• Steel Soldiers now has a few new forums, read more about it at: New Munitions Forums!

  • Microsoft MSN, Live, Hotmail, Outlook email users may not be receiving emails. We are working to resolve this issue. Please add support@steelsoldiers.com to your trusted contacts.

Kaspersky flagging SS .js files for phishing URL

sfsearchlights

New member
10
0
0
Location
San Francisco, CA
Kaspersky flags these objects - are the .js files hacked to point to a phishing site or is the phishing database triggering on all of SS?vbulletin_attachment.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_attachment.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:40 AM http://www.steelsoldiers.com/clientscript/ vbulletin_textedit.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_textedit.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:40 AM http://www.steelsoldiers.com/clientscript/ vbulletin_lightbox.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_lightbox.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:39 AM http://www.steelsoldiers.com/clientscript/ vbulletin-editor.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-editor.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:39 AM http://www.steelsoldiers.com/clientscript/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:39 AM http://www.steelsoldiers.com/clientscript/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:39 AM http://www.steelsoldiers.com/clientscript/yui/connection/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:39 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ animation-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/animation/animation-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:26 AM http://www.steelsoldiers.com/clientscript/yui/animation/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:25 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:25 AM http://www.steelsoldiers.com/clientscript/yui/connection/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:25 AM http://www.steelsoldiers.com/clientscript/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:25 AM http://www.steelsoldiers.com/clientscript/ animation-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/animation/animation-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:05 AM http://www.steelsoldiers.com/clientscript/yui/animation/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:04 AM http://www.steelsoldiers.com/clientscript/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:04 AM http://www.steelsoldiers.com/clientscript/yui/connection/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:04 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:18:04 AM http://www.steelsoldiers.com/clientscript/ animation-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/animation/animation-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:06 AM http://www.steelsoldiers.com/clientscript/yui/animation/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:06 AM http://www.steelsoldiers.com/clientscript/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:06 AM http://www.steelsoldiers.com/clientscript/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:06 AM http://www.steelsoldiers.com/clientscript/yui/connection/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:06 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:03 AM http://www.steelsoldiers.com/clientscript/yui/connection/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:03 AM http://www.steelsoldiers.com/clientscript/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:03 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:17:03 AM http://www.steelsoldiers.com/clientscript/ yuiloader-dom-event.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:16:59 AM http://www.steelsoldiers.com/clientscript/yui/yuiloader-dom-event/ connection-min.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/yui/connection/connection-min.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:16:59 AM http://www.steelsoldiers.com/clientscript/yui/connection/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:16:59 AM http://www.steelsoldiers.com/clientscript/ vbulletin_md5.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_md5.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:10:16 AM http://www.steelsoldiers.com/clientscript/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:10:16 AM http://www.steelsoldiers.com/clientscript/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:10:16 AM http://www.steelsoldiers.com/clientscript/ vbulletin_md5.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_md5.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:09:57 AM http://www.steelsoldiers.com/clientscript/ vbulletin_read_marker.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin_read_marker.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:09:56 AM http://www.steelsoldiers.com/clientscript/ vbulletin-core.js?v=421 Blocked: http://www.steelsoldiers.com/clientscript/vbulletin-core.js?v=421 (analysis using the database of phishing URLs) 1/4/2014 11:09:56 AM http://www.steelsoldiers.com/clientscript/
 

patracy

Administrator
Staff member
Administrator
14,639
4,817
113
Location
Buchanan, GA
There was an exploit that happened yesterday morning at ~3:40am. Google had flagged it, but apparently they've cleared it. I didn't know about the kaspersky alert. I found their website and outlined the events/steps taken.

For what it's worth, the index.html file that was loaded as well as those folders have been removed. A scan on the clientscript folders show no infections, and the dates of the files you listed are of that of the install date. (Where as the exploited files had dates of 1/3/14)
[root@www steelsol]# clamscan --infected --recursive /home/XXXXXX/XXXXXXXXX/clientscript

----------- SCAN SUMMARY -----------
Known viruses: 3055176
Engine version: 0.98
Scanned directories: 201
Scanned files: 623
Infected files: 0
Data scanned: 13.42 MB
Data read: 5.42 MB (ratio 2.48:1)
Time: 13.201 sec (0 m 13 s)
 

DavisM38

New member
31
0
0
Location
Minnesota
My Kaspersky is also flagging the site. I get multiple warnings with each page I go to. Kaspersky is successfully blocking but figured you should know its still happening.
 

patracy

Administrator
Staff member
Administrator
14,639
4,817
113
Location
Buchanan, GA
I haven't heard back from them. Unfortunately I have no control over when they update their databases.
 

patracy

Administrator
Staff member
Administrator
14,639
4,817
113
Location
Buchanan, GA
And just as a sanity check...

clamscan --infected --recursive /home/XXXXX/XXXXXXXX/clientscript

----------- SCAN SUMMARY -----------
Known viruses: 3055176
Engine version: 0.98
Scanned directories: 201
Scanned files: 623
Infected files: 0
Data scanned: 13.42 MB
Data read: 5.42 MB (ratio 2.48:1)
Time: 22.335 sec (0 m 22 s)
 

Al Harvey

Active member
1,152
19
38
Location
Dover, TN
If you go into the setting on Kaspersky you can add steelsoldiers as a trusted site and it won't cause all the flags as it opens. At least until they are willing to accept us as we are. lol
 

patracy

Administrator
Staff member
Administrator
14,639
4,817
113
Location
Buchanan, GA
Still flagging the Steel Soldiers site as of 10 Jan. Oddly enough, this is the only site I get that reaction from Kaspersky when I attempt to read the content.
Perhaps if everyone would start opening cases/emailing/reporting the links as errors, Kaspersky would update their database.
 
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features of our website like our supporting vendors. Their ads help keep Steel Soldiers going. Please consider disabling your ad blockers for the site. Thanks!

I've Disabled AdBlock
No Thanks