Pink Poogle Toy Forum

The official community of Pink Poogle Toy
Main Site
NeoDex
It is currently Wed Nov 20, 2024 3:46 am

All times are UTC




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 27 posts ]  Go to page Previous  1, 2
Author Message
 Post subject:
PostPosted: Mon Sep 04, 2006 9:56 pm 
PPT God
PPT God
User avatar

Posts: 1567
Joined: Sat Oct 08, 2005 8:41 am
Location: Denver, Colorado
Gender: Female
I was happy to find that The Daily Neopets even has a Safety Center alert page for such: http://www.thedailyneopets.com/safety/index/ 0:)

Quote:
Here is the latest safety alert issued by TheDailyNeopets.

9/3 6:05 am NST - An alert has been issued by the team at TDN (code red)! NEOPETS IS INFECTED! Multiple reports state that viruses called value[1].wmf and a downloader called bl4ck.com. AVOID NEOPETS. Read more in our news and Safety Center, and removed the ads.


Recommendation is to use Firefox, but for anyone adverse to using FF for any reason (I admit I am one) the Orca Browser is also based on Gecko and has more features, options, blocks more ads and doesn't need extra plug-ins, etc. Translation: not affected by this security hole.

I am braving Neopets on my IE/Avant (since Avant blocks more than IE once I add the file and URL extensions I know are malicious) more to keep track of this than anything. If it has been going on months and TNT is doing nothing about it, someone has to document this. Go me. :P

Allnameswereout: If I get it again I will do that. I am not afraid since it is a "harmless" virus of sorts (or doesn't affect me) and is only an annoyance. I noticed that I got it once in one day last week, and the other day several times in several page loads (in various places, Shop Till refresh, and yes javascript maybe since also when clicking Items to feed my pets) but I notice there is some link with ActiveX and JavaScript settings in a browser, too. o_O I also got errors that my ActiveX settings prevented the page from loading (thank goodness) at certain times.


Inventor of the Mad Plumber Wizard

Main Account: anjuna
Side 1: thetan604
Side 2: unoriginal_sin
Side 3: mobofo
Side 4: anomalie


Top
 Profile  
 
 Post subject:
PostPosted: Mon Sep 04, 2006 11:37 pm 
Moderator
Moderator

Posts: 2952
Joined: Tue Apr 04, 2006 8:40 am
Gender: Male
It turns out that Neopets is not the only site infected with the bl4ck.com virus, Myspace and many other sites have it too, look below:

Direct quote from washingtonpost.com

"An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company."


Go to

http://blog.washingtonpost.com/security ... to_mo.html

to read the rest.


Or go to

http://www.castlecops.com/t161495-Malwa ... issue.html

for some more info on it.

So it turns out that Neopets is not alone.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Sep 05, 2006 1:11 am 
PPT God
PPT God
User avatar

Posts: 1567
Joined: Sat Oct 08, 2005 8:41 am
Location: Denver, Colorado
Gender: Female
Of course, but that is not the issue. The bl4ck.com virus is so old I am surprised Ad-Aware doesn't already blacklist it. I thought it used to but I could be wrong. It can be manually blacklisted in Avant or Orca (not IE or FF* by the way) and/or caught by more advanced programs like AVG Free.

EDIT: Yes of course FF does not have this exploit to begin with, but that does not make it some immune-to-all firewall/anti-v; it's just a browser.

The point is, this has been around and affecting neopets users for so long, WITH TNT's awareness of it; yet they have taken no action to alerting or protecting users.

The bottom line of it is, a "huge" approximate 1/10 browser users use FF. Furthermore Neopets recommends IE to "best view and play" on the site and their programmers program with IE. Regardless of personal preference, it is TNT's responsibility to 1) educate or 2) solve the problem.

I think that many users will use neopets far less if they feel less secure (I know even I would and I have a decent ability to rid myself of malware).

This adware/trojan is not even THAT disruptive, more a major annoyance. It's hard to believe with the ingenius people employed TNT can't solve this.


Inventor of the Mad Plumber Wizard

Main Account: anjuna
Side 1: thetan604
Side 2: unoriginal_sin
Side 3: mobofo
Side 4: anomalie


Last edited by anjuna on Tue Sep 05, 2006 1:18 am, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Tue Sep 05, 2006 1:18 am 
PPT Toddler
PPT Toddler

Posts: 117
Joined: Fri Oct 28, 2005 6:13 am
This is what happens when you outsource content on your homepage. Neopets claims their website is virus-free. Well, their ad service is part of their homepage and is spreading sth similar to a virus (call it trojan; semantics). They are simply not able to make such bold claim as either 1) their ad service is out of their control 2) their ad service is in their control and they're spreading this.

FF can block bl4ck.com with Ad Blocker. I block ads and never seen bl4ck.com or any hoompapa virus whatsoever.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Sep 05, 2006 1:37 am 
PPT God
PPT God
User avatar

Posts: 1567
Joined: Sat Oct 08, 2005 8:41 am
Location: Denver, Colorado
Gender: Female
Ok, sorry, listen, this is almost off topic now but not. Sorry to have to get another 2 cents in. See my EDIT above. Yes, I acknowledge that FF or ORCA !!!!!!!!! (No I don't work for them I just hate Google/FF/Real) :oops: with a Gecko engine (so not the browser but the engine) disallows certain code. It just so happens FF and even Orca (Gecko) cannot even view some "intuitive" and rigorously filtered CSS code on Neopets petpages and shops and such! So again, some people would just rather sacrifice a little 'security' (cause they can handle a few annoyances like bl4ck.com even) while most others are used to ads yet still hate them, and have a lack of skill to rid themselves of or fight against.* So they use FF thinking it will protect them from everything. Not.

*I do not mean, wow this is going to sound 'racist' but here I go, I do not mean people in general coming from a Linux background and ever only using FF so they already have experienced a secure OS (! -- nothing to do with a browser). As previously said, if you use Windows you are brave and should just beware. If not, you have little to worry about (and argue).

Most users are still prone to this on neopets, fact. I am concerned is all.

And for the record I agree with you, no fights please lol. Just trying to make users overall aware of regular usual risks. Beyond that a "trusted site" like neopets.com should not even require using a 'safer browser'. ;)


Inventor of the Mad Plumber Wizard

Main Account: anjuna
Side 1: thetan604
Side 2: unoriginal_sin
Side 3: mobofo
Side 4: anomalie


Top
 Profile  
 
 Post subject:
PostPosted: Tue Sep 05, 2006 1:51 am 
PPT Toddler
PPT Toddler

Posts: 117
Joined: Fri Oct 28, 2005 6:13 am
Yes, Gecko does not pass CSS tests, Trident does not pass CSS tests, and pages which contain CSS do not pass CSS tests. Its a pity. A shameful situation. I believe KHTML (Safari, Konqueror) has the best CSS implementation but there is no (good) port to Windows yet. I also believe both the Gecko team and the IE7 team are improving their products.

The WMF exploit is in a Windows graphics library. Browsers use that library, but they are not responsible for bugs in that library. This is why browsers such as Opera and FF did not fix the bug; its not their bug! The bug does not occur on browsers running on non-Windows. It is not even an IE bug. It is however commonly abused using IE and Microsoft is responsible for both IE and Windows, including the graphics library.

The solutions are the following. Either
1) Don't use Windows.
2) Patch your Windows with earlier mentioned patch.
3) Use Windows with an AV, ad-blockers, and/or other measures.
4) Use Windows with a non-IE browser as the risk with such is lower.

Only option 1 and 2 fix this problem. 3 and 4 can be combined but neither are by no way guaranteed to fix this problem, they are snake oil.

Neopets their 'no virus' claim is bogus and should contain an add-on that they are not responsible for their ads. Because, they lack to show responsibility. Futhermore, they are okay if you block ads.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Sep 06, 2006 5:26 am 
PPT Toddler
PPT Toddler
User avatar

Posts: 241
Joined: Tue Jun 01, 2004 6:59 am
Location: USA
allnameswereout wrote:
Wikipedia is not a company its a non-profit organisation. Their spendings are covered by generous donations. Wikipedia does not contain ads (afaik last time i checked; i block ads).


Well, whatever. And yes sometimes Wiki contains ads because there are spambots or perhaps sometimes people paid to submit ads into Wiki. It's not supposed to. It's also not supposed to have viruses. I'm not sure what your point was, though.


<img src="http://img161.imageshack.us/img161/3583/duck8uz.gif">


Last edited by Catgrrrrrrl on Thu Sep 07, 2006 12:25 am, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Wed Sep 06, 2006 9:55 pm 
PPT Baby
PPT Baby
User avatar

Posts: 54
Joined: Sun May 08, 2005 5:38 am
Location: England
siouxper wrote:
I don't know if it comes from the ads or the page, I'm not going there at all. Can't you get frozen for blocking ads?
I thought I saw that in a thread here, or in an editorial or something.


No, you will not be frozen for blocking ads.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Sep 06, 2006 9:59 pm 
PPT Baby
PPT Baby
User avatar

Posts: 54
Joined: Sun May 08, 2005 5:38 am
Location: England
anjuna wrote:
There is a patch from Microsoft.

But to tell you the truth I won't update my anything without a darn good reason, as usually security updates make my system even more unstable.



Then that is your problem. :cry:

What more reason do you need to install a security related patch than it patching up your security so as to prevent this sort of thing?

<edit>
Whoops - double post. Sorry chaps.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Sep 07, 2006 12:17 am 
Moderator
Moderator

Posts: 2952
Joined: Tue Apr 04, 2006 8:40 am
Gender: Male
Quote:
To our knowledge, everything on Neopets is safe! There are no security threats or alerts at this time. Things are "all clear" at this point. Be sure to keep checking back for updates!


Well that is good to know. Now we don't have to avoid Neopets anymore.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Sep 07, 2006 12:26 am 
PPT Student
PPT Student

Posts: 335
Joined: Sat Oct 15, 2005 4:57 am
i use firefox all the time. i rarely open ie becaus ei hate it. i ahve adaware and avg and znealarma dn windows (crap) security center. i still get the damm virus' and trojans and whatever.

i block ads so i dont get the anoyance and i run the securtiy programs regularly, but i dont have a clue as far as keeping my pc clean goes. i end up havign to use the quick restore to factory settings at least twice a year, more frequently when i get mad at it running slower than i know its capable of lol.

neopets claims to be virus free, they should therefore either not make the claim or the claim should eb the truth. i cant rememebr th ename of the tojans avg picked up on last week, but it couldnt delete them annoyingly. ill have a look tomororw and see if they are the same ones.

good luck wiht tracking it anjuna.


cat


Top
 Profile  
 
 Post subject:
PostPosted: Thu Sep 07, 2006 1:17 am 
PPT God
PPT God
User avatar

Posts: 1567
Joined: Sat Oct 08, 2005 8:41 am
Location: Denver, Colorado
Gender: Female
fredajones wrote:
anjuna wrote:
There is a patch from Microsoft.

But to tell you the truth I won't update my anything without a darn good reason, as usually security updates make my system even more unstable.



Then that is your problem. :cry:

What more reason do you need to install a security related patch than it patching up your security so as to prevent this sort of thing?


Actually, it is not a problem for me at all. I would rather not have to reformat my disk within the next few days to weeks after installing such. I never ever install updates to IE or Windows and I have less problems than anyone I know. Don't fix it if it ain't broken, is my motto. ;)

So, to answer your question I don't need a reason. Not any at all. Security patches more often sacrifice stability for "security". None for me, thanks.

My ultimate point was, such (adware, trojans) should not be on Neopets. I take full responsibility for any other security breaches on my system. I am glad to hear that Quote above. Wonder how TDN knows that for sure?

EDIT: It's back, folks. Twice in a few minutes right after I cleaned it off and rebooted. Satuday Sept. 9 early AM NST. It appears to be a Java hack of some sorts. It came with that same fake ad, but more files to clean up.

Wake up TNT! I don't feel safe playing an online game. How sad. :roll:


Inventor of the Mad Plumber Wizard

Main Account: anjuna
Side 1: thetan604
Side 2: unoriginal_sin
Side 3: mobofo
Side 4: anomalie


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 27 posts ]  Go to page Previous  1, 2

All times are UTC


Who is online

Users browsing this forum: Bing [Bot] and 182 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group