Hello.
I have just checked out my blog and I got a popup saying my blog is trying to install an ActiveX control.
If I install it then I get a msg box saying:
"Attention! You have not completed a virus scan. Your PC is at risk. Please return to www.milleniumhousemix.com and download MalwareCleaner 2009"
This only happens when I visit my blog so somehow my blog has been effected. No other sites cause this problem. How could this have happened?!?
It started at least 2 days ago and I haven't made any changes to my blog for well over a week.
I have no new users/comments so somehow someone is exploiting my MT.
If its effecting me then this can easily be spread to other MT sites so its well worth looking into.
My URL is: http://www.drumnbassproduction.com
Can someone please take a look and get back to me ASAP with a solution? Im really worried about spreading rubbish to my readers.
Please see the below screenshot.
[img]http://www.drumnbassproduction.com/blogimages/error.jpg[/img]
http://www.drumnbassproduction.com/blogimages/error.jpg
UPDATE:
I noticed an error was generated at the bottom left of my browser.
When clicked it said:
Error on line 3226.
So I checked my index page and on line 3226 I noticed this code has some how been added:
<script>check_content()</script>
I editied it out and now the activeX control is no longer trying to install itself. This must be what is causing the spyware.
It still looks like the site is infected though but this stops the initial activeX trying to download.
How is it possible for someone to add this code to my index page?!?!
Ive searched google and it seems like im the only person infected this way on MT although I read it could be some exploit in google analytics. Please help people!
I noticed an error was generated at the bottom left of my browser.
When clicked it said:
Error on line 3226.
So I checked my index page and on line 3226 I noticed this code has some how been added:
<script>check_content()</script>
I editied it out and now the activeX control is no longer trying to install itself. This must be what is causing the spyware.
It still looks like the site is infected though but this stops the initial activeX trying to download.
How is it possible for someone to add this code to my index page?!?!
Ive searched google and it seems like im the only person infected this way on MT although I read it could be some exploit in google analytics. Please help people!
if the code is just in the HTML and not in the MT templates that generate the HTML, a rebuild should remove the offending bits. More importantly, you'll need to find out *how* those offending bits got insert into the HTML in the first place. you may need to work with your hosting provider on that.
Hello imabug,
Thanks a lot for the reply.
I did some searching myself and I have figured out what has been causing it.
I am new to MT but I am very knowledgeable with web servers etc.
I knew that everything is set securely and It would be very hard for someone to gain access to my server.
I searched through google and couldnt find much but I did find something similar that was being exploited through the Google Analytics code.
I have a Analytics widget I created and after disabling this widget and removing the offending line of code on the index page, the problem has stopped and been removed.
This is obviousally a newish exploit in google analytics / MT as there is hardelly anything online about it.
I would suggest someone here at MT looks into this because im sure its only a matter of time before more blogs are effected.
Im just glad I figured it out before something worse was inserted..
Thanks a lot for the reply.
I did some searching myself and I have figured out what has been causing it.
I am new to MT but I am very knowledgeable with web servers etc.
I knew that everything is set securely and It would be very hard for someone to gain access to my server.
I searched through google and couldnt find much but I did find something similar that was being exploited through the Google Analytics code.
I have a Analytics widget I created and after disabling this widget and removing the offending line of code on the index page, the problem has stopped and been removed.
This is obviousally a newish exploit in google analytics / MT as there is hardelly anything online about it.
I would suggest someone here at MT looks into this because im sure its only a matter of time before more blogs are effected.
Im just glad I figured it out before something worse was inserted..
QUOTE (midi @ Oct 20 2008, 03:37 AM) 
<script>check_content()</script>
Hi
QUOTE (midi @ Oct 20 2008, 02:27 PM)
Hello.
I have just checked out my blog and I got a popup saying my blog is trying to install an ActiveX control.
If I install it then I get a msg box saying:
"Attention! You have not completed a virus scan. Your PC is at risk. Please return to www.milleniumhousemix.com and download MalwareCleaner 2009"
This only happens when I visit my blog so somehow my blog has been effected. No other sites cause this problem. How could this have happened?!?
It started at least 2 days ago and I haven't made any changes to my blog for well over a week.
I have no new users/comments so somehow someone is exploiting my MT.
If its effecting me then this can easily be spread to other MT sites so its well worth looking into.
My URL is: http://www.drumnbassproduction.com
Can someone please take a look and get back to me ASAP with a solution? Im really worried about spreading rubbish to my readers.
Please see the below screenshot.
[img]http://www.drumnbassproduction.com/blogimages/error.jpg[/img]
http://www.drumnbassproduction.com/blogimages/error.jpg
I have just checked out my blog and I got a popup saying my blog is trying to install an ActiveX control.
If I install it then I get a msg box saying:
"Attention! You have not completed a virus scan. Your PC is at risk. Please return to www.milleniumhousemix.com and download MalwareCleaner 2009"
This only happens when I visit my blog so somehow my blog has been effected. No other sites cause this problem. How could this have happened?!?
It started at least 2 days ago and I haven't made any changes to my blog for well over a week.
I have no new users/comments so somehow someone is exploiting my MT.
If its effecting me then this can easily be spread to other MT sites so its well worth looking into.
My URL is: http://www.drumnbassproduction.com
Can someone please take a look and get back to me ASAP with a solution? Im really worried about spreading rubbish to my readers.
Please see the below screenshot.
[img]http://www.drumnbassproduction.com/blogimages/error.jpg[/img]
http://www.drumnbassproduction.com/blogimages/error.jpg
I have same problem on my site www.btchems.com/w3/iletisim.htm
I guess same scripts calling this activex from out of site. I am checking wysiwyg.js like scripts and let you know if solve this.
in the otherhand, do you have sertificate for your site? why am I asking you because my problems started one week ago after bought my certifcate. I will check it too. Please let me know if you solve the problem before and sorry my english
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.