Trojan / Virus while following link in latest CAG newsletter email

[GoneFission]

I read the latest CAG email newsletter and followed the link about "Consultation - Mandatory review before appeal. Concerns about all claimants but particular concern for ESA claimants."

 

The links go through a third part site which apparently processes the CAG newsletters. That redirects us to the CAG page for the relevant article. As the article page loaded, I saw a download dialog box with a random looking filename, which I cancelled. I then saw an error dialog box that said xxx.exe had encountered problems and had been closed by Windows.

 

It turns out xxx.exe is a virus / trojan downloader. As I run Windows 2000 on this PC I'm probably immune to it, which is why it crashed. Most viruses are written for XP or Windows 7.

 

I now have a file called xxx.exe in C:\Documents and Settings\andy\Local Settings\Temp\xxx.exe

 

The timestamp matches exactly the time I clicked the link in the email from CAG.

 

It looks like either the CAG website, or the email link handling website, is infected.

 

The link in the email goes to jumbomail.org. (the forum doesn't allow me to post the full link). Possibly the jumbomail site that the CAG newsletters use is infected.

[BankFodder]

Thanks for this.

We have had five reports of this since yesterday and we are investigating.

However it does look as if we have been hacked.

I'll let you know more ASAP

[WebMaster]

What time did this happen please? The link in the newsletter is

http://em.jumbomail.org/link.php?M=712482&N=370&L=536&F=T

 

Which redirects to http://www.consumeractiongroup.co.uk/forum/showthread.php?337703-Consultation-Mandatory-review-before-appeal.-Concerns-about-all-claimants-but-particular-concern-for-ESA-claimants.&p=3716053#post3716053

 

I'm not seeing anything nasty on either of these pages though. Can anyone else reproduce this?

[GoneFission]

You're welcome, BankFodder.

 

FWIW, I haven't had the same problem typing in the web address to visit the site, and I've just tried finding that page again by doing a search on the title. That seemed fine, which makes me suspect that it may be jumbomail that has the problem.

 

I don't feel like clicking the link in the email a second time to try it out though In fact, I think I'll delete it.

[GoneFission]

WebMaster,

 

Start the Windows Task Manager, look under Processes, and see if there's an xxx.exe running (click on the image name column to sort them by name, to make it easier - assuming it's called "image name" in your version of Windows... the column with the names in, anyway). Mine crashed, presumably because it doesn't work under Windows 2000. You may still have one running.

[GoneFission]

I happened at 13:19, or about twenty past one, in old money.

[WebMaster]

Thanks for the info. I'm not actually on Windows, so don't have to worry about that side of things ... anyway, we've found it now and sorted it out

[GoneFission]

Good, and you're welcome. Which site was it on, out of curiosity?

[WebMaster]

*cough* consumeractiongroup *mumble*. We had some trouble here this morning with a hole in an old Joomla component

[GoneFission]

I see. There must be massive security holes in Firefox to let that happen too. I've heard of catching a virus just by visiting a web page but that's the closest I've come to having it happen. It's a bit scary that you can get one from a reputable site.

 

I'm still wondering how Firefox manages to download and run a .exe without me knowing it has, or giving permission.

[dazzaone]

if your worried about viruses etc, download superantispyware and malwarebytes, restart pc/laptop into safemode with networking, update each program and run full scans on both individually. let them remove anything found and restart normally, then run a scan with superantispyware. If your using hotmail, and you think you may of been hacked, change your password. Symptoms will be contacts receiving [problem] emails etc, usually to electrical companies in china etc.

[GoneFission]

I haven't tried superantispyware. I'll give it a go. I have a license for Malwarebytes, but it didn't see the xxx.exe as malware - even when I found the file and told it to scan it. It's only as good as the threats database for it, I suppose.

 

Generally, I'm not worried about viruses at all. I just never seem to get them. On this occasion though, I visited a trusted site and had malware installed on my PC, which then ran, all without my knowledge. That is a bit worrying.