Terryy
Almost too old for this
Web Attack: Exploit toolkit Website 16
Don't see it on any of the other forums I frequent.
Don't see it on any of the other forums I frequent.
Getting a consistant Norton warning only on this site
- Thread starter Terryy
- Start date
Disclaimer: Links on this page pointing to Amazon, eBay and other sites may include affiliate code. If you click them and make a purchase, we may earn a small commission.
MN66
New Member
+1
Apparently, Norton will on occasion report a banner ad as the "exploit toolkit" you mentioned. This seems to be unique to Norton. I personally think that Norton is far down the list of anti-virus software, so my first recommendation would be to get something else like Avast, McAfee or Kaspersky.
Mark Cintula
New Member
I've been using Notron AV products for almost 20 years now and have never had an issue with them. I don't know why they get such a bad rap. And yes .. I do IT for a living. I'd rather have my security suite report false positives than let something slip by. I am getting the warning as well.
well, there is a trade off between resource utilization and letting stuff through. I personally think Norton is a resource hog compared to what is needed (and compared to other good av software), but I am fully aware that many others have a different opinion.
93markVIII
SHO Member
symantec has been kicking me some warnings on my work computer as well.
Mark Cintula
New Member
Just to follow up on this here's what Norton says about this:
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects attempts to download exploits from a malicious toolkit which may compromise a computer through various vendor vulnerabilities.
Additional Information
Malicious toolkits contain various exploits bundled into a single package.Victim on visiting the malicious server hosting exploit toolkit is attacked with several different exploits
exploiting different vulnerabilities one by one.Exploits may include MDAC,PDF,HCP etc.
Affected
Various Browsers.
Response
No further action is required but you may wish to perform some of the following actions as a precautionary measure.
• Run the Norton Power Eraser. (home users)
• Run the Symantec Power Eraser. (business users)
• Update your product definitions and perform a full system scan.
• Submit suspicious files to Symantec for analysis.
If you believe that the signature is reported erroneously, please read the following:
• Report a potential false positive to Symantec.
I get the warning in both Edge and Chrome with the Norton extensions. I don't get it in Firefox, mostly because I don't have the Norton extensions running there, but I do have AdBlock Pro and NoScript running and they caught and blocked the psychskins.com ref as malicious so there might be something to this. I remember about 10 years ago when I was a very active member of a Lexus IS forum something similar to his. A banner ad that the site was running had become compromised with malware and caused all kinds of havok. My Norton was doing the exact same thing, alerting me to the issue.
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects attempts to download exploits from a malicious toolkit which may compromise a computer through various vendor vulnerabilities.
Additional Information
Malicious toolkits contain various exploits bundled into a single package.Victim on visiting the malicious server hosting exploit toolkit is attacked with several different exploits
exploiting different vulnerabilities one by one.Exploits may include MDAC,PDF,HCP etc.
Affected
Various Browsers.
Response
No further action is required but you may wish to perform some of the following actions as a precautionary measure.
• Run the Norton Power Eraser. (home users)
• Run the Symantec Power Eraser. (business users)
• Update your product definitions and perform a full system scan.
• Submit suspicious files to Symantec for analysis.
If you believe that the signature is reported erroneously, please read the following:
• Report a potential false positive to Symantec.
I get the warning in both Edge and Chrome with the Norton extensions. I don't get it in Firefox, mostly because I don't have the Norton extensions running there, but I do have AdBlock Pro and NoScript running and they caught and blocked the psychskins.com ref as malicious so there might be something to this. I remember about 10 years ago when I was a very active member of a Lexus IS forum something similar to his. A banner ad that the site was running had become compromised with malware and caused all kinds of havok. My Norton was doing the exact same thing, alerting me to the issue.
My computer suddenly won't allow access, indicates site is compromised.
Last edited:
Racer X
SHO Pilot, Retired
I dug into this, the site is definitely compromised.
It's a .js exploit, I'm guessing they got in via an unpatched SQL injection vulnerability that XenForo patched late last year. If you disabled JavaScript, the site is navigable, but my recommendation to everyone is to stop using the site until this is patched. And if you use your SHOForum password anywhere else on the internet, now might be a good time to change it on those other sites.
Admin, if you're reading this, good luck sorting this all out.
It's a .js exploit, I'm guessing they got in via an unpatched SQL injection vulnerability that XenForo patched late last year. If you disabled JavaScript, the site is navigable, but my recommendation to everyone is to stop using the site until this is patched. And if you use your SHOForum password anywhere else on the internet, now might be a good time to change it on those other sites.
Admin, if you're reading this, good luck sorting this all out.
My home computer get directed to a different website immediately after the Shoforum page comes up. There is a comment about the Domain has expired and go to your control panel, etc. The site works fine on my tablet and other computers.
I'm still not getting any warnings or any redirects. I'm browsing with Chrome with AdBlock Plus extension enabled and have Avast free antivirus. I just scanned my machine and nothing inappropriate showed up in any of the anti-malware software I use.
Since this is happening to some but not all users, that suggests it is one of the following:
1. a browser-related vulnerability
2. a anti-virus related vulnerability
3. a snippet vulnerability where only part of the "bad" code is on the site server, and another part must be present on your computer (that you picked up elsewhere)
4. a mirror issue (if the site has more than one host) where one of the mirrors is corrupted
If you are getting the redirect, I suggest you visit MajorGeeks.com and go to their "how to remove malware" section, and follow the instructions explicitly to get rid of anything you have on your own computer. My experience is those guys are among the best and are on top of the crap that is out there.
Hope this helps someone.
Since this is happening to some but not all users, that suggests it is one of the following:
1. a browser-related vulnerability
2. a anti-virus related vulnerability
3. a snippet vulnerability where only part of the "bad" code is on the site server, and another part must be present on your computer (that you picked up elsewhere)
4. a mirror issue (if the site has more than one host) where one of the mirrors is corrupted
If you are getting the redirect, I suggest you visit MajorGeeks.com and go to their "how to remove malware" section, and follow the instructions explicitly to get rid of anything you have on your own computer. My experience is those guys are among the best and are on top of the crap that is out there.
Hope this helps someone.
sperold
Last to Know
Boy, any excuse at all!
Congratulations.
Congratulations.
Thanks for fixing, no warnings anymore, at least on my browsers!
On my work computer, I have consistent block notifications popping up for a couple of days now. It never did that before. Nothing on the home computer though
Similar threads
