Playingdead

Unremarkable User
Just wanted to post that on 3/11/2013 at 7:30 pm EST a java exploit was run from your TF2 Orange server on my computer. It came from the server and installed malware on the computer. I traced it back to the server.

Thanks
Playingdead
 

takethepants

Australian Skial God
Contributor
If they were on rotation I'm thinking I would see more of something in the chat logs. Could have possibly been taken down real quick. I don't know. I'd be curious to see how traced it back to us. Either way, we would probably want to let the ad network know. Also, if you don't need Java, uninstall it.
 

Sharkey

Gaben's Own Aimbot
Contributor
This is what SHOULD happen when you launch java in the MOTD. You'd likely have consented to running it.

In the future, if you don't need to launch a java application, then don't.

Fg7KCDZ.jpg
 

Playingdead

Unremarkable User
Yes it tried to get me to install an application. I had this on another server last year with flash. I tracked it from log file, but it did not tell me anymore than where it started. Sorry for the late reply.
 

takethepants

Australian Skial God
Contributor
People wonder why so many stuck with Pinion. So we didn't have to put up with this crap. Unfortunately many sites have been bitten by this bug. Even sites like CNN and NYT and we're not immune either if you use a service that you have no control over.
 

Tyraa Rane

Scarcely Lethal Noob
I registered just to say I ran across something similar on the US Degroot+ server tonight. Server loaded, I got to the MOTD, and my anti-virus promptly went berserk--I got 6 URL:Mal threats detected. When I loaded into the game my AV stopped popping up warnings, so I figure it has to have been connected to the MOTD/ad.

Now, it is Avast, which does have a history of false positives with URL:Mal threats, but I figure it's worth mentioning all the same. Especially as you guys seem to have switched ad servers recently. (I haven't played on Degroot+ in a few weeks, but when I was there last you were still using Pinion and I didn't have any difficulties.)

Managed to snag a couple of the warnings before they disappeared, so here's the relevant URLs:

i.imgur.com/AwHggeW.png
i.imgur.com/ev9lgdR.jpg

As far as I can tell it didn't attempt to download anything or do anything with Java on my PC...possibly because it was immediately blocked by my AV. Hope it helps.
 

Bottiger

Administrator
Those are pictures and can't infect you through Java.

We've switched to advertising providers that are self-serve, and as a result, a few of those drive-by attempts will always be able to sneak through. Just don't click run.
 

Tyraa Rane

Scarcely Lethal Noob
We've switched to advertising providers that are self-serve, and as a result, a few of those drive-by attempts will always be able to sneak through. Just don't click run.

Alternatively I could just quit using skial servers altogether, which at the moment seems to me the better solution--rather than supporting an ad provider like that. I'm no fan of Pinion either, but at least it's never attempted a drive-by.
 
  • Like
Reactions: JakeSanchard

Xel'Naga

Legendary Skial King
Contributor
This is a known Java exploit that is affecting a large number of systems. Skial isn't the only community whose ad provider is distributing this ad, either. The ad provider we're using doesn't screen their ads very well, so sometimes things like this will slip through. Unfortunately, there's not a lot we can do to control that, because we don't have a filter to tell the ad provider "Hey guys, be a dear and don't give us viruses".

Unless you're using Java for something, uninstall it from your computer. Sun Microsystems has had a lot of problems with Java lately, and it's been a disaster for a lot of communities. Not a lot we can do to fix that.

Sorry it happened, though. At least your AV caught it.
 

Nothing_Much

Banned
Contributor
Unless you're using Java for something, uninstall it from your computer. Sun Microsystems has had a lot of problems with Java lately, and it's been a disaster for a lot of communities. Not a lot we can do to fix that.

Sun died a while ago, it's now owned by Oracle, which most people are claiming that they killed off a lot of stuff, which is true. Same sources claim that Oracle royally fucked over the open source community, meaning that Java was (and still is) open source, but Oracle doesn't want any involvement with the open source community, they want full control. There's an alternative to Java called OpenJDK, which I know is available for Linux, but not sure about Windows. I'd look for an exe, but I couldn't find it on Oracle's hard-to-navigate website. It probably doesn't exist for Windows anyways.

However if people are using Java 6, they should upgrade to 7, that might solve *some* problems.
 

Bottiger

Administrator
Managed to snag a couple of the warnings before they disappeared, so here's the relevant URLs:

i.imgur.com/AwHggeW.png
i.imgur.com/ev9lgdR.jpg

As far as I can tell it didn't attempt to download anything or do anything with Java on my PC...possibly because it was immediately blocked by my AV. Hope it helps.

Here's a picture showing that avast blocks pictures as viruses and categorizes them as "URL:Mal"

CCpRVFg.png