Lizamoon attack.

B

Boozy

Guest
#2
Think I may have been hit with this also, was just reading a thread around quarter to 7 when suddenly without any clicking on anything my page began redirecting me and my mouse wouldn't work to shut down the tab.

I hit and held the off switch and on restarting later and scanning I'm virus free but think I may just have been lucky.
 

maguire

LE
Book Reviewer
#4
ah, so this is whats been going on. encountered this a few times over the last few days - was worried it was my system. malwarebytes is indeed chugging away through a full scan as we speak and has been since about 6ish.
 
B

Boozy

Guest
#7
Malwarebytes

Download the free version, update it and run the full scan. You might be surprised what it finds!
ta for the link downloaded and ran it when I came in from my night out.

Nothing found but when I was running it I was half cut and fell asleep, waking up just now to the notepad screen at the end thinking "f******ck" as in my disorientation I thought it was a virus haha :)
moral of the story: do things sober!
 
M

Mark The Convict

Guest
#8
I've had something similar, just spent 30 mins on the phone trying to get it fixed. Unsuccessfully. This; http://www.ilwylb.net/ appears briefly in the search field before diverting to any old crap.
 
#10
Yes, got diverted to a place offering me free scans, warning of trojans and similar horrors, closed the tab, opened another one and all was well.
Similar experience but closed " daughter window " before download completed and I had just updated Malwarebytes ... ran a full scan with this and preinstalled antivirus package ... no viruses detected .

Edited to add ... more info and reassurance here ... worth a read ... linky ... How to Defeat Lizamoon in One Easy Step | News & Opinion | PCMag.com
 
#11
Nice one , thanks for the heads up Scan up and running .
 
#13
Think this ****** got me as well, got rid of it by starting up in safe mode and networking ran my superantispyware and all is well again. But this is where I need some help I've only used freebee computer protection whats the best and value for money one to get.
 
#14
Think this ****** got me as well, got rid of it by starting up in safe mode and networking ran my superantispyware and all is well again. But this is where I need some help I've only used freebee computer protection whats the best and value for money one to get.
I've been using Comodo Internet Security for ages. It's free and has always warned me if anything even slightly suspicious is going on. In fact, it was my total confidence in Comodo that let me know that Lizamoon's attempt to scare me was a load of bollocks.
 

maguire

LE
Book Reviewer
#15
between windows firewall, avast and malwarebytes you should be pretty well covered. and no need to spend any money.
 
#17
I'm not clear whether any of you so far think that we've been hit by it? So are playing a part in the redirection and so on? I just tested with Google and it seems ok:

Google Safe Browsing diagnostic page for arrse.co.uk
My experience of the Lizamoon download took place whilst logged onto the ARRSE Website late evening 2 April ... oddly just after I had read the thread on the subject ... hence my post #10 .

Edited to add I may have been running multiple sessions but the other Websites would almost certainly have been reputable News sites ... Reuters , BBC etc .
 
#18
After some more digging it appears to target systems using Microsoft SQL Server 2003 and 2005, which we don't. From reading about its success I don't think reputation is a good measure for how likely a site is to have been the source. iTunes got hit for example.

Just in case I've also searched through our database and files for the 'ur.php' reference and found nothing.

I'm concluding from those and the Google security check above that we're in the clear. I appreciate the heads up though, and apologise for the slow response.
 
#19
After some more digging it appears to target systems using Microsoft SQL Server 2003 and 2005, which we don't. From reading about its success I don't think reputation is a good measure for how likely a site is to have been the source. iTunes got hit for example.

Just in case I've also searched through our database and files for the 'ur.php' reference and found nothing.

I'm concluding from those and the Google security check above that we're in the clear. I appreciate the heads up though, and apologise for the slow response.
In my post I was not casting a slur at the quality of the ARRSE Website but pointing out that the other sessions I was running were also reputable sites .
 
#20
Its still on the site @ 11.36, got it by clicking on BAS thread in intelligence forum, my security picked it up (using norton-which classified the attack as high)
 

Similar threads

Latest Threads

Top