Please Scroll Down to See Forums Below
napsgear
genezapharmateuticals
domestic-supply
puritysourcelabs
UGL OZ
UGFREAK
napsgeargenezapharmateuticals domestic-supplypuritysourcelabsUGL OZUGFREAK

OK, WTF is up with this??? EF trying to hack into my computer and sending a virus???

Status
Not open for further replies.
I

IvanOffelitch

Well-known member
This is the 2nd time today this has happened...first I get the following prompt from Norton:

Time: 1:10 p.m.
Date: 8/14/2005
Intrusion: ICC Profile TagData Overflow
Intruder: www.elitefitness.com (69.90.197.215)
Risk Level: High
Protocol: TCP
Attacked IP: local host
Attacked Port: 1374

IMMEDIATELY after this happens, I get a NAV warning that my system was infected with Bloodhound.Exploit.38

Someone??

Anyone???

Powdered Toast Man???

Digger???

Help???

Whiskey
Tango
Foxtrot :confused:
 
Last edited:
Blue fox to Gray squirel........ :Chef: :tuc:
 
Re: OK, WTF is up with this??? EF trying to hack into my computer and sending a virus

dont ever use your serfing PC for real stuff

just use it for porn and petty emails like me :)
 
Re: OK, WTF is up with this??? EF trying to hack into my computer and sending a virus

OMEGA said:
dont ever use your serfing PC for real stuff

just use it for porn and petty emails like me :)
Click to expand...
I only have one PC.

I don't surf porn.

I seldom get email.
 
Re: OK, WTF is up with this??? EF trying to hack into my computer and sending a virus

OMEGA said:
oh man your missing out

:)
Click to expand...
Brother, chances are I've already done it (but nothing including another dood), so why do I want to watch someone else do it?

I screwed myself silly when I was younger, have no desires for it now.

I have higher priorities in life these days.
 
Re: OK, WTF is up with this??? EF trying to hack into my computer and sending a virus

IvanOffelitch said:
This is the 2nd time today this has happened...first I get the following prompt from Norton:

Time: 1:10 p.m.
Date: 8/31/2005
Intrusion: ICC Profile TagData Overflow
Intruder: www.elitefitness.com (69.90.197.215)
Risk Level: High
Protocol: TCP
Attacked IP: local host
Attacked Port: 1374

IMMEDIATELY after this happens, I get a NAV warning that my system was infected with Bloodhound.Exploit.38

Someone??

Anyone???

Powdered Toast Man???

Digger???

Help???

Whiskey
Tango
Foxtrot :confused:
Click to expand...
Are you predicting an attack from the future?
 
Re: OK, WTF is up with this??? EF trying to hack into my computer and sending a virus

bran987 said:
Are you predicting an attack from the future?
Click to expand...
Typo on my part...I tried to copy/paste the info from the Norton prompt, but I couldn't, so I had to write it down instead.

Got in a hurry to type, that's all.
 
and no elite is not the problem, someone is hitting your IP with Bloodhound.Exploit.38, looking for a open port
 
Eh, you got lucky, I had a pic of a hamster come up on mine that was drinking a glass of milk and smoking a maple lead that said, "I am stealing all of your personal info."

Whiskey
 
What thread, Ivan? Can you track back and maybe find the post?
 
Mr.X said:
and no elite is not the problem, someone is hitting your IP with Bloodhound.Exploit.38, looking for a open port
Click to expand...
I got the same message twice, 'cept it wasn't on this thread.
 
Re: OK, WTF is up with this??? EF trying to hack into my computer and sending a virus

Executive summary:
An image somewhere was carefully miscoded so that Internet Explorer sees it, its beady eyes roll back into its head, it falls flat on its back and spreads its legs.

The usual, in other words.

Sordid Details (caution, may contain big words):
The "ICC" is an international standards group that defined the color space you can use in a graphic. The implementation got borked up and allows the bad guys to create an invalid graphic that will overflow the space set aside for the table and run code in it. Once that happens, All Your Base Are Belong To [whoever].

Not EF, but could be a member who got infected.

I don't see anything out of the ordinary in that thread, but I'll check it again with a brain-damaged (in other words, Windows) machine.

In the meantime, Get Firefox.
 
Re: OK, WTF is up with this??? EF trying to hack into my computer and sending a virus

digger said:
I don't see anything out of the ordinary in that thread, but I'll check it again with a brain-damaged (in other words, Windows) machine.

In the meantime, Get Firefox.
Click to expand...

Or make sure your Windows box is up to date with serurity updates. And run a software firewall like ZoneAlarm. Doesn't hurt to be behind a hardware firewall, like the ones in most cable/dsl routers, either.
 
Re: OK, WTF is up with this??? EF trying to hack into my computer and sending a virus

digger said:
Executive summary:
An image somewhere was carefully miscoded so that Internet Explorer sees it, its beady eyes roll back into its head, it falls flat on its back and spreads its legs.

The usual, in other words.

Sordid Details (caution, may contain big words):
The "ICC" is an international standards group that defined the color space you can use in a graphic. The implementation got borked up and allows the bad guys to create an invalid graphic that will overflow the space set aside for the table and run code in it. Once that happens, All Your Base Are Belong To [whoever].

Not EF, but could be a member who got infected.

I don't see anything out of the ordinary in that thread, but I'll check it again with a brain-damaged (in other words, Windows) machine.

In the meantime, Get Firefox.
Click to expand...
Digger, you rock. Thank you. Sincerely.

At least now I know I wasn't imagining the whole damned thing.
 
I checked that thread and all I'm getting in the way of a warning is "Pintoca's Darwin fish is hosted on a site that doesn't have a compact Privacy Policy." Not even a nibble. If you see it again, hit me with a PM and please accept my apologies for the annoyance.
 
digger said:
I checked that thread and all I'm getting in the way of a warning is "Pintoca's Darwin fish is hosted on a site that doesn't have a compact Privacy Policy." Not even a nibble. If you see it again, hit me with a PM and please accept my apologies for the annoyance.
Click to expand...
Dood...no need to apologize...for anything.

Was wondering, since the issue seems to have disappeared...could someone have came in shortly after I got hit and cleaned up the dirty code before you had a chance to flush it out?

Weird chit.
 
great to see good bros helping out other good bros in this thread
 
IvanOffelitch said:
This is the 2nd time today this has happened...first I get the following prompt from Norton:

Time: 1:10 p.m.
Date: 8/14/2005
Intrusion: ICC Profile TagData Overflow
Intruder: www.elitefitness.com (69.90.197.215)
Risk Level: High
Protocol: TCP
Attacked IP: local host
Attacked Port: 1374

IMMEDIATELY after this happens, I get a NAV warning that my system was infected with Bloodhound.Exploit.38

Someone??

Anyone???

Powdered Toast Man???

Digger???

Help???

Whiskey
Tango
Foxtrot :confused:
Click to expand...


Here's what I read about this. If it happens again, please post the address of the page you were looking at when it happend.

Microsoft Windows color management module ICC profile buffer overflow vulnerability

Description:
Microsoft Windows is prone to a buffer overflow vulnerability in the Color Management Module. The issue is due to a boundary condition error related to the parsing of ICC (International Color Consortium) Profile tags in various supported image and document formats.

ICC Profile data may possibly be embedded in various file formats, including JPEG, GIF, EXIF, TIFF, PNG, PICT, PDF, PostScript, SVG, JDF, and CSS3. Some of these formats may not provide an attack vector, especially if Microsoft does not provide native support or does not call the vulnerable functionality when handling certain formats.

Successful exploitation may result in execution of arbitrary code in the context of the currently logged in user. This vulnerability could be exploited through a Web site that hosts a malicious document, by previewing or opening malicious content in email, or through other means that will allow an attacker to send the victim a malicious document.

There is also a risk that other Microsoft or third-party applications that rely on the affected functionality may be vulnerable. A number of third-party applications may ship with vulnerable libraries, so may remain vulnerable despite having applied the Microsoft patch.

Remediation:
Microsoft has released patches to address this vulnerability in supported platforms.

Referring URL: http://www.securityfocus.com/bid/14214/info
 
Status
Not open for further replies.

Similar threads

L
Security Document Please Read
Replies
51
Views
7K
SoreArms
SoreArms
L
Security Document Please Read
Replies
26
Views
5K
kbrkbr
K
Top Bottom