my computer failing, so I might do that in the near future just to be sure anyway.
    Dino ist offline

  3. #3 Zitieren

    Metasyntaktische Variable
    Avatar von foobar
    Registriert seit
    Sep 2004
    Ort
    Direkt hinter dir! Buh!
    Beiträge
    23.996
    Despite the similarity in name, Java has little to do with JavaScript. The two just look a bit alike but are technically completely different. I doubt there’s any connection.

    Nonetheless, when Java tells you to update, you should update. Java has had a lot of trouble with security vulnerabilities as of late and became sort of the favourite target for any bad guy out there. If you need it, at least keep it up to date. If you only need it as runtime (and not inside your webbrowser), deactivate the Java plugin in your browser.
    foobar ist offline

  4. #4 Zitieren
    Demigod Avatar von Dino
    Registriert seit
    Sep 2006
    Ort
    Home
    Beiträge
    9.046
    It was different from the usual update screens and as I said it was some sort of error; not a notification for an update. It requested to install some stuff which I denied and shut it down. I tend to be a bit paranoid when it comes to such things, but I've been "hacked" before and I can't help but to be a bit suspicious about random things happening to the PC.

    Thanks for the info anyway.
    Dino ist offline

  5. #5 Zitieren
    Deus Avatar von Maladiq
    Registriert seit
    May 2008
    Ort
    WoP Servers
    Beiträge
    11.229
    I have Ad Block Plus installed and I don't see any add on WoP. Could I be safe?

    And how come no one warned the guys @ WoG.en?
    For the most recent Elex news, the new Piranha Bytes RPG, visit us at World of Elex!!!
    Maladiq ist offline

  6. #6 Zitieren

    Metasyntaktische Variable
    Avatar von foobar
    Registriert seit
    Sep 2004
    Ort
    Direkt hinter dir! Buh!
    Beiträge
    23.996
    Zitat Zitat von Maladiq Beitrag anzeigen
    I have Ad Block Plus installed and I don't see any add on WoP. Could I be safe?
    Yes, you could be safe.

    And how come no one warned the guys @ WoG.en?
    Everyone should always read the World of Risen forums. That’ll teach them!
    foobar ist offline

  7. #7 Zitieren
    Deus Avatar von Maladiq
    Registriert seit
    May 2008
    Ort
    WoP Servers
    Beiträge
    11.229
    Zitat Zitat von foobar Beitrag anzeigen

    Everyone should always read the World of Risen forums. That’ll teach them!
    I made a thread there and quoted your first post.

    As for my security... I don't have any information on my laptop which could cause me financial problems (I don't use a debit or credit card, nor PayPal or anything else). Btw, I don't have any anti-virus installed. If I install one now, will it be corrupted by the virus or whatever it is?
    For the most recent Elex news, the new Piranha Bytes RPG, visit us at World of Elex!!!
    Maladiq ist offline

  8. #8 Zitieren

    Metasyntaktische Variable
    Avatar von foobar
    Registriert seit
    Sep 2004
    Ort
    Direkt hinter dir! Buh!
    Beiträge
    23.996
    Zitat Zitat von Maladiq Beitrag anzeigen
    Btw, I don't have any anti-virus installed. If I install one now, will it be corrupted by the virus or whatever it is?
    No certainty. But it could happen.
    foobar ist offline

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •