How come there is a Trojan horse downloader embedded in this site?

http://safeweb.norton.com/report/show?url=http:%2F%2Fwww.fairfaxunderground.com%2Fforum%2Fread%2F2%2F182955.html

edit by Cary: Account password compromised, disabled by administrator.

har har. -_-


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."

Watch out Spunky...DANGER...DANGER!!!!!!

http://safeweb.norton.com/report/show?url=fairfaxunderground.com

Im sure your statement is true....probably what Grupis has planned for me next.

So why don't you leave or stop being a knob gobbler? It's a really simple choice.

--------------------------------------------------------------
13 4826 0948 82695 25847. Yes.

i looked into it and the image used to propagate the trojan was likely posted without any intended malice, likely picked up from another forum/google images. anyway, it seemed fine to me but then i cracked it open with a hex editor and saw the trojan downloader appended at the end that likely exploits some parsing error in IE (6?). anyway, it creates an invisible (1px by 1px) iframe which downloads something from http://www.ciudad.com.ar/ar/popunder/p_submit.asp?site=personales.ciudada.com.ar which is now a 404. so there is no longer a threat of any kind. it appears the image was uploaded in january of this year.

attached is a cleaned version of the image.


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."



Edited 1 time(s). Last edit at 05/14/2009 02:50PM by Gravis.
Attachments:

s



Edited 1 time(s). Last edit at 06/01/2010 02:18PM by inkahootz.

tro-jan is safe. it is like having sex with a hiv hooker. safe as tuna. speaking of tuna, i love tuna on WHITE bread. I even like yeast.