Nuclear Exploit Kit Re-direct 4

dorian · Guru

Nuclear Exploit Kit Re-direct 4

03_Troopy · Guru

Santa wrote:
Linux is simply not a practical solution for most users.
Top Ten Disadvantages of Linux
http://www.brighthub.com/computing/linux/articles/12838.aspx

That link is 7 years old Santa, and to be honest, most of the reasons they give simply point out that if you are a very slow at learning, then Linux probably won't suit you. They forgot to add that if you fall into this category, you'd be better off with an Apple product anyway...

Been using Linux Mint 17 for about a year now and although I do have a windows 8.1 machine, it very rarely gets switched on these days. My 9 year old laptop runs so much faster on Linux than my 12 month old windows laptop.

Why Linux is still better than Win 10

5 way Ubuntu is better than windows 10

If you want to search, you can find many links to articles for either end of the argument.

-- Edited by 03_Troopy on Tuesday 23rd of February 2016 09:01:00 AM

dorian · Guru

I edited out the "redirect code" in the "200x100.gif" file and launched it in OffByOne (a browser that does not support Javascript). The result was the Grey Nomads home page.

I notice that the current version of the page we are looking at no longer has the hidden ad section. I wonder what the web designer had in mind.

Edit:

Here are the original images (from the WayBack Machine):

http://web.archive.org/web/20150823224403/http://www.thegreynomads.com.au/Blackall.jpg
http://web.archive.org/web/20150315163116/http://www.thegreynomads.com.au/200x100.gif

Edit #2:

If I try to access a non-existent file, the GN server does not report an error. Instead it sends me to the GN home page:

http://www.thegreynomads.com.au/blahblah.gif

I'm now doubting that the 200x100.gif file really was the source of the AV alert. I suspect this GIF had already been deleted, in which case I would have saved the home page and submitted it to VirusTotal rather than the image file. This in turn would suggest that the home page was "infected" rather than a non-existent GIF.

-- Edited by dorian on Tuesday 23rd of February 2016 11:22:08 AM

Webmaster · Guru

Just to clarify that the Grey Nomads website has been thoroughly checked over by an internet security company, and will be monitored and scanned on a daily basis to check for unusual activity. In terms of the code in the header of the forum, that was old code relating to adverts that I have now taken down. There was nothing sinister in that code but I have now tidied it up. I believe the ‘re-direct’ Dorian is referring to is the code that normally takes visitors who click on the logo in the banner to our website. The banner was offline due to an unrelated issue, but is now fixed. Again, there is nothing sinister in that coding. We have taken all possible steps to ensure that you are all able to enjoy the website and forum without problems, and hope you will continue to do so.

-- Edited by Webmaster on Tuesday 23rd of February 2016 11:50:37 AM

Santa · Guru

03_Troopy wrote:

If you want to search, you can find many links to articles for either end of the argument.

-- Edited by 03_Troopy on Tuesday 23rd of February 2016 09:01:00 AM

I agree, it's easy to cherry pick and come up with a counter argument.

I've been running Windows since 95, admittedly I've had the odd hiccup, however over all my experience has been good.

My feeling is the operating system debate is a little like the GM Ford thing, in the end both will get you to your destination, one may well be superior to the other but owners of either brand won't give an inch.

My wife is an Apple user, graphics are good but I find W10 more intuitive and much easier to navigate, probably because I know my way around the Windows platform and see no good reason to change.

If it ain't broke don't fix it. biggrin

-- Edited by Santa on Tuesday 23rd of February 2016 04:46:56 PM

Sharke · Senior Member

Deleted by Sharke

-- Edited by Sharke on Tuesday 23rd of February 2016 08:06:07 PM

Santa · Guru

Sharke wrote:
Santa
The article you refer to was written in 2009. Linux has improved leaps and bounds since then. My usual response to this is show me something you use in windows and i will show you the equivelant in linux. the last count there was over 65 different versions of the linux operating system.
Cheers
Jeff

G'Day Jeff,

I understand the enthusiasm for the OS you use, quite understandable, if you read through my reply to Troopy a couple of posts back I think I have made myself pretty clear, Windows has served me well for over twenty years and continues to do so, I see no logical reason to change.

Computers are not a hobby for me, my prime use is for Technical Analysis of the stock market, I have my PC's fine tuned for this task, my charting and analytical program of choice is Metastock http://traderplus.com.au/software-review-metastock-11/ I'm sure Linux has compatible charting software however I doubt it would even come close to Metastock.

Linux is your OS of choice, Windows is mine, vive la difference. smile

dorian · Guru

03_Troopy wrote:
Been using Linux Mint 17 for about a year now ...

Beware of hacked ISOs if you downloaded Linux Mint on February 20th!

http://blog.linuxmint.com/?p=2994

I'm sorry I have to come with bad news.

We were exposed to an intrusion today. It was brief and it shouldn't impact many people, but if it impacts you, it's very important you read the information below.

What happened?

Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.

Does this affect you?

As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.

-- Edited by dorian on Tuesday 23rd of February 2016 06:29:10 PM

03_Troopy · Guru

dorian wrote:
03_Troopy wrote:
Been using Linux Mint 17 for about a year now ...
Beware of hacked ISOs if you downloaded Linux Mint on February 20th!
http://blog.linuxmint.com/?p=2994
I'm sorry I have to come with bad news.

We were exposed to an intrusion today. It was brief and it shouldn't impact many people, but if it impacts you, it's very important you read the information below.

What happened?

Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.

Does this affect you?

As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.

Yeah I know Dorian, but I downloaded the original iso a year ago. Santa also posted about it Read here

But, any website can be hacked, just a little bit surprised the Linux Mint guys were a tad slack. Actually the site was also hacked on the 28 Jan 16, and a forum members details list stolen.

Desert Dweller · Guru

If Cindy the Webmaster has posted the ALL CLEAR, that's good enough for us! Let's get back to the enjoyment rather than technical arguments of virus intrusion.

03_Troopy · Guru

Desert Dweller wrote:
If Cindy the Webmaster has posted the ALL CLEAR, that's good enough for us! Let's get back to the enjoyment rather than technical arguments of virus intrusion.

If it's above your head, don't read it... simple eh? biggrin

Sharke · Senior Member

The article you refer to is dated 2009 Linux has improved greatly since then. I have installed Linux on many friends computers and have never been unable to get them fully operational,

Cheers

Jeff

Santa · Guru

Sharke wrote:
Deleted by Sharke

-- Edited by Sharke on Tuesday 23rd of February 2016 08:06:07 PM

Interesting deletion Jeff wink fortunately your post survives in my reply quoting it.

For those who would like the full context here is your original with my reply. biggrin

Sharke wrote:
Santa
The article you refer to was written in 2009. Linux has improved leaps and bounds since then. My usual response to this is show me something you use in windows and i will show you the equivelant in linux. the last count there was over 65 different versions of the linux operating system.
Cheers
Jeff

G'Day Jeff,

I understand the enthusiasm for the OS you use, quite understandable, if you read through my reply to Troopy a couple of posts back I think I have made myself pretty clear, Windows has served me well for over twenty years and continues to do so, I see no logical reason to change.

Computers are not a hobby for me, my prime use is for Technical Analysis of the stock market, I have my PC's fine tuned for this task, my charting and analytical program of choice is Metastock http://traderplus.com.au/software-review-metastock-11/ I'm sure Linux has compatible charting software however I doubt it would even come close to Metastock.

Linux is your OS of choice, Windows is mine, vive la difference. smile "

Tonca 47 · Newbie

Hi.
I run Kaspersky total security on my Macbook Pro and PC. It picked up this virus on my Mac HEUR:trojan.script.framer. It also picked up a different virus on my PC.
It would appear even the Apples aren't safe anymore.

Peter

The Phantom · Guru

Tonca 47 wrote:
Hi.
I run Kaspersky total security on my Macbook Pro and PC. It picked up this virus on my Mac HEUR:trojan.script.framer. It also picked up a different virus on my PC.
It would appear even the Apples aren't safe anymore.

Peter

Apple computers have never been safe, just expensive

The Phantom

dorian · Guru

AIUI, the "Nuclear Exploit Kit" malware alert was a false positive. The clue is in the name -- "HEUR:trojan.script.framer".

en.wikipedia.org/wiki/Heuristic_(computer_science)#Virus_scanning

Many virus scanners use heuristic rules for detecting viruses and other forms of malware. Heuristic scanning looks for code and/or behavioral patterns indicative of a class or family of viruses, with different sets of rules for different viruses. If a file or executing process is observed to contain matching code patterns and/or to be performing that set of activities, then the scanner infers that the file is infected. The most advanced part of behavior-based heuristic scanning is that it can work against highly randomized polymorphic viruses, which simpler string scanning-only approaches cannot reliably detect. Heuristic scanning has the potential to detect many future viruses without requiring the virus to be detected somewhere, submitted to the virus scanner developer, analyzed, and a detection update for the scanner provided to the scanner's users.

ISTM that the AV software detected suspicious behaviour rather than actual malware.

In this particular case there were several red flags.

1/ A file that purports to be a GIF is served up as HTML.
2/ This HTML file contains encrypted code that redirects your browser to another site.
3/ This other site purports to be an ad server.
4/ The name of this ad server translates to "js.big_bum.info" in Slavic. Enough said ...
5/ Most serious malware is produced by organised crime syndicates in Russia and the Eastern Bloc.

dorian · Guru

Nothing is wrong here, but I've just watched a thread in another forum where a user's site was hacked by some "redirection" malware. His site used Wordpress. The Grey Nomads home page also uses Wordpress. Our web site's current version is 6.8.5. The most recent version appears to be 7.0, which was released on May 20, 2026.

https://en.wikipedia.org/wiki/WordPress#Release_history

This article explains the vulnerability:

https://wppioneer.com/beginners-guide/fix-wordpress-redirect-hack/

I reiterate that there is currently no problem at our site. I was just curious whether we were affected by the same exploit all those years ago.

-- Edited by dorian on Thursday 28th of May 2026 10:00:32 AM

rmoor · Guru

Only one with advanced I.T. skills as yourself is likely to know that one would think.

On a different note, I have one email address that when I established it around 30 years ago I didn't know would be so attractive to hackers these days.
I often find someone has been trying to hack into one of my email addresses.
So I know have a 27 long character password linked to some advice my computer man gave me.

The first three quarters of it is a phrase with a mild Aussie swear word in it that an overseas hacker or A.I. would find difficult to recognise.
Was frustrated this morning as my password was again locked out which happens once or twice a week.

Then I have to get a code sent to my phone after doing some Bl**dy puzzles for a robot.
This morning they had stupid shadow puzzles and I kept failing them.

Drives ya crazy this new world of technology!!!!!

Are We Lost · Guru

rmoor wrote:
So I know have a 27 long character password linked to some advice my computer man gave me.

You should find a different computer man.

Let's look at what happens when you create a password on registering to a site. Start with a simple password like "123". The site has an algorithm that generates a "salt" that is unique to you and your session .... perhaps an encryption of the instant you pressed Enter. That salt is typically 16 bytes long (long enough to be unique in the world). It is saved as part of your registration information (probably recreated if you change your password).

Next, another algorithm combines your entered password with the salt, and using another algorithm generates a hash, typically 64 characters. That is then unique for you and almost impossible to decrypt. When you log on next time, the system adds the saved salt to what you typed, then encrypts that to generate a hash. If the new hash matches the saved one, you are in .... unless they go the next step and give you a puzzle to solve or send SMS, etc.

A hacker can not tell from the hash if you have used a simple 123 password or 27 characters of gibberish.

So first they try the obvious .....123, password, (your name, DOB, etc) or any other personal info in their hacker's database (dog's name, mothers maiden name) etc. They would have software designed for the purpose and it would know commonly used combinations of words digits and special characters. Those are the simple ones they hope you have. If those tries are unsuccesful, then it needs brute force to try every possible unkown combination.

Unless they think you have significant funds or secrets worth having a bank of computers banging away at it for possibly years, they will give up. AI tells me it would take an average of 30 years with a single PC to crack an 8 character password by brute force. Of course, computers get faster, but by then, no doubt you would have changed your password.

So 27 characters is like having 27 locks on your front door. A thief would probably break a window.