Drudgereport Putting Trojans out??? - GoFuckYourself.com

Greg B · 04-13-2005, 10:01 AM

Yo, I went to www.drudgereport.com and a trojan warning popped up!

WTF? Here's a screencap.

This happen to anybody else?

Harmon · 04-13-2005, 10:02 AM

Gertting nothing in IE. May want to dump the AOL browser sparky

bringer · 04-13-2005, 10:04 AM

nothing here either on both comps
norton on 1 and mcafee on the other

AlienQ - BANNED FOR LIFE · 04-13-2005, 10:06 AM

Ironic photo caption and headline.

Twe Russ · 04-13-2005, 10:07 AM

Prolly spyware. ;)

Harmon · 04-13-2005, 10:08 AM

Quote:

Originally Posted by AlienQ

Ironic photo caption and headline.

Hahahah! I didn't notice that! Classic...

Greg B · 04-13-2005, 10:30 AM

Yep it's AOL but what gets me is AOL has all this spyware, anti-virus bs they tout. They caught it though.

Don't know if it gets through the standard IE browser. If AOL caught it, I'll stick with AOL.

Drudge has too many pop ups. He doesn't need them. His site is so damned popular he can charge through the roof.

SmokeyTheBear · 04-13-2005, 10:55 AM

Upon execution, this Trojan checks for the system?s Internet connection. It then creates new registry entries in order to lower the Internet security settings of the user?s default browser.

This Trojan downloads files from the following URLs:

http://static.topconverting.com/acti...nningsgame.exe
http://static.topconverting.com/activex/tcupdater.exe
http://static.topconverting.com/activex/180ax.exe
http://static.topconverting.com/activex/optimize.exe
http://static.topconverting.com/activex/games.exe
It adds the following registry keys and entries:

HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1

HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1
@ = "Loader2 Control"

HKEY_CLASSES_ROOT\LOADER2.Loader2PropPage.1

HKEY_CLASSES_ROOT\LOADER2.Loader2PropPage.1
@ = "Loader2 Control"

HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1\CLSID

HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1\CLSID
@ = "{79849612-A98F-45B8-95E9-4D13C7B6B35C}"

HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4}

HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4}
@ = "Loader2 Property Page"

HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1
@ = "Loader2 Control"

HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1\CLSID

HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1\CLSID
@ = "{79849612-A98F-45B8-95E9-4D13C7B6B35C}"

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{38601801-2FF5-4A62-95DA-D2007161C1B4}

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{38601801-2FF5-4A62-95DA-D2007161C1B4}
@ = "Loader2 Property Page"

Analysis By: Carlo Panganiban

Revision History:
First pattern file version: 2.364.06
First pattern file release date: Jan 21, 2005

Greg B · 04-13-2005, 12:15 PM

Smokey, one of my guys said the same thing.

It don't happen on IE only AOL browser which says to me that either AOL's security is better and catching it or that something else is going on. Why it would pop up during a Drudge load is unknown.

People have called into his show bitching about his popups and trojans or something but I thought they were joking.

04-13-2005, 10:01 AM	#1
Greg B So Fucking Banned Join Date: Jul 2001 Location: EARTH (for the time being) Posts: 7,014	Drudgereport Putting Trojans out??? Yo, I went to www.drudgereport.com and a trojan warning popped up! WTF? Here's a screencap. This happen to anybody else?

04-13-2005, 10:02 AM	#2
Harmon ( ͡ʘ╭͜ʖ╮͡ʘ) Industry Role: Join Date: Mar 2004 Posts: 20,010	Gertting nothing in IE. May want to dump the AOL browser sparky __________________ [email protected]

04-13-2005, 10:04 AM	#3
bringer i have man boobies Join Date: Jul 2003 Location: van down by the river Posts: 13,082	nothing here either on both comps norton on 1 and mcafee on the other __________________ 333-765-551

04-13-2005, 10:06 AM	#4
AlienQ - BANNED FOR LIFE best designer on GFY Join Date: Mar 2003 Location: IALIEN.COM - High Definition Video and Photographic Productions -ICQ 78943384 Posts: 30,307	Ironic photo caption and headline. __________________ NAKED HOSTING FTW!11 I'm On The INSANE PLAN $9.95/mo! \| The Alien Blog Adult News Worth Reading Updated Daily \| Content For Sale! 641 PICS 216 MINUTES OF VIDEO $350.00 \|ICQ: 78943384 \|

04-13-2005, 10:07 AM	#5
Twe Russ Confirmed User Join Date: Jan 2003 Location: NYC Posts: 3,493	Prolly spyware. ;) __________________ Contact information - ICQ: 7.9.0.3.0.0 · AIM: no roach · E-Mail: roachito \|\| @ \|\| gmail \|\| . \|\| com [Friend Finder - Geo Targeting & Incredible Site Ratio] - [Credit Card Traffic - Make $65 Per Join]

04-13-2005, 10:30 AM	#7
Greg B So Fucking Banned Join Date: Jul 2001 Location: EARTH (for the time being) Posts: 7,014	Yep it's AOL but what gets me is AOL has all this spyware, anti-virus bs they tout. They caught it though. Don't know if it gets through the standard IE browser. If AOL caught it, I'll stick with AOL. Drudge has too many pop ups. He doesn't need them. His site is so damned popular he can charge through the roof.

04-13-2005, 10:55 AM	#8
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	Upon execution, this Trojan checks for the system?s Internet connection. It then creates new registry entries in order to lower the Internet security settings of the user?s default browser. This Trojan downloads files from the following URLs: http://static.topconverting.com/acti...nningsgame.exe http://static.topconverting.com/activex/tcupdater.exe http://static.topconverting.com/activex/180ax.exe http://static.topconverting.com/activex/optimize.exe http://static.topconverting.com/activex/games.exe It adds the following registry keys and entries: HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1 HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1 @ = "Loader2 Control" HKEY_CLASSES_ROOT\LOADER2.Loader2PropPage.1 HKEY_CLASSES_ROOT\LOADER2.Loader2PropPage.1 @ = "Loader2 Control" HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1\CLSID HKEY_CLASSES_ROOT\LOADER2.Loader2Ctrl.1\CLSID @ = "{79849612-A98F-45B8-95E9-4D13C7B6B35C}" HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} @ = "Loader2 Property Page" HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1 @ = "Loader2 Control" HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1\CLSID HKEY_LOCAL_MACHINE\Software\Classes\LOADER2.Loader 2Ctrl.1\CLSID @ = "{79849612-A98F-45B8-95E9-4D13C7B6B35C}" HKEY_LOCAL_MACHINE\Software\Classes\CLSID\ {38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_LOCAL_MACHINE\Software\Classes\CLSID\ {38601801-2FF5-4A62-95DA-D2007161C1B4} @ = "Loader2 Property Page" Analysis By: Carlo Panganiban Revision History: First pattern file version: 2.364.06 First pattern file release date: Jan 21, 2005 __________________ hatisblack at yahoo.com

04-13-2005, 12:15 PM	#9
Greg B So Fucking Banned Join Date: Jul 2001 Location: EARTH (for the time being) Posts: 7,014	Smokey, one of my guys said the same thing. It don't happen on IE only AOL browser which says to me that either AOL's security is better and catching it or that something else is going on. Why it would pop up during a Drudge load is unknown. People have called into his show bitching about his popups and trojans or something but I thought they were joking.