Malware Intrusion

Lucky Day · Posted: Wed Jul 24, 2013 12:36 pm Post subject: Malware Intrusion

FYI -- Norton has been blocking this intrusion when I visit c-brats.com. It happens on first visit each day for the last two or three days. This is the detail report from Norton (I cut out references to my own IP address, etc.):

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
7/24/2013 12:29:08 PM,High,An intrusion attempt by www.tugnuts.com was blocked.,Blocked,No Action Required,Web Attack : Malvertisement Website Redirect,No Action Required,No Action Required,"www.tugnuts.com (69.73.142.146, 80)",www.c-brats.com/openx/www/delivery/ajs.php?zoneid=2&cb=21586239966&charset=ISO-8859-1&loc=http://www.c-brats.com
TCP, www-http"
Network traffic from www.c-brats.com/openx/www/delivery/ajs.php?zoneid=2&cb=21586239966&charset=ISO-8859-1&loc=http://www.c-brats.com/ matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE. To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me.

TyBoo · Posted: Wed Jul 24, 2013 12:54 pm Post subject:

I don't understand everything I know about this stuff, and I am sure Bill will be around with explanations (he is away from home right now).

I do know that tugnuts.com is nothing to fear. It is the Ranger Tug owner's forum and is managed by Bill. It is on the same server as C-Brats.com and is linked from our front page (lower left corner) and we are similarly linked from there.

Lucky Day · Posted: Wed Jul 24, 2013 12:58 pm Post subject:

Thanks for the reply. I don't really know what it means, either. Just thought it best to let someone know.

mailbox101 · Posted: Wed Jul 24, 2013 7:09 pm Post subject:

Malware (malicious software) is a type of program, including viruses, worms, trojan horses, etc., that do unwanted things with/to your computer or data. Think of it as someone living in your house without your knowledge or consent, perhaps using your wallet, impersonating you, or holding parties for other like-minded friends.

Scanned this website using Norton's Malware, Google Diagnostics, Wepawet, and a few others; no malware was found.

Regardless, if enough people get that false warning, some will shy away from visiting. Have others who use Norton been getting this error, or was this an isolated incident?

David

PS. This list of links can be helpful.
www.malwarehelp.org/freeware-open-source-commercial-website-security-tools-services-downloads.html

T.R. Bauer · Posted: Wed Jul 24, 2013 9:59 pm Post subject:

Nope, it isn's isolated as I just got it too........

Pat Anderson · Posted: Thu Jul 25, 2013 12:51 am Post subject:

"Intrusion attempt by Tugnuts.com" - Tugnuts is another Da Nag website for Ranger Tugs, not sure what Norton is saying, unlikely "malware." Get a Mac and don't worry about this crap.

TyBoo · Posted: Thu Jul 25, 2013 12:57 am Post subject:

Obviously, Peter Norton is a fan of Nordic Tugs.

Da Nag · Posted: Thu Jul 25, 2013 10:59 am Post subject:

As others have alluded to, it's a bogus alert. Nothing we can do to prevent it - it's a bug on Norton's end. Who knows if/when they'll fix it, but were I a Windows/Norton user I'd ignore and/or disable it.

To date, I've yet to see a legitimate web site alert from Norton reported here. Warnings generated by Chrome and Firefox however, have been accurate - here and elsewhere.

Lucky Day · Posted: Thu Jul 25, 2013 12:07 pm Post subject:

OK - thanks for confirming - I'll disable the alert.