HomeFairfax General ForumArrest/Ticket SearchWiki newPictures/VideosChatArticlesLinksAbout
Fairfax County General :  Fairfax Underground fairfax underground logo
Welcome to Fairfax Underground, a project site designed to improve communication among residents of Fairfax County, VA. Feel free to post anything Northern Virginia residents would find interesting.
Apple FCU website might be trojan infected as of this post
Posted by: Olde Farte, II ()
Date: August 28, 2012 02:06PM

Just attempted to access my accounts at Apple FCU's online site - got an anti-trojan warning right after logging in - JS:Blacole-AV [Trj] was the warning.

I called up support, asked her for "Security", she came back and said "IT" was aware of the issue.

Heads Up to those who use Apple FCU for the time being...

Options: ReplyQuote
Re: Apple FCU website might be trojan infected as of this post
Posted by: Olde Farte, II ()
Date: August 28, 2012 02:29PM

Here's a quick followup - I Googled for the name of the trojan and got a gajillion hits from today - many many sites are showing up on Avast's radar as being "infected". One site in particular - Salesforce.com - is reporting that the problem is a false detection rather than a real infection. The suggested solution was to update the Avast anti-virus software.

After doing that, Apple FCU did not show as being infected when I accessed it again.

So...maybe Apple FCU fixed something or maybe Avast did.

Or maybe my system's now quietly infected.

Have I mentioned a desire to break someone thumbs with a pliers yet?

Options: ReplyQuote
Re: Apple FCU website might be trojan infected as of this post
Posted by: Dr. Venkman ()
Date: August 28, 2012 02:33PM

I use Apple FCU website through Chrome and AVG 2012 (not the free version) and haven't had any issues today.

Options: ReplyQuote
Re: Apple FCU website might be trojan infected as of this post
Posted by: Whaddup Wit that ()
Date: August 28, 2012 03:17PM

did you do a view-source and look for any bad/malicous Javascript? If so it was probably vulnerable to a sql injection attack.

Options: ReplyQuote
Re: Apple FCU website might be trojan infected as of this post
Posted by: Olde Farte, II ()
Date: August 28, 2012 03:26PM

Whaddup Wit that Wrote:
-------------------------------------------------------
> did you do a view-source and look for any
> bad/malicous Javascript? If so it was probably
> vulnerable to a sql injection attack.


Though it probably was a false alarm (due to so many other sites getting simultaneously hit) the particular javascript that set it off was "sdp-en-compressed.js" which, without actually knowing but making an educated guess, is probably used Web-wide as an off-the-shelf script for session stuff.

Options: ReplyQuote
Re: Apple FCU website might be trojan infected as of this post
Posted by: flight risk ()
Date: August 28, 2012 03:31PM

There is a 0-day exploit in JAVA, might want to go in your browser settings and disable Java- NOT JAVASCRIPT, JAVA.

http://www.theregister.co.uk/2012/08/27/disable_java_to_block_exploit/

if you disable javascript, 1/2 the internet won't work and it has nothing to do with this attack.

Quote

The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, Atif Mushtaq of security firm FireEye reported on Sunday, while PCs with Java versions 1.6 or earlier installed are not at risk.



Edited 1 time(s). Last edit at 08/28/2012 03:32PM by flight risk.

Options: ReplyQuote
Re: Apple FCU website might be trojan infected as of this post
Posted by: Olde Farte, II ()
Date: August 28, 2012 04:22PM

Though there may be a Java problem "out there", the problem I posted about was one of javascript, not java.

Options: ReplyQuote
Re: Apple FCU website might be trojan infected as of this post
Posted by: flight risk ()
Date: August 28, 2012 04:30PM

Olde Farte, II Wrote:
-------------------------------------------------------
> Though there may be a Java problem "out there",
> the problem I posted about was one of javascript,
> not java.

You are correct! Thanks!

I just wanted to put the Java issue out there too!

Options: ReplyQuote
Re: Apple FCU website might be trojan infected as of this post
Posted by: Whaddup Wit that ()
Date: August 28, 2012 08:00PM

Olde Farte, II Wrote:
-------------------------------------------------------

> Though it probably was a false alarm (due to so
> many other sites getting simultaneously hit) the
> particular javascript that set it off was
> "sdp-en-compressed.js" which, without actually
> knowing but making an educated guess, is probably
> used Web-wide as an off-the-shelf script for
> session stuff.


as long as the .js file resides on an Apple server (or reputable company's host like microsoft/etc) it probably is fine. I've seen all kinds of js includes to .ru and .cn servers. no good!

Options: ReplyQuote
Re: Apple FCU website might be trojan infected as of this post
Posted by: apple sucks ()
Date: August 28, 2012 08:05PM

If you had a real credit union you wouldn't have to worry. AFCU is for teachers and students, the average savings account at AFCU has $1,670 in it.

Options: ReplyQuote
Re: Apple FCU website might be trojan infected as of this post
Posted by: technician ()
Date: August 29, 2012 01:57PM

This issue is resolved by updating to Avast! definition update 120828-2. Update version 120828-2 definition was created and signed by Avast! on 7:55 am PT, August 28, 2012. The Avast! client automatically checks for updates every 4 hours by default, so users connected to the internet should receive this update automatically.

Options: ReplyQuote
Re: Apple FCU website might be trojan infected as of this post
Posted by: hahawhut ()
Date: August 29, 2012 02:07PM

flight risk Wrote:
-------------------------------------------------------
> if you disable javascript, 1/2 the internet won't
> work and it has nothing to do with this attack.

Total lies, what a bunch of horseshit. IF the above were true then a cyberterrorist who wanted to take down the Internet could just fire up his browser and disable javascript. That makes things not work for _you_, the rest of the Internet isn't affected.

Options: ReplyQuote


Your Name: 
Your Email (Optional): 
Subject: 
Attach a file
  • No file can be larger than 75 MB
  • All files together cannot be larger than 300 MB
  • 30 more file(s) can be attached to this message
Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically.
 ********  **     **  ********   *******    *******  
    **     **     **  **    **  **     **  **     ** 
    **     **     **      **    **         **        
    **     **     **     **     ********   ********  
    **     **     **    **      **     **  **     ** 
    **     **     **    **      **     **  **     ** 
    **      *******     **       *******    *******  
This forum powered by Phorum.