Website hackings

[earlvilleout]

Vana'diel Atlas has been hacked. Sounds like some password stealing stuff so watch out.

[Vandoura]

Can someone able to verify it?

[johnno25]

FFXI atlas has had a trojan attached to it for about 6 weeks now iirc, whenever I tried to look up NM information on it my AV program would block it. I assumed it was common knowledge since it's been on there so long.


And yes, I can confirm it's down, I can't even have the main page up without getting a virus warning.

Find some other site for maps if you can (Wiki has some)

[Zerayla]

Any suggestions for what a person should do if they visited FFXI Atlas in the last week? I haven't logged in or anything, but I have used the site to help get through some promy runs i've done.

I currently use Avast Home Edition (free version) and I did run it earlier this week as well, but didn't have anything come up as far as viruses go.

[JP]

Yeah I expected my PC to block the site if there was a trojan on it. I just did a scan and nada. And I went to Atlas sometime this week.

[Vandoura]

Any suggestions for what a person should do if they visited FFXI Atlas in the last week? I haven't logged in or anything, but I have used the site to help get through some promy runs i've done.

I currently use Avast Home Edition (free version) and I did run it earlier this week as well, but didn't have anything come up as far as viruses go.

Not all AV can detect all viruses. Some will find it, some will don't. If you ever use those virus scanner site (like virus.org that scan individual files for you using like 15 AV software) some file will detected as virus some will don't, some will falsely detected as virus. Only way to know you're protected is to know the software is able to detect 98-100% of the virus known. You can get those result from those website that independencely test AV software


Remember, if you able to detect 75% of 10,000 (for example) known virus.. that mean 2,500 known virus wasn't detected (25% if them).

[Pascal]

Can someone able to verify it?

Google has flagged it.
http://www.stopbadware.org/reports/c...fxi-atlas.com/

[earlvilleout]

Vanadiel beastiary is down now too =/

[johnno25]

Avast is the program i use, and it is the one to tell me that FFXI atlas has trojans on it.

Firefox is the web browser i use, and it has plugins and settings that block known bad sites. IE as far as i'm concerned does a spectacular job of not keeping up with anything and taking forever to introduce counter measures to anything.

If your concerned about your PC, i recommend disconnecting from your internet, and run a complete virus scan. Once that is done, run a spyware scan and delete anything it finds.


And stay the hell away from FFXI atlas

[Pascal]

I can confirm it is there. The exploit is using JScript to launch a malformed PDF (fu.pdf) to cause a buffer overrun and attempts to do this several different ways. The call to the script (us.js) is in the latest entries on "Latest Major Updates". Assume the date is correct on the entry the site was infected on 6/23/2009. No way to know for sure.

The script is loaded from 110.165.41.103. I would block this IP in your firewall if it is capable of it. The IP is assigned to Honk Kong and has been used to host malware before.

Afraid I've not tested the PDF yet, so I do not know what happens if the exploits runs. If I have time at work tomarrow, I'll check it out.

[Samukami]

Tis a shame. Are the owners able to do anything about it?
Hacking a website, would it remove the ability to actually change your site again? Not quite sure how it works.

[JP]

They can but it seems they rarely update the site so it may be there for a while. It's kinda like somepage, it was never updated so it was always full of viruses.