1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware blocked when accessing ASN!!??

Discussion in 'Forum Support' started by slydog18, Jan 3, 2013.

  1. slydog18
    Offline

    slydog18 Member

    Joined:
    Jul 10, 2011
    Messages:
    139
    Likes Received:
    2
    [Jan 3, 2013]
    When I have accessed ASN tonight Avast has popped up with a Malware block as if ASN is running a virus. Just thought I would let you know. It seemd to be a .jp website/link blocked but cant find log at the mo.

    EDIT: This is the URL apparently http://d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js
  2. Ads

    Ads

    [Sep 30, 2014]

  3. FactionOne
    Offline

    FactionOne Administrator Staff Member Administrator

    Joined:
    May 23, 2004
    Messages:
    3,238
    Likes Received:
    129
    [Jan 3, 2013]
    Thanks for the info - that type of thing is sometimes seen in header injections - I'll look into it...

    Rob
  4. nasaboy007
    Offline

    nasaboy007 New Member

    Joined:
    Jan 3, 2013
    Messages:
    3
    Likes Received:
    0
    [Jan 3, 2013]
    I actually noticed Avast saying it blocked this exact URL on 2 different, unrelated sites in the past 15 minutes, and so Googling it naturally brought me here. I just thought you should know that this may be a more widespread problem than specific to ASN, so make sure you check other JS libraries/etc that are used.
  5. nasaboy007
    Offline

    nasaboy007 New Member

    Joined:
    Jan 3, 2013
    Messages:
    3
    Likes Received:
    0
    [Jan 3, 2013]
    Further info: it seems to be an XSS injection into the SnapWidget JS. I'd suggest removing the snapwidget code until they fix it on their end.
  6. FactionOne
    Offline

    FactionOne Administrator Staff Member Administrator

    Joined:
    May 23, 2004
    Messages:
    3,238
    Likes Received:
    129
    [Jan 3, 2013]
    Wow, it's a knight of the road who registers to pass on a heads-up, thanks very much.

    We're checking through stuff now, but a you say, if a library has been compromised it might be that a resolve is as much dependent on others as it is us...

    We'll keep you all posted as the situation develops...

    Thanks again,

    Rob.

    PS> If anyone sees any further symptoms, please advise here.

    EDIT: I was typing as you replied... Again, thanks for the heads-up, I'll pull it now - we'd be grateful if anyone still finding warnings could advise...
  7. nasaboy007
    Offline

    nasaboy007 New Member

    Joined:
    Jan 3, 2013
    Messages:
    3
    Likes Received:
    0
    [Jan 3, 2013]
    Last edited: Jan 3, 2013

Share This Page