Comments on: Trojan at Drudge Report?

Question: Trojan at Drudge Report?

yclipse — Wed, 06 Apr 2005 05:13:59 -0800

See http://www.professorbainbridge.com/2005/04/whats_drudge_up.html for the question. He is getting a report of a Jabber Trojan when visiting the Drudge site. Any insight here?

By: BobInce

BobInce — Wed, 06 Apr 2005 07:49:16 -0800

I don't get it on Drudge myself (no telling what randomised ad servers are going to server up), but jabber.ocx is a new filename used by the TopConverting parasite.

Hopefully it was only a 'normal' ActiveX drive-by download which can usually be refused; however TopConverting is commonly installed using an 'aggressive' downloader (ie. it keeps opening JavaScript errors saying you have to agree to the download when you refuse), and it is also often loaded by IE security hole exploits, which is probably why McAfee is picking it up.

By: drumcorpse

drumcorpse — Wed, 06 Apr 2005 12:19:18 -0800

It may or may not be related, but if professorbainbridge's ISP is running a Windows NT4 or 2000 DNS resolver, they may have fallen prey to a current DNS cache poisoning attack, which seems to be linked to spammers and malware distributors.

As the linked report indicates, a limited number of internet users have been affected by these apparent attacks since late February, which involve a sophisticated and changing tooset of exploits used to redirect web users to malware-infected advertising. The attacks are ongoing and as of yet unresolved.

via /.