OK, so browsing on CS! earlier today I started getting these whenever I load a page:
http://homepage.mac.com/macprince/cs/CSscriptlet.png

Now, just a few minutes ago, I started getting these pop-ups on CS! even through Safari's pop-up blocker:
http://homepage.mac.com/macprince/cs/drivecleaner.png

I get the sinking feeling that malware has infected the site. Is anyone else getting this?

a trojan horse appeared on my computer this morning

first ive ever had in 1.5 years on this laptop

is that related? im in the process of formatting right now just saving everything to disc then going into recobvery

I believe that the admins are aware of the situation and are looking into it.
Thanks for the details.
I'm sure that will be helpful.

Sound like you got hit through email. MIME is generally only used in emails.

I've been on throughout the day, I've gotten nothing. No warnings or anything.

Sound like you got hit through email. MIME is generally only used in emails.

I've been on throughout the day, I've gotten nothing. No warnings or anything.

I wish it was the case. It specifically seems to be attacking through java. I had to disable Java on firefox to get through. And its trying to Download a .wmf file into computers. Scriptkiddies is more likely.

I wish it was the case. It specifically seems to be attacking through java. I had to disable Java on firefox to get through. And its trying to Download a .wmf file into computers. Scriptkiddies is more likely.

xpl.wmf is the file that is showing up as what is to be downloaded. A quick google search revealed that it's a trojan virus. Seems the virus is a fan of hitting forums. I noticed a post in some other forum in the search about the same exact problem/virus.

Under investigation. Have taken a step or three, but I am about to contact the creators of the board software. It seems that there is possibly some security hole. If the site goes down, we are going to get it back. I have the databases backed up every Sunday, so we may lose a week's worth of posts, but that would be all.

Rapscallion

I checked my system (Win2K, Netscape 7.2) and do not have the .wmf file in question.
I'd like to suggest that those Windows users who do have that file set their file types to show ALL extensions so we can find out what that file really is (on my system, all the .wmf files I found were clip art, nothing executable).

Thanks for that, though I'm more interested in anyone who's seen aberrant behaviour when visiting the site - asking to download files.

Rapscallion

If it helps anybody, I noticed when adding in the following line to hosts file I don't have a problem with firefox wanting to download the .wmf file:

127.0.0.1 proffy209.com

Basically proffy209.com is where the file is attempting to be downloaded from.

All clear here... *stands guard & fixes bayonet*:devil: :devil:

FWIW I use mac and on IE got asked if I wanted a cookie (same name each time, I think--zhmbscwdgk.biz, name=dial, content=uniq. I said yes the first time, then no for each launch afterwards--each time I then got a box full of gibberish asking me to approve a browser script, which I of course refused and force-quit. (I assumed the cookie was related to my new moderated status until the strange behavior set in.)

As the site was loading much more slowly than usual, I noticed it pausing to load bag.htm--don't know if that's related to my name, new status, coincidence or hack.

Tried Firefox (which I also rarely use and hadn't configured to reject cookies), couldn't believe it was what caused the monitor to go off (!) but I was able to see by opening the laptop that it was asking me to approve some kind of Windows script or file (don't recall language like that before).

Safari I had no problem with, but I noticed a ton of new caches and folders from each time I launched it--though upon investigation I found that to also be true for the handful of other times I used it in the past (I wasn't prompted to accept or reject cookies in my settings for this program).

Examined cookies in all browsers, nothing else suspicious, but let me know if I can offer more clues. Good luck. :)

Looks like Raps and gang did get the code eliminated. i don't see any problems. Cache virus info, and how to get rid of it (http://java.com/en/download/help/cache_virus.xml) for those still infected. It was fairly simple. I just cleared the java cache and updated to the latest version.

The wmf virus only works on windows computers who have not had windows updated in 2+ years. But it does slow the website (client side) down like crazy.

Good job server dudes, I just hope it don't become like the dutch boy story where you might run out of fingers to plug the holes. ;)

The vBulletin team appear to have found how the scum got in.

Dealing with it.

We're waiting for a report on whether or not anything else was done, but we think we're in the clear for now.

Rapscallion