Declined Java Exploit

Discussion in 'Suggestions' started by Playingdead, Mar 11, 2013.

  1. Playingdead

    Playingdead Unremarkable User

    Just wanted to post that on 3/11/2013 at 7:30 pm EST a java exploit was run from your TF2 Orange server on my computer. It came from the server and installed malware on the computer. I traced it back to the server.

    Thanks
    Playingdead
     
  2. KillerZebra

    KillerZebra Forum Admin Staff Member Contributor

    Steam:

    how did you trace it??? our servers dont even use java as far as i know
     
  3. Ruelel

    Ruelel Moderator Staff Member Contributor

    Steam:

    could be from the non pinion ads that we now use
     
    • Agree Agree x 2
  4. Just_Something_Here

    Just_Something_Here Gaben's Own Aimbot Contributor

    Steam:

    Java is almost as.. well I wouldn't say "bad", but it's as vulnerable as Flash can be.
     
  5. takethepants

    takethepants Moderator Staff Member Contributor

    Steam:

    If they were on rotation I'm thinking I would see more of something in the chat logs. Could have possibly been taken down real quick. I don't know. I'd be curious to see how traced it back to us. Either way, we would probably want to let the ad network know. Also, if you don't need Java, uninstall it.
     
  6. Sharkey

    Sharkey Forum Admin Staff Member Contributor

    This is what SHOULD happen when you launch java in the MOTD. You'd likely have consented to running it.

    In the future, if you don't need to launch a java application, then don't.

    [​IMG]
     
    • Useful Useful x 1
  7. Playingdead

    Playingdead Unremarkable User

    Yes it tried to get me to install an application. I had this on another server last year with flash. I tracked it from log file, but it did not tell me anymore than where it started. Sorry for the late reply.
     
  8. Questionable Moose

    Questionable Moose Banned

    Steam:

    • Informative Informative x 1
  9. takethepants

    takethepants Moderator Staff Member Contributor

    Steam:

    People wonder why so many stuck with Pinion. So we didn't have to put up with this crap. Unfortunately many sites have been bitten by this bug. Even sites like CNN and NYT and we're not immune either if you use a service that you have no control over.
     
  10. Tyraa Rane

    Tyraa Rane Scarcely Lethal Noob

    I registered just to say I ran across something similar on the US Degroot+ server tonight. Server loaded, I got to the MOTD, and my anti-virus promptly went berserk--I got 6 URL:Mal threats detected. When I loaded into the game my AV stopped popping up warnings, so I figure it has to have been connected to the MOTD/ad.

    Now, it is Avast, which does have a history of false positives with URL:Mal threats, but I figure it's worth mentioning all the same. Especially as you guys seem to have switched ad servers recently. (I haven't played on Degroot+ in a few weeks, but when I was there last you were still using Pinion and I didn't have any difficulties.)

    Managed to snag a couple of the warnings before they disappeared, so here's the relevant URLs:

    i.imgur.com/AwHggeW.png
    i.imgur.com/ev9lgdR.jpg

    As far as I can tell it didn't attempt to download anything or do anything with Java on my PC...possibly because it was immediately blocked by my AV. Hope it helps.
     
  11. Bottiger

    Bottiger Administrator Staff Member

    Steam:

    Those are pictures and can't infect you through Java.

    We've switched to advertising providers that are self-serve, and as a result, a few of those drive-by attempts will always be able to sneak through. Just don't click run.
     
  12. Tyraa Rane

    Tyraa Rane Scarcely Lethal Noob

    Alternatively I could just quit using skial servers altogether, which at the moment seems to me the better solution--rather than supporting an ad provider like that. I'm no fan of Pinion either, but at least it's never attempted a drive-by.
     
    • Dumb Dumb x 2
    • Like Like x 1
  13. Bottiger

    Bottiger Administrator Staff Member

    Steam:

    We're not going to remove ads because of your threat. Drive-bys are a fact of life for advertisers that sell massive amounts of advertising space. You can't check every ad to see if they changed all the time.

    If you feel that we're not providing a better service that you are so bothered by infrequent download ads you can just ignore, then by all means leave.

    Edit

    Since you decided to post this on Reddit. I will be explaining the situation clearly since most of the people won't bother to read everything else.
    • No advertising provider wants malware on their network, people sneak them in, and when the provider finds it, they are removed. This isn't a problem specific to 1 provider, it can happen to anyone.
    • We are not remaining with a provider that is knowingly serving viruses on purpose.
    • The antivirus did not find any virus. It found images related to malware, and the images cannot infect you.
    • If you do not click on the run button you would never get infected.
    • Our servers are better and cost more than the ones people are only running off of donations.
     
    • Winning Winning x 2
    • Agree Agree x 1
    • Disagree Disagree x 1
    • Friendly Friendly x 1
  14. Xel'Naga

    Xel'Naga Moderator Staff Member Contributor

    Steam:

    This is a known Java exploit that is affecting a large number of systems. Skial isn't the only community whose ad provider is distributing this ad, either. The ad provider we're using doesn't screen their ads very well, so sometimes things like this will slip through. Unfortunately, there's not a lot we can do to control that, because we don't have a filter to tell the ad provider "Hey guys, be a dear and don't give us viruses".

    Unless you're using Java for something, uninstall it from your computer. Sun Microsystems has had a lot of problems with Java lately, and it's been a disaster for a lot of communities. Not a lot we can do to fix that.

    Sorry it happened, though. At least your AV caught it.
     
    • Agree Agree x 1
  15. Just_Something_Here

    Just_Something_Here Gaben's Own Aimbot Contributor

    Steam:

    Sun died a while ago, it's now owned by Oracle, which most people are claiming that they killed off a lot of stuff, which is true. Same sources claim that Oracle royally fucked over the open source community, meaning that Java was (and still is) open source, but Oracle doesn't want any involvement with the open source community, they want full control. There's an alternative to Java called OpenJDK, which I know is available for Linux, but not sure about Windows. I'd look for an exe, but I couldn't find it on Oracle's hard-to-navigate website. It probably doesn't exist for Windows anyways.

    However if people are using Java 6, they should upgrade to 7, that might solve *some* problems.
     
  16. Bottiger

    Bottiger Administrator Staff Member

    Steam:

    Here's a picture showing that avast blocks pictures as viruses and categorizes them as "URL:Mal"

    [​IMG]
     
    • Winning Winning x 1
    • Neat Neat x 1