Windower DL Page Flagged With Viruses

Eorzea Time
 
 
 
言語: JP EN FR DE
日本語版のFFXIVPRO利用したい場合は、上記の"JP"を設定して、又はjp.ffxivpro.comを直接に利用してもいいです
users online
フォーラム » Windower » Support » Windower DL page flagged with viruses
Windower DL page flagged with viruses
First Page 2
 Asura.Rokyo
Offline
サーバ: Asura
Game: FFXI
user: Bedmaker
Posts: 53
By Asura.Rokyo 2012-11-08 19:12:12  
i just tried DLing windower from offical site and Kaspersky flagged it with 3 trojan exploits.thats just the page after you click installer before actual dl button.a friend just got it too but not sure which av he uses.
 Siren.Kalilla
VIP
Offline
サーバ: Siren
Game: FFXI
user: Kalila
Posts: 14552
By Siren.Kalilla 2012-11-08 19:14:33  
I'll check as well
 Siren.Kalilla
VIP
Offline
サーバ: Siren
Game: FFXI
user: Kalila
Posts: 14552
By Siren.Kalilla 2012-11-08 19:15:33  
wow, I got it right when I went to the windower site.
 Asura.Rokyo
Offline
サーバ: Asura
Game: FFXI
user: Bedmaker
Posts: 53
By Asura.Rokyo 2012-11-08 19:17:14  
so its not just me and him it seems
 Asura.Escorian
Offline
サーバ: Asura
Game: FFXI
user: Escorian
Posts: 636
By Asura.Escorian 2012-11-08 19:17:23  
nope not me went to the windower site with no message.
 Carbuncle.Titian
Offline
サーバ: Carbuncle
Game: FFXI
Posts: 10
By Carbuncle.Titian 2012-11-08 19:18:14  
same, i didnt get message.
 Bahamut.Serj
Offline
サーバ: Bahamut
Game: FFXI
user: Serj
Posts: 6179
By Bahamut.Serj 2012-11-08 19:18:43  
I didn't get anything.
 Ragnarok.Sekundes
Offline
サーバ: Ragnarok
Game: FFXI
user: Sekundes
Posts: 4189
By Ragnarok.Sekundes 2012-11-08 19:18:51  
Might be embedded in an ad?
 Asura.Rokyo
Offline
サーバ: Asura
Game: FFXI
user: Bedmaker
Posts: 53
By Asura.Rokyo 2012-11-08 19:19:40  
i got hit 3 times with java exploit but av stopped as soon as they tried dling.
 Siren.Kalilla
VIP
Offline
サーバ: Siren
Game: FFXI
user: Kalila
Posts: 14552
By Siren.Kalilla 2012-11-08 19:20:28  
I've been there recently with no message, why would I just get it now?
 Asura.Rokyo
Offline
サーバ: Asura
Game: FFXI
user: Bedmaker
Posts: 53
By Asura.Rokyo 2012-11-08 19:31:24  
yea keeps flagging same java exploit so idk
 Bahamut.Bekisa
Offline
サーバ: Bahamut
Game: FFXI
Posts: 596
By Bahamut.Bekisa 2012-11-08 19:45:18  
Mind copy/pasting the specifics of this notification? You should be able to find it under Kaspersky's logs. I can check our databases and see if this is just a false positive, a small instance, or something a little more widespread. Normally ad based malware targets the entire community of that subject (i.e. FFXI or MMO's in this case) and it should be showing up more than just here if it's an ad based attack.

Java exploits are so vague too, it's hard to tell which one it is without more info.

I'm not seeing anything now but likely if it was an ad based attack, the owner of those ads has already been told and taken it off line. Checked their site with 3 different browsers running in 3 different VM's just now.
 Asura.Rokyo
Offline
サーバ: Asura
Game: FFXI
user: Bedmaker
Posts: 53
By Asura.Rokyo 2012-11-08 19:47:41  
gshavcpmpcjamtapg.class Detected: Exploit.Java.CVE-2012-1723.jo 11/8/2012 7:00:47 PM
was what kaspersky flagged for me 6 times same one
VIP
Offline
Posts: 107
By aureus 2012-11-08 19:51:41  
Google webmaster tools is claiming no malware detected.

Not sure what is flagging it, but it seems clean to me.
 Siren.Kalilla
VIP
Offline
サーバ: Siren
Game: FFXI
user: Kalila
Posts: 14552
By Siren.Kalilla 2012-11-08 19:54:29  
I don't doubt it is clean, it just seems weird that I'm just now getting the message when I was on it earlier w/o a problem.

I've added the website to my whitelist, I just think it's strange is all.
 Bahamut.Bekisa
Offline
サーバ: Bahamut
Game: FFXI
Posts: 596
By Bahamut.Bekisa 2012-11-08 19:56:14  
2012-1723 was the massive "Blackhole" exploit last summer that caused people to think their Java was compromised, or needed an update. It basically gives you a popup very similar to Java's runtime update notification, and installs their tools when you think you are updating Java.

Another name for that virus is Java/Dldr.Lamar.BD

Update your Java to the latest version as it's been patched a few months ago. Chances are you are already patched against it and your AV is just giving you a notification they tried to push the attack on you.

Only update your Java software from the official source, and not from mirrors or sites like CNET. Fake versions get put there all the time.

http://java.com/en/download/index.jsp
 Siren.Kalilla
VIP
Offline
サーバ: Siren
Game: FFXI
user: Kalila
Posts: 14552
By Siren.Kalilla 2012-11-08 19:58:07  
Yea, I have to have it up to date anyways.
 Asura.Rokyo
Offline
サーバ: Asura
Game: FFXI
user: Bedmaker
Posts: 53
By Asura.Rokyo 2012-11-08 20:00:44  
mines updated too
 Bahamut.Bekisa
Offline
サーバ: Bahamut
Game: FFXI
Posts: 596
By Bahamut.Bekisa 2012-11-08 20:07:04  
here's the info for it from our guys here at work from last August:
https://isc.sans.edu/diary.html?storyid=13984

It's been patched. Those who are updated are fine :)

... I just got made fun of for playing FFXI by guys who play WOW too -.-
 Asura.Rokyo
Offline
サーバ: Asura
Game: FFXI
user: Bedmaker
Posts: 53
By Asura.Rokyo 2012-11-08 20:13:41  
well kaspersky did this gshavcpmpcjamtapg.class Detected: Exploit.Java.CVE-2012-1723.jo 11/8/2012 7:00:45 PM
then gshavcpmpcjamtapg.class Denied: Exploit.Java.CVE-2012-1723.jo 11/8/2012 7:00:45 PM
so i know im good cause they blocked it before it could make to pc but was mainly warning people incase was widespread. edited cause copied second attempt but first denied
[+]
 Fenrir.Moldtech
Offline
サーバ: Fenrir
Game: FFXI
user: Moldtech
Posts: 574
By Fenrir.Moldtech 2012-11-08 20:24:58  
Norton caught it as well:

 Fenrir.Schutz
Offline
サーバ: Fenrir
Game: FFXI
user: Schutz
Posts: 3122
By Fenrir.Schutz 2012-11-08 20:34:42  
Malicious Cookie ;_;

[+]
Offline
Posts: 42635
By Jetackuu 2012-11-08 20:43:55  
Norton sucks anyway.
Offline
Posts: 42635
By Jetackuu 2012-11-08 20:48:44  
and didn't get anything with MSE but I do have noscript and adblock running (but have windower.net allowed on noscript).
 Asura.Rokyo
Offline
サーバ: Asura
Game: FFXI
user: Bedmaker
Posts: 53
By Asura.Rokyo 2012-11-08 21:58:40  
so is it safe to dl windower or wait til this stops?
 Bahamut.Bekisa
Offline
サーバ: Bahamut
Game: FFXI
Posts: 596
By Bahamut.Bekisa 2012-11-08 22:12:29  
Actually it looks like the Windower website if offline right now. It just popped up to be blocked by Google's Ad Services because it may contain malicious ads from postsalelarge.ru

Guessing one of the windower guys saw this, or their own warnings and is taking action against it now.
 Asura.Rokyo
Offline
サーバ: Asura
Game: FFXI
user: Bedmaker
Posts: 53
By Asura.Rokyo 2012-11-08 22:34:34  
oh ok well thats nice
 Asura.Rokyo
Offline
サーバ: Asura
Game: FFXI
user: Bedmaker
Posts: 53
By Asura.Rokyo 2012-11-08 22:46:29  
guess i wont be dling it anytime soon lol
 Fenrir.Scragg
Administrator
Offline
サーバ: Fenrir
Game: FFXI
user: Scragg
Posts: 2579
By Fenrir.Scragg 2012-11-08 23:00:18  
I really doubt the Windower installer is affected but in any you case you can check the md5 checksum of the file to verify. I downloaded and installed it a couple days ago. Mine is 5845c8223fd2f8da8ef7afc374e0723d for Windower-3.431.exe.

Looks like the admins shut down read access to the forums until they figure out the issue.
[+]
 Lakshmi.Ashido
Offline
サーバ: Lakshmi
Game: FFXI
user: Ashido
Posts: 175
By Lakshmi.Ashido 2012-11-08 23:12:53  
I blame Sandy.
First Page 2