catfish542 Posted September 22, 2014 Report Share Posted September 22, 2014 uTorrent 3.4.2 (build 32239) [32-bit], Windows 7 I was seeding a coupe of torrents over night and when I brought up uTorrent to see how the seeding had gone, I got a fresh ad in the window. AND I then immediately got a Security warning from Norton Internet Security that it had BLOCKED an intrusion! Here is the data from Norton; ======================Category: Intrusion PreventionDate & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description9/21/2014 6:31:31 AM,High,An intrusion attempt by 217.23.14.7 was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 32,No Action Required,No Action Required,"217.23.14.7, 80",cncho.omaakjestart.augustow.pl/images/upload/1402063806_1x1.gif,"COONASS (X.X.X.X, 61587)",217.23.14.7,"TCP, www-http"Network traffic from <b>cncho.omaakjestart.augustow.pl/images/upload/1402063806_1x1.gif</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\USERS\CATFISH\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE. ====================== Coonass is my computer name, and I Xed out my ip address. Has anyone else seen this? Is this from your ad server? Sorry to put this in the bug forum, but I could not find a support email address to send this to. Catfish ... Link to comment Share on other sites More sharing options...
DreadWingKnight Posted September 22, 2014 Report Share Posted September 22, 2014 I'm getting someone to look into it. Link to comment Share on other sites More sharing options...
catfish542 Posted September 23, 2014 Author Report Share Posted September 23, 2014 Just happened again today! =======================================Category: Intrusion PreventionDate & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description9/23/2014 12:45:42 PM,High,An intrusion attempt by camis.urightwaysolution.augustow.pl was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 32,No Action Required,No Action Required,"camis.urightwaysolution.augustow.pl (217.23.14.7, 80)",camis.urightwaysolution.augustow.pl/images/upload/1402063806_1x1.gif,"COONASS (X.X.X.X, 57041)",217.23.14.7 (217.23.14.7),"TCP, www-http"Network traffic from <b>camis.urightwaysolution.augustow.pl/images/upload/1402063806_1x1.gif</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\USERS\CATFISH\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE. ======================================= :-( Catfish ... Link to comment Share on other sites More sharing options...
N4TE_B Posted September 23, 2014 Report Share Posted September 23, 2014 We've notified the appropriate team of both incidents. Thanks for posting these, as it is extremely helpful in verifying whether particular ads are indeed malicious. If they are deemed to be, we'll remove them. The effect on the user-side should be that you do not see them again. Link to comment Share on other sites More sharing options...
privyprober Posted October 6, 2014 Report Share Posted October 6, 2014 This is roughly translated from my friends comp it uses norton but he is french i google translated the message since i can not copy paste it i just typed as i seen it ok here it is...Network traffic from the signatured of girls.rapasilsskoczow.pl/imagase/uploads/1402063806_1x1gif possesses a known attack The attack comes from / DEVICE / HARDISCKVOLUME4 / USERS / ZYLGYN / APDATTA / ROAMING uTorrent / UTORENT.EXE To stop between ADVISED such traffic in pannue Shares click Do not prevent meThe french is available if needed but it is the same number of catfishes attacks on his system only a different volume number mines vol 4 Inave used this client for many years never having as many attacks as i been haveing on y friends,but I also get them at home on a laptop Link to comment Share on other sites More sharing options...
socalman Posted October 10, 2014 Report Share Posted October 10, 2014 utorrent 3.4.2, not sure of build but recent, Windows XP 32bit, Norton 360 For what its worth, I also started getting web intrusion warnings from Norton 360 after updating to the recent build of 3.4.2. In my case the warning is about "Exploit toolkit website 33" and shows a URL with a .pl (Poland) domain as the attacking site. I uninstalled utorrent, installed BitTorrent and encountered the same warning. Found out that BT is a relabeled version of uT so no surprise there now. So uninstalled BT and tried Vuze. Yay, no more attack warnings but I want to get back to uTorrent and my setup there. uT worked great until one of the latest builds. Please fix. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.