I have never heard of this, but i have a client that recieved 10 emails from people that had visited his web site. each email said they found a virus on his site. they said norton antivirus poped up and said:

ateaseweb[1].html Temporary Internet File has the
VBS.Haptime.A@mm virus

is this possible? Whats the policy on anti-virus softare and web servers? I mean, shouldnt web servers had virus protection installed?

I'll give yall one guess who my reseller is! :D

Thanks,

Brad Nelson

Dang, don't tell me that virii can now be transmitted via a webpage?

Somebody please outlaw :uzi: Microsoft Corp:smash: before computing as we know it cease to exist.

Yeah I've seen em too...
UGH!

I don't know too much about this, but I've actually had it happen to me... I visited a website, and the download box popped up. I didn't click anything, and yet a file downloaded. Right after that, my firewall went off because a file named mars.exe was attempting to connect to the internet. A virus scan of this file confirmed that it was a trojan. So not only did it download automatically, but it also opened automatically.

That's NASTY $H*T!! BAH!!

Originally posted by Matt 26z
I don't know too much about this, but I've actually had it happen to me... I visited a website, and the download box popped up. I didn't click anything, and yet a file downloaded. Right after that, my firewall went off because a file named mars.exe was attempting to connect to the internet. A virus scan of this file confirmed that it was a trojan. So not only did it download automatically, but it also opened automatically.

ahhh you're scaring me!!!

Got any specifics about the mode of entry?

Was it an activeX flaw, a virus embedded in a cookie, etc.

I've seen a worm attack in a similar way via html in an email but never like this.

Another good example of why you can never run too much protection. There are several programs that warn of trojan like activity, new cookies, new commands, and certain file types being added to your computer. I have some programs I never leave home without.

It's a VB Script virus (which of course is why it is VBS.Haptime.A), and yes it attaches to html files on the infected machine. Most likely the source is the computer on which your client or his designer produced his pages. That is, its presence on your server doesn't mean that any other client's documents would also be affected.

Edit for clarification: the virus code attaches to html files, but propogates by setting an infected html file as the default wallpaper in Outlook Express and so sending itself with outgoing email. On the receiving machine it activates like many others by exploiting Outlook Express's behavior in which it runs scripts attached to messages that are viewed in the preview pane (there's a patch to fix this flaw). So viewing a page on this site with a web browser shouldn't have caused anyone any problem. The html files were edited on an infected machine and uploaded to the server after they contained the virus code, I'd assume (unless it's a Windows server, in which case...)

This is kind of funny: I just looked at the page, and while the actual script isn't there any more the empty <script>... </script> tags still are, right at the bottom.

Aye, something similar happened to quite a number of friends too, all from visiting a webpage that automatically initiated a download to a visitor's computer. One had to reformat and reinstall everything on his hard drive. Another visited the site from work, and that office ended up having to rebuild 2 of their servers.

Woah! That is truly scary stuff...

:unhappy: :erm:

Does the person that had this happen on his host machine, ever pick up on it if he doesn't do a scan? I have Norton Antivirus for instance, and when something shows up on my machine, it has an alert it goes through... A sort of blue-screen warning...

--Jodi

Well, I'm not sure about my friend but if he didn't have anything installed, I'm sure he's much wiser now. ;) As for the guy at work, I'm sure they had a firewall and virus protection software in place but no idea how it got through all that. Forgot to mention that a couple of other friends who also thought they were pretty safe as they had 'all forms of protection' still had their puters invaded by that trojan.

Just too bad these buggers who creates these virii and trojans can't use their minds to do something worthwhile instead. :(

I don't know if this is what happened in the cases Jonathan and others are talking about, but here's one way something similar perhaps could be done:

http://www.cert.org/advisories/CA-2001-06.html