• Welcome to RCTalk! 🚀

    Join the #1 RC community where hobbyists connect, share, and get expert advice on RC cars, trucks, boats, drones, and more!

    • Friendly & passionate RC enthusiasts
    • RC tips & troubleshooting
    • Buy, sell & trade RC gear
    • Share builds & upgrades

BHO Trojan, webmasters be aware.

This site may earn a commission from merchant affiliate
links, including eBay, Amazon, and others.
Error401

Error401

Hardcore RCTalk User
Messages
3,403
Reaction score
0
Points
0
RC Driving Style
I was just checking the error log on my website and ran up on these entries:

[Thu Jul 1 21:46:20 2004] [error] [client 66.194.6.xx] File does not exist: /home/error401/public_html/sjdif.exe
[Thu Jul 1 17:31:42 2004] [error] [client 66.194.6.xx] File does not exist: /home/error401/public_html/sjdif.exe
[Thu Jul 1 17:16:52 2004] [error] [client 66.194.6.xx] File does not exist: /home/error401/public_html/sjdif.exe

The three IPs are unique, but are within a 6 digit range. A Whois of the IPs yielded this:

Whois has started ...

Time Warner Telecom TWTC-NETBLK-4 (NET-66-192-0-0-1)
66.192.0.0 - 66.195.255.255
Websense TWTC-NETBLK-4 (NET-66-194-6-0-1)
66.194.6.0 - 66.194.6.255

# ARIN WHOIS database, last updated 2004-07-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


After googling the exe, it's aparently part of the BHO trojan (Troj/Ovedil-B)
and some inf can be found here:
http://www.sophos.com/virusinfo/analyses/trojovedilb.html
also:
http://www.computercops.biz/postlite44642-.html

I don't know why someone was trying to run this exe, and I checked all the files on my site to see if there was anything amiss (or not normal). Just a heads up to anyone running a website, since this BHO trojan is a keylogger aimed at stealing bank login info.
 
Error your website isn't hosted on a windows machine is it? If you're on a unix/linux machine then your safe from this trojan.


-Michael
 
Linux rocks. Windows sucks and can get hit by everything but Linux safe from most everything.
 
Isn't this the virus you pick up from a legit web site that now enters your computer to get your bank info?
I downloaded all the critical updates from MS, but the virus explanation wasn't listed, so I don't know if I have the patch that will protect me. How can I be absolutely certain that I'm protected?
 
WoodiE said:
Error your website isn't hosted on a windows machine is it? If you're on a unix/linux machine then your safe from this trojan.


-Michael
Click to expand...

100% correct. I just wanted to let everyone know that this stuff is no joke. I think the other part of the file (might be a variant) comes in an apparent gif file called something like onebig1.gif (or something like that). It's not a if picture at all, but is the worm that starts things rolling. I read in the news that the Office of Homeland Defense recommended that users either turn off scripting and ActiveX if they're using IE, or use another browser all together (like Mozilla or Firefox). Needless to say, I'm sure MS isn't too happy with that.

It all comes from IIS5's vulnerabilities and, no, linux servers are not affected by these worms.The things to watch out for are keeping your systems clean of spy/ad/mal ware because they can hijack your browser and potentially take you to infected sites. This poop is really getting bad and everyone should get a heads up before they get digitally raped.

401.
 

Similar threads

RudyF6
Ahh... Good to be back!
Replies
9
Views
270
WickedFog
WickedFog
biggman100
I wonder how many here would be like this.
Replies
3
Views
183
Suburban_Hooligan
Suburban_Hooligan
majin
got an awesome movie you think should be watched?
2 3
Replies
55
Views
1K
WickedFog
WickedFog
Doom!
I'll be MIA tomorrow, so you guys be good.
2
Replies
28
Views
672
9x19
9x19
Doom!
Where oh where can our @xraycer be? Where oh where can he be?
5 6 7
Replies
124
Views
3K
Warby
Warby

RC Builds

Back
Top