“Today as I surf to GSC.com.my - place where most Malaysians make their bookings for cinema tickets, AVG Security Toolbar alerted me of a JS/Downloader.Agent threat coming from 2117966.net!”
All Malaysian’s should take the necessary step not to visit this site at the moment until this problem is fix.
Update: GSC has removed the exploit. You can now surf GSC.com.my without any worries.
We have made a report on our blog not too long ago about 10,000 website injected with malicious iframe - this is the same threat that is affecting GSC’s website. This particular threat takes advantage of the vulnerability in Internet Explorer ActiveX and SANS Internet Storm Center said that as a result of this threat a password-stealer program will be installed on the infected machine.
Further looking at GSC’s html source code, we found related code entries to load a javascript “fuckjp.js” from 2117966.net.
Update: GSC has removed the exploit. You can now surf GSC.com.my without any worries.
How to protect from malicious iframe exploitation?
Yeah, this is one nasty iFrame hack. My webhosting provider got whole server infected and causing big lost of customer.
Hye There! Thanks a lot for the alert. I already alert all my friend. Ermm.. myspace also have been attack with the same method. all using iframe.
Yea, GSC is a very popular website. Someone without a proper protection could get hurt. >.<
I’m currently using AVG version 8.0 which has a security toolbar installed on my web browser. It is based on the LinkScanner technology which was recently acquired by AVG.
Even though I have turn off the security toolbar plugin for Firefox because the plugin was not supported by Firefox 2.0.0.13, AVG managed to block the infected script with its Web Shield.
The exploit has been removed from GSC. Yay!
good news that it has been removed. but damaged has been done. with the promotion of free tickets for gsc in alamanda, i bet many has visited the site and been infected. perhaps a method to check for infection & ways to remove it would be helpful.
How to know if a computer is infected or not?
Because not all anti-virus is gonna be able to detect it.
I guess installing a firewall would help personal data from being stolen.
Firewall could track suspicious programs trying to send data over to the net.
Thx Mr.SafeMode for alerting us
Juz drop by after seeing ur post appear in Lowyat.net .
Huhuhu, anything harm coming soon, pls do alert me ^^
To check for suspicious files installed in your system in the last 30 days, you can use Deckard System Scanner(dss) which is downloadable at
http://www.geekstogo.com/forum/index.php?autocom=downloads&showfile=19
thank god, i’m using a more secured operating system .. =D