Visitor to my site getting this web attack message

I was just notified by one visitor to my site that they received the following message: Web attack: Malicious JAVA class download 2. He has received this message several times - I have no idea what that means, nor what to do next. I am on a MAC. I am using a Wordpress theme for my website/blog and some wordpress plugins. Can one of those be causing it? Would having any of the Norton Software prevent something like this 'going out' to my viewers? I haven't heard from anyone else with a problem so I don't know if it's just on his end or if my site is infected or trying to infect others...this is all confusing stuff to me! Any help would be appreciated...

 

url for my site is brendatharp.com

Thank you. 

 

 

 

[edit: Please do not direct link to potentially unsafe websites per the Participation Guidelines and Terms of Service.]

Thanks for your quick reply. Answers: I am up to date on my iMac, short of installing Lion. And I just did a series of updates tonight, as a matter of fact. As for FlashBack/FlashFake Trojan, I hadn't a clue what that was about so I googled it and learned a few things. I ran the scripts from Mashable and found no errors. But I've updated my Java. Can you check it again for me when you get a moment and see what you get this time around? thank you so much...this freaks me out since I'm not techie enough to know what to do next...

 

brendatharp.com

Oh and as for security program, I used to have Norton but it went out of date and I thought I was 'safe' so I hadn't purchased a new program. maybe it's time to do that. :)

 

 

 

[edit: Please do not direct link to potentially dangerous websites per the Participation Guidelines and Terms of Service.]

Hi! BrendaTharp,

I’ll be happy to re-check your site for you. In the meantime I would strongly recommend that you purchase the latest Norton security prouduct to help protect your Mac; I believe Norton Internet Security is still available for Mac it’ll be your best option for securing your Mac. I know Macs’ are less vulnerable to viruses & other malware compared to Windows based computers but it doesn’t mean they’re 100% secure either.

Tech83 :slight_smile:

Hello Brenda,

 

I have been checking your website since you first posted yesterday using various browsers on two different machines.  I have not been able to reproduce any alerts from Norton regarding a Malicious JAVA class download 2. 

 

SInce Tech83 saw an alert, it may be a random issue or it may be a false positive.

 

It would be helpful to know what security program your visitor was using which prompted this alert.

 

The majority of malicious payloads found on websites have been placed there by third parties. The only way to really confirm if your site has a problem is to contact your hosting provider and inform them you have had reports of Malicious JAVA class download 2.  They should be able to check your site at their server level (at no charge) for malicious content and report back to you in short order.

 

Let us know how you do.

 

(ps: Your photography is exquisite!)

Your website seems to be OK now. I too saw the Norton alert when you first posted. I did notice that Norton was OK while Noscript was blocking scripts, but soon as I unblocked the scripts I got the Norton alert. (There were some strange scripts with names like LITTLE.HEVYZ.IN)

Thank you for your reply  - the visitor was using Norton Anti-Virus but I don't know more than that. Hopefully, my Java Update I just did last night also helped, but I'm going to check into getting AV software regardless just to further protect myself...I WILL however contact my server provider as you suggested. Many thanks for that idea.

 

Thanks, too, fo liking my photographs. It's what I do much better than this internet stuff, lol!

Hi! BrendaTharp,

I have re-checked your blog site & didn’t receive a warning when I checked so I think your site’s ok now. But I still recommend you get Norton Internet Security for Mac everything I’ve heard about the product is it’s a very good program.

Tech83 :slight_smile:

I was just notified by one visitor to my site that they received the following message: Web attack: Malicious JAVA class download 2. He has received this message several times - I have no idea what that means, nor what to do next. I am on a MAC. I am using a Wordpress theme for my website/blog and some wordpress plugins. Can one of those be causing it? Would having any of the Norton Software prevent something like this 'going out' to my viewers? I haven't heard from anyone else with a problem so I don't know if it's just on his end or if my site is infected or trying to infect others...this is all confusing stuff to me! Any help would be appreciated...

 

url for my site is brendatharp.com

Thank you. 

 

 

 

[edit: Please do not direct link to potentially unsafe websites per the Participation Guidelines and Terms of Service.]


Davec33 wrote:
Your website seems to be OK now. I too saw the Norton alert when you first posted. I did notice that Norton was OK while Noscript was blocking scripts, but soon as I unblocked the scripts I got the Norton alert. (There were some strange scripts with names like LITTLE.HEVYZ.IN)

Hi Davec33 and Tech83

 

This afternoon, I received an IPS alert (Web Attack: Malicious Java Class Download 2) when visiting the OP's site. Could both of you please check your Security History and advise if you have similar attack details to the following?

 

Thanks

 

Category:   Intrusion Prevention 
Date & Time14/04/2012 15:44
RiskHigh
ActivityAn intrusion attempt by 31.184.242.164 was blocked.
StatusBlocked
Recommended ActionNo Action Required
IPS Alert NameWeb Attack: Malicious Java Class Download 2
Default ActionNo Action Required
Action TakenNo Action Required
Attacking Computer31.184.242.164, 80
Attacker URLstat.nubor.in/0100

 

 

Category: Norton   Community Watch 
Date & Time14/04/2012 15:44
RiskInfo
ActivityIPS Detection Statistical Submission
StatusSubmitted
Recommended ActionNo Action Required
Date Updated14/04/2012 15:45
Submitted ByNorton Internet Security
DescriptionIPS Detection Statistical Submission
Submission DetailsSignature ID: 24440  <br>Local or Remote Attacker: 2  <br>Remote Port: 80  <br>Local Port: 51705  <br>Protocol: 6  <br>Signature Set Version:   20120413.001  <br>Application   Name: \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE  <br>Offending URL:   stat.nubor.in/0100  <br>Date   Detected: Sat, 14 Apr 2012 05:44:57 GMT    <br>Application File Checksum:   D2AE56CEAFD824CA022164A79FCB2F5C    <br>Application File Information: 6.0.310.5  <br>Network Data:   <br>Sub-signature ID: 68540  <br>Remote Address:   31.184.242.164  Product:Norton Internet   Security 19.6.2.10

 

  

Category: Norton   Community Watch 
Date & Time14/04/2012 15:44
RiskInfo
ActivityIPS Detection Statistical Submission
StatusSubmitted
Recommended ActionNo Action Required
Date Updated14/04/2012 15:45
Submitted ByNorton Internet Security
DescriptionIPS Detection Statistical Submission
Submission DetailsSignature ID: 24942  <br>Local or Remote Attacker: 1  <br>Remote Port: 51705  <br>Local Port: 80  <br>Protocol: 6  <br>Signature Set Version:   20120413.001  <br>Application   Name: \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE  <br>Offending URL:   stat.nubor.in/0100  <br>Date   Detected: Sat, 14 Apr 2012 05:44:57 GMT    <br>Application File Checksum:   D2AE56CEAFD824CA022164A79FCB2F5C    <br>Application File Information: 6.0.310.5  <br>Network Data: ...  <br>Sub-signature ID: 67949  <br>Remote Address:   31.184.242.164     <br>Product:Norton Internet Security 19.6.2.10

 


 

Based upon the observations of elsewhere, I checked the website again and I am now being alerted to the same type of attack.

 

The IP indicates the Russian Federation.

 

Brenda, you really need to get your Hosting company on this right away.

 

Also, please make sure the computer you are using to manage the site is completely clean.

Hi! BrendaTharp,

I as well must confirm the malware alert as being present on your site. As has been previously suggested it’s strongly recommended that you have site host verify that your site’s clean & please make sure your computer is clean as well. I recommend using Norton Internet Security for Mac.

Tech83 :slight_smile:

P.S. I asked a McAfee user to view your site & they reported a similar message from their security product.

Hi! All,

The blank post occurred when I tried to log out; sorry about that.

Tech83