[InHam] FW: [QST] Follow-Up to: Warning about an infected Amateur Radio website - QRZ.COM

Steve Jewell - WR9G wr9g at arrl.net
Wed Dec 28 10:47:27 EST 2011 


-----Original Message-----
From: Don 
Sent: Wednesday, December 28, 2011 7:06 AM
To: Steve WR9G
Subject: Fw: [QST] Follow-Up to: Warning about an infected Amateur Radio
website - QRZ.COM


> All,
>
> I am now able to go to QRZ.COM without issue, so it now appears to be 
> "clean".
>
> I'm forwarding all the technical info that I collected over the 
> holiday week-end to Fred Lloyd, AA7BQ in hopes that we can figure out 
> just what was going on.
>
> 73
>
> Lloyd - N9LB
>
> -------- Original Message --------
> Subject: Re[2]: [dxlab] Re: QRZ.com may be propagating a virus
> Date: Tue, 27 Dec 2011 17:04:32 +0000
> From: Vlad_UA6JD <ua6jw at gmx.com>
> Reply-To: dxlab at yahoogroups.com
> To: dxlab at yahoogroups.com
>
> I just completed a security sweep of QRZ after having received several 
> reports of embedded viruses
> on our site.    The sweep consisted of downloading all of our advertiser
> graphics and code and
> running it through the latest Norton Internet Security, updated only
> minutes prior.   The scan
> of the advertising images was completely clean.
>
> Our site also disables all user Javascript on the callsign pages.
> Actionscript (Flash), however,
> is enabled.
>
> Next, I used the Google Safe Browsing diagnostic available at:
>
> http://www.google.com/safebrowsing/diagnostic?site=http://www.qrz.com
>
> and
>
> http://www.google.com/safebrowsing/diagnostic?site=http://forums.qrz.c
> om
>
> Both queries returned clean results with no prior history.
>
> All this begs the question, i.e. "what is going on?".
>
> At this moment we can only speculate.   As the situation develops, we
> would appreciate
> more information about what exactly you were doing on QRZ whenever you 
> notice unusual behavior.
>
> For example:
>     - Which page on QRZ were you looking at?
>     - Were you looking at the Forums or a callsign data page?
>     - Were there any unusual ads, graphics, or images on the page?
>     - Does the web browser address begin EXACTLY with 
> http://www.qrz.com/ ?
>     - Did you use a bookmark, or were you directed to QRZ from a link 
> on another website?
>     - Which anti-virus software do you use?   Is it up to date?
>
> We can solve this problem, but only with more input from those
> affected.   One cannot be
> over-descriptive when reporting a problem such as this.     Just telling
> us that you got a virus
> may be noteworthy but is not helpful if it lacks detailed description.
>
> We are eager to learn the source of this issue, and will take whatever 
> steps are necessary should it be determined that the problem 
> originates from our site.
>
>
> --
> Fred Lloyd, AA7BQ
> Publisher, QRZ.COM
> flloyd at qrz.com
>
> **********************************************************************
> ******
> Four Lakes ARC Mailing List
> To Post: Send message to qst at flarc-hams.org To Unsubscribe: Send 
> message to majordomo at flarc-hams.org with "unsubscribe qst" (without 
> the quotes) in the body.
>

More information about the InHam mailing list