Chris NottBadger5
Results 1 to 6 of 6
  1. #1
    slydog18's Avatar
    1st Gear

    Status
    Offline
    Join Date
    Jul 2011
    Location
    Luton, U.K.
    Posts
    139

    Exclamation Malware blocked when accessing ASN!!??

    When I have accessed ASN tonight Avast has popped up with a Malware block as if ASN is running a virus. Just thought I would let you know. It seemd to be a .jp website/link blocked but cant find log at the mo.

    EDIT: This is the URL apparently http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
    N88 GGY
    2002 Noggy Blue S3
    With Beige Alcantara and Black Leather
    18 x 8.5 Mercedes Eltanin Alloys, 225/40 18 Tyres, 20 front and 25mm rear PCD Adapters,AP Coilovers,
    Revo Stage 2 Map, Relentless V3 Manifold, 3" Downpipe, Custom Decat, QST Milltek Catback Exhaust, 80mm R-Tech/SFS TIP,
    S2000 Air Filter, Forge FMIC, Forge 008p DV, N249 Delete, Competition Clutches 6 Paddle Clutch with Single Mass Flywheel,

    Gti International 2013:- 1/4 mile - 13.52s

  2. # ADS
    ADS
    Join Date
    Always
    Location
    Global
    Posts
    Many
     
  3. #2
    FactionOne's Avatar
    Administrator

    Status
    Offline
    Join Date
    May 2004
    Location
    Preston
    Posts
    3,059
    Thanks for the info - that type of thing is sometimes seen in header injections - I'll look into it...

    Rob
    The truth they're trying to keep from you is that IPv6 has nothing to do with address space; we're actually running out of full stops.

  4. #3
    Reverse Gear

    Status
    Offline
    Join Date
    Jan 2013
    Posts
    3
    Quote Originally Posted by slydog18 View Post
    When I have accessed ASN tonight Avast has popped up with a Malware block as if ASN is running a virus. Just thought I would let you know. It seemd to be a .jp website/link blocked but cant find log at the mo.

    EDIT: This is the URL apparently http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
    I actually noticed Avast saying it blocked this exact URL on 2 different, unrelated sites in the past 15 minutes, and so Googling it naturally brought me here. I just thought you should know that this may be a more widespread problem than specific to ASN, so make sure you check other JS libraries/etc that are used.

  5. #4
    Reverse Gear

    Status
    Offline
    Join Date
    Jan 2013
    Posts
    3
    Further info: it seems to be an XSS injection into the SnapWidget JS. I'd suggest removing the snapwidget code until they fix it on their end.

  6. #5
    FactionOne's Avatar
    Administrator

    Status
    Offline
    Join Date
    May 2004
    Location
    Preston
    Posts
    3,059
    Wow, it's a knight of the road who registers to pass on a heads-up, thanks very much.

    We're checking through stuff now, but a you say, if a library has been compromised it might be that a resolve is as much dependent on others as it is us...

    We'll keep you all posted as the situation develops...

    Thanks again,

    Rob.

    PS> If anyone sees any further symptoms, please advise here.

    EDIT: I was typing as you replied... Again, thanks for the heads-up, I'll pull it now - we'd be grateful if anyone still finding warnings could advise...
    The truth they're trying to keep from you is that IPv6 has nothing to do with address space; we're actually running out of full stops.

  7. #6
    Reverse Gear

    Status
    Offline
    Join Date
    Jan 2013
    Posts
    3
    No problem, glad I could help. A security hole this big is too serious to not spread the word.

    I've emailed the snapwidget support team, so let's see what they do / how long it takes to fix it.


    UPDATE:
    I've done some more investigation and it may be that this is just an Avast false positive. (See: https://www.vbulletin.com/forum/show...-42-eum-rum-js and http://forum.avast.com/index.php?topic=112266.0).
    Last edited by nasaboy007; 3rd January 2013 at 19:51.

 

 

Similar Threads

  1. [Return] key doesn't work when posting on ASN
    By Alex C in forum Forum Support
    Replies: 11
    Last Post: 16th February 2013, 23:41
  2. How do i stop emails from ASN when someone puts up a classfied add
    By rasA4 in forum Site Support & Announcements
    Replies: 4
    Last Post: 22nd November 2010, 16:38
  3. Strange Noise when reversing
    By Nimo in forum A3/S3 Forum (8L Chassis)
    Replies: 5
    Last Post: 26th December 2009, 18:40
  4. Seating position when driving fast. Turnfast web
    By rodfj in forum A3/S3 Forum (8L Chassis)
    Replies: 20
    Last Post: 4th August 2009, 19:02
  5. Garage using your audi when its in for a service??
    By Chimera in forum A3/S3 Forum (8L Chassis)
    Replies: 2
    Last Post: 26th January 2003, 09:34

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Single Sign On provided by vBSSO

Garage Plus, Vendor Tools vBulletin Plugins by Drive Thru Online, Inc.

Content Relevant URLs by vBSEO