Hi! BrendaTharp,

 

Welcome to the Norton Community!!

 

I've visited your site with & without Java installed; with Java installed I recieved the alert "Malicious Java Class 2 download" when Java is not installed the alert does not appear.

 

This leads to these questions: Is your Mac completely up-to-date?  Have you checked your Mac for the FlashBack/FlashFake Trojan? Are you using up-to-date tools for your Wordpress Blog?  Are you running a security program like Norton, McAfee or Kasperkys' on your Mac?

 

Tech83 :)

Thanks for your quick reply. Answers: I am up to date on my iMac, short of installing Lion. And I just did a series of updates tonight, as a matter of fact. As for FlashBack/FlashFake Trojan, I hadn't a clue what that was about so I googled it and learned a few things. I ran the scripts from Mashable and found no errors. But I've updated my Java. Can you check it again for me when you get a moment and see what you get this time around? thank you so much...this freaks me out since I'm not techie enough to know what to do next...

 

brendatharp.com

Oh and as for security program, I used to have Norton but it went out of date and I thought I was 'safe' so I hadn't purchased a new program. maybe it's time to do that. :)

 

 

 

[edit: Please do not direct link to potentially dangerous websites per the Participation Guidelines and Terms of Service.]

Hi! BrendaTharp,

I'll be happy to re-check your site for you. In the meantime I would strongly recommend that you purchase the latest Norton security prouduct to help protect your Mac; I believe Norton Internet Security is still available for Mac it'll be your best option for securing your Mac. I know Macs' are less vulnerable to viruses & other malware compared to Windows based computers but it doesn't mean they're 100% secure either.

Tech83 :-)

Your website seems to be OK now. I too saw the Norton alert when you first posted. I did notice that Norton was OK while Noscript was blocking scripts, but soon as I unblocked the scripts I got the Norton alert. (There were some strange scripts with names like LITTLE.HEVYZ.IN)

Thank you for your reply  - the visitor was using Norton Anti-Virus but I don't know more than that. Hopefully, my Java Update I just did last night also helped, but I'm going to check into getting AV software regardless just to further protect myself...I WILL however contact my server provider as you suggested. Many thanks for that idea.

 

Thanks, too, fo liking my photographs. It's what I do much better than this internet stuff, lol!

Hi! BrendaTharp,

I have re-checked your blog site & didn't receive a warning when I checked so I think your site's ok now. But I still recommend you get Norton Internet Security for Mac everything I've heard about the product is it's a very good program.

Tech83 :-)

---

Davec33 wrote:
Your website seems to be OK now. I too saw the Norton alert when you first posted. I did notice that Norton was OK while Noscript was blocking scripts, but soon as I unblocked the scripts I got the Norton alert. (There were some strange scripts with names like LITTLE.HEVYZ.IN)

---

Hi Davec33 and Tech83

 

This afternoon, I received an IPS alert (Web Attack: Malicious Java Class Download 2) when visiting the OP's site. Could both of you please check your Security History and advise if you have similar attack details to the following?

 

Thanks

 

Category:   Intrusion Prevention
Date & Time	14/04/2012 15:44
Risk	High
Activity	An intrusion attempt by 31.184.242.164 was blocked.
Status	Blocked
Recommended Action	No Action Required
IPS Alert Name	Web Attack: Malicious Java Class Download 2
Default Action	No Action Required
Action Taken	No Action Required
Attacking Computer	31.184.242.164, 80
Attacker URL	stat.nubor.in/0100

 

 

Category: Norton   Community Watch
Date & Time	14/04/2012 15:44
Risk	Info
Activity	IPS Detection Statistical Submission
Status	Submitted
Recommended Action	No Action Required
Date Updated	14/04/2012 15:45
Submitted By	Norton Internet Security
Description	IPS Detection Statistical Submission
Submission Details	Signature ID: 24440  <br>Local or Remote Attacker: 2  <br>Remote Port: 80  <br>Local Port: 51705  <br>Protocol: 6  <br>Signature Set Version:   20120413.001  <br>Application   Name: \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE  <br>Offending URL:   stat.nubor.in/0100  <br>Date   Detected: Sat, 14 Apr 2012 05:44:57 GMT    <br>Application File Checksum:   D2AE56CEAFD824CA022164A79FCB2F5C    <br>Application File Information: 6.0.310.5  <br>Network Data:   <br>Sub-signature ID: 68540  <br>Remote Address:   31.184.242.164  Product:Norton Internet   Security 19.6.2.10

 

  

Category: Norton   Community Watch
Date & Time	14/04/2012 15:44
Risk	Info
Activity	IPS Detection Statistical Submission
Status	Submitted
Recommended Action	No Action Required
Date Updated	14/04/2012 15:45
Submitted By	Norton Internet Security
Description	IPS Detection Statistical Submission
Submission Details	Signature ID: 24942  <br>Local or Remote Attacker: 1  <br>Remote Port: 51705  <br>Local Port: 80  <br>Protocol: 6  <br>Signature Set Version:   20120413.001  <br>Application   Name: \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE  <br>Offending URL:   stat.nubor.in/0100  <br>Date   Detected: Sat, 14 Apr 2012 05:44:57 GMT    <br>Application File Checksum:   D2AE56CEAFD824CA022164A79FCB2F5C    <br>Application File Information: 6.0.310.5  <br>Network Data: ...  <br>Sub-signature ID: 67949  <br>Remote Address:   31.184.242.164     <br>Product:Norton Internet Security 19.6.2.10

 

 

Based upon the observations of elsewhere, I checked the website again and I am now being alerted to the same type of attack.

 

The IP indicates the Russian Federation.

 

Brenda, you really need to get your Hosting company on this right away.

 

Also, please make sure the computer you are using to manage the site is completely clean.