Malware from KittyCatS Website? - Printable Version +- KittyCatS! Community Forum (https://kittycats.ws/forum) +-- Forum: KittyCatS Forum (/forumdisplay.php?fid=3) +--- Forum: Bugs & Fleas! - Bug Reporting (/forumdisplay.php?fid=6) +--- Thread: Malware from KittyCatS Website? (/showthread.php?tid=22363) Pages: 1 2 |
Malware from KittyCatS Website? - Oselkhandro Resident - 06-09-2015 07:39 PM Has anyone had malware loaded to their computer lately? I have had 3 infections in the last two days. I have an anti-malware program and Norton security, and KittyCats is the only site that I have visited other than MSN. This afternoon I ran a complete malware scan and made sure my computer was clean. I removed a hijack program and something called "Offers4U". Ten minutes ago, I logged into the KittyCatS site and was immediately hijacked by malware that claimed to be from "the Website" and was trying to get me to download a media player (I did not bite). Is there anyone else who has had infections in the last week or so? RE: Malware from KittyCatS Website? - Tad Carlucci - 06-09-2015 08:11 PM I've been hitting the site pretty hard for a week or so. It's clean, and I'm absolutely positive of that. RE: Malware from KittyCatS Website? - Winter Phoenix - 06-10-2015 12:29 AM Not the KittyCatS website thats stuffing your machine full of nasty code. Most likely there is a ghost in your browser itself. Browser hijacking bugs can route your machine to wherever they want to send you. And they can be a nuisance to dig out. In the interim, try another browser. Is your Explorer buggy? Try google chrome or Opera. Your gonna need to dump the offending browser and do a complete reinstall, tossing every tiny bit of the thing. Appears your Norton and malware software has failed you. In some instances, that free malware some folks pick up, is actually MALWARE ITSELF. I use a different anti-virus engine that shouts at me every time I hit a shaky site. Not gonna give em a free ad, but there are other anti-viruses than Norton that do a good job. Good luck exorcising your machines demons! RE: Malware from KittyCatS Website? - MsMagick Resident - 06-10-2015 01:07 AM I haven't had any issues. I'm assuming you aren't using version 2.0 of the KittyCats HUD. According to my geek girl, the browsers used for media on SL are just invitation for stuff like that. RE: Malware from KittyCatS Website? - Bumblebliss Resident - 06-10-2015 05:19 AM Can you explain to me what you mean by the browsers of SL media are invitation to that stuff? I don't wanna get a virus! RE: Malware from KittyCatS Website? - Tad Carlucci - 06-10-2015 06:16 AM The browser built into the Second Life viewer is built on an old, old version. It's not that different than using IE6 on XP. The big advantage is that so few people use Second Life, the viewer is not much of a target. The second advantage is that the viewer itself is much more buggy than the built-in browser, so it's a far easier target. To the OP question: the origin of the infection is somewhere else. Where is anyone's guess; but not the Kittycats web server or the pages. As to the media player download .. I see that a lot. It's coming from the video pirac---um--sharing site you visited. One day, for grins, I fired up a honeypot and downloaded it. Be glad you didn't! RE: Malware from KittyCatS Website? - MsMagick Resident - 06-10-2015 07:08 AM (06-10-2015 05:19 AM)Bumblebliss Resident Wrote: Can you explain to me what you mean by the browsers of SL media are invitation to that stuff? I don't wanna get a virus! Tad talked about it some here: http://kittycats.biz/forum/showthread.php?tid=21846 Basically when you have media turned on, you are allowing things that you interact with within SL to open up and use a scaled down browser that is accessed within your viewer and which doesn't have all the security options of something like Internet Explorer, Chrome or FireFox. I don't know all the details, but my geek girl, who has IT security experience, ran security tests on the current version when the HUD came out and it FAILED ALL of her tests. If you have media turned on, you could go to a SIM and there could be an object, even a hidden one that you aren't aware of, that could access your computer and attack it via this browser. It could send you a fake log-in page for the KittyCats site or for Second Life to try to get your login info (phishing). It could play something annoying on your screen, or pop up an ad, or just put a tiny box somewhere, whatever... that either when it plays, or when you click it, gives you a virus/malware. These are only a few examples. There is also a well-known REAL incidence where media was used to locate users by getting their IP address* from where the media was streamed to. The IP addresses were matched to user names by matching the time the media started playing with what time the users TP'ed into the SIM. Anyone who had media turned on was vulnerable. In this case, users accessing SL from the same IP address - which could include anyone you share your internet with, including family or neighbors, but also people who might have hacked in to steal your wifi - or entire groups of people accessing SL through services like AOL - were reported as alts, and blocked from large groups of SIMs simply because they were on a list of users that the SIM owners were paying for: https://virtualnavigator.wordpress.com/2011/02/28/redzone-second-life-ip-address-detection-tool-runs-afoul-of-new-sl-policy-eu-data-privacy-law/ Some viewers, like Firestorm, allow you to determine what objects within SL can turn on your media, but many viewers don't. Either way, this browser is still much more vulnerable than if you just used your normal browser to look at a website. We all know that any browser isn't completely safe, but consider that if you are using this built browser, you aren't going to get any of the warnings or protection that you have set up in your normal browser for potentially dangerous sites. FYI - I turned my media on because the laptop that my SL bed rez'es asked permission to show a webpage on it's screen. It was really cool and I clicked and played with it. It actually displays a page from YouTube, but it was so small, it could have easily been a fake page, and I wouldn't have known. I completely turned off media for everything after my girl told me about the issues. You might also have media enabled for SL TV/video screens, and you have to enable it for the new version 2.0 of the KittyCats HUD to work. That's one of the reasons that some of us refuse to use it. I also greatly prefer the design of the old version anyway, so am happily using the Legacy HUD. *It is true that anyone who streams MUSIC can find out the IP addresses of all their listeners. Looking mine up (just google "IP Lookup") gives the name of my cable provider, my zip code, my area code, and the approximate longitude and latitude of a small area of my city where I live. They would still need to figure out which IP address belongs to which user, but that is probably pretty easy if I mention what area I'm from. This is still a very good reason to only turn on music at selected venues, and to turn on the music a little while you arrive. RE: Malware from KittyCatS Website? - Oselkhandro Resident - 06-10-2015 02:06 PM This is all very interesting information. I do not access any file or video sharing sites, so I did not get the infections from that. I did, however, access the web browser from inside SL on Firestorm. Usually, I access this from the Cattery portal that I keep rezzed in my livingroom. Does this mean that accessing the Cattery from the in-world option ("visit Cattery") is dangerous because it opens an SL internet browser? Is it only safe to enter the Cattery from one's own non-SL connection (Internet Explorer, Firefox, etc)? I am a heavy user of SL and on that site a lot (I am retired, so lots of time). I also use the Cattery site heavily, but I do not use the HUD. I did recently try to access a video feed on SL to view the Kentucky Derby (unsuccessfully). Did trying to access a video on SL cause my infections? RE: Malware from KittyCatS Website? - MsMagick Resident - 06-10-2015 11:17 PM It could easily have been the attempt to watch the Kentucky Derby video. It is much safer to have Firestorm use your normal browser when it opens webpages, such as those from the Cattery dock. I do that a lot, as well as just having the KC Forums, etc. bookmarked in my normal browser, and haven't had an issues. In Firestorm: Under Network & Cache, click the radio button to use your own browser, and it should use your normal browser... whichever one is set up as default. Also, regarding the media, under Sound & Media, make sure you unclick (disable) all four of the Autoplay settings and click to enable the filters. FYI - my girl says one common trick within ANY browser is for something on the webpage to tell you that you need to use a plug-in to view a video, then when you click to install it, you download and install Malware. Some of these requests are legit, but just be very careful when you're asked to install or give access to anything. RE: Malware from KittyCatS Website? - Bumblebliss Resident - 06-12-2015 06:46 AM Thank you for all the great information! I just went and make sure that my media was go off and I don't have want to auto play enabled.Great information for those of us who are not very tech savvy! Thank you, thank you, thank you everyone. |