Sophos Detecing Malware
Forum rules
Keep in mind that this forum is for Reasontalk.com suggestions, and not for support on your Reason Studios software.
Keep in mind that this forum is for Reasontalk.com suggestions, and not for support on your Reason Studios software.
Hi,
Just wanted to mention that during the last week, whenever I go to the main Reasontalk page before going to the forum, my Sophos AntiVirus says it is blocking Malware (See screenshot). Not sure what this is, or if it a false positive but just in case thought I would bring this to your attention.
Kind Regards,
DinoJ
Just wanted to mention that during the last week, whenever I go to the main Reasontalk page before going to the forum, my Sophos AntiVirus says it is blocking Malware (See screenshot). Not sure what this is, or if it a false positive but just in case thought I would bring this to your attention.
Kind Regards,
DinoJ
- Attachments
-
- Screenshot of it happening.
- Reasontalk AV.png (919.79 KiB) Viewed 3480 times
I'm slightly surprised this hasnt been responded to... sophos is legit and well established.
Surely this guy deserves a reply...?
Surely this guy deserves a reply...?
-
- Moderator
- Posts: 1851
- Joined: 14 Sep 2015
- Location: Paris, France
It should be resolved by now:
viewtopic.php?p=415966#p415966
...but if you still find anything suspicious, please report, it helps!
viewtopic.php?p=415966#p415966
...but if you still find anything suspicious, please report, it helps!
@Zac Thanks for the bump! Yeah Sophos is the AV we use at my work and it is really good, I may have just jinxed myself by saying this but we had far less issues with viruses and malware in the last two years since we switched to this. Excluding the few users who insist on clicking links promising them tax refunds or opening attachments from people/organisations they don't know! But can't blame Sophos for not being able to protect against PEBCAK/PICNIC
@WongoTheSane Thanks for the response and update, I can confirm Sophos no longer grumbles when I visit your site
@WongoTheSane Thanks for the response and update, I can confirm Sophos no longer grumbles when I visit your site
Could be that the landing page is running bitcoin scripts from https://coinhive.com/. I'm seeing 100% cpu on all my cores when I load reasontalk.com
my virusscanner still blocks a coinhive site when comming here...rcbuse wrote: ↑19 Nov 2018Could be that the landing page is running bitcoin scripts from https://coinhive.com/. I'm seeing 100% cpu on all my cores when I load reasontalk.com
Should i worry about this? Is this an internal issue, i.e. put in place by the site owner or some external hack?
- Creativemind
- Posts: 4897
- Joined: 17 Jan 2015
- Location: Stoke-On-Trent, England, UK
Yeah my Avast anti-virus is too.
- Attachments
-
- Reasontalk Threat.PNG (18.06 KiB) Viewed 3025 times
Last edited by Creativemind on 20 Nov 2018, edited 2 times in total.
Reason Studio's 11.3 / Cockos Reaper 6.82 / Cakewalk By Bandlab / Orion 8.6
http://soundcloud.com/creativemind75/iv ... soul-mix-3
Strange. I am using firefox with tracking blocking, avast and adblock but I do not see any changes to cpu load when accessing reasontalk.com. I don't see exactly what adblock is blocking, could it be a dodgy ad causing this?
12, Win10
Thank you everyone, for bringing this to our attention. If anyone else has reports, please continue to post them here. We are looking into this issue and hope to resolve it as quickly as possible.
I'm seeing the same thing as Panda - pinned 100% cpu on the homepage.
A quick look at the homepage source code tells me that you have indeed been hacked. Something is going on with https://coinhive.com/.
I can sort this out so if you need assistance just give me a shout.
Nick
A quick look at the homepage source code tells me that you have indeed been hacked. Something is going on with https://coinhive.com/.
I can sort this out so if you need assistance just give me a shout.
Nick
Nick Baxter
SKP Sound Design - http://www.skpsounds.com
Youtube - https://www.youtube.com/c/SKPSoundDesign
SKP Sound Design - http://www.skpsounds.com
Youtube - https://www.youtube.com/c/SKPSoundDesign
Do you know why something like this only seem to affect some users? What would be considered good practice on our end?nickb523 wrote: ↑20 Nov 2018I'm seeing the same thing as Panda - pinned 100% cpu on the homepage.
A quick look at the homepage source code tells me that you have indeed been hacked. Something is going on with https://coinhive.com/.
12, Win10
So again, the CoinHive hack hit us.
Basically, "someone" injects a single line of javascript into the theme code, loading a CoinHive miner in the background, thus using visitors CPU to crypto-mine for them (Monero) while the site is open.
It's important for me to stress that this doesn't infect visitors with a virus or anything of the sorts, it simply "just" calculates hashes while the site is open!
I've identified which plugin might have opened a backdoor, and cleared it of malicious code. The site doesn't have the CoinHive shortlink anymore and the issue should be resolved.
Please bump this thread and keep reporting if you see the issue coming back!
Basically, "someone" injects a single line of javascript into the theme code, loading a CoinHive miner in the background, thus using visitors CPU to crypto-mine for them (Monero) while the site is open.
It's important for me to stress that this doesn't infect visitors with a virus or anything of the sorts, it simply "just" calculates hashes while the site is open!
I've identified which plugin might have opened a backdoor, and cleared it of malicious code. The site doesn't have the CoinHive shortlink anymore and the issue should be resolved.
Please bump this thread and keep reporting if you see the issue coming back!
Kenni Andruszkow
SoundCloud
SoundCloud
Thanks for the fix.Kenni wrote: ↑21 Nov 2018So again, the CoinHive hack hit us.
Basically, "someone" injects a single line of javascript into the theme code, loading a CoinHive miner in the background, thus using visitors CPU to crypto-mine for them (Monero) while the site is open.
It's important for me to stress that this doesn't infect visitors with a virus or anything of the sorts, it simply "just" calculates hashes while the site is open!
I've identified which plugin might have opened a backdoor, and cleared it of malicious code. The site doesn't have the CoinHive shortlink anymore and the issue should be resolved.
Please bump this thread and keep reporting if you see the issue coming back!
-
- Information
-
Who is online
Users browsing this forum: No registered users and 4 guests