Jump to content

Ad Security Intrusion?


catfish542

Recommended Posts

uTorrent 3.4.2 (build 32239) [32-bit], Windows 7

 

I was seeding a coupe of torrents over night and when I brought up uTorrent to see how the seeding had gone, I got a fresh ad in the window. AND I then immediately got a Security warning from Norton Internet Security that it had BLOCKED an intrusion! Here is the data from Norton;

 

======================

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
9/21/2014 6:31:31 AM,High,An intrusion attempt by 217.23.14.7 was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 32,No Action Required,No Action Required,"217.23.14.7, 80",cncho.omaakjestart.augustow.pl/images/upload/1402063806_1x1.gif,"COONASS (X.X.X.X, 61587)",217.23.14.7,"TCP, www-http"
Network traffic from <b>cncho.omaakjestart.augustow.pl/images/upload/1402063806_1x1.gif</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME3\USERS\CATFISH\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE.  

======================

 

Coonass is my computer name, and I Xed out my ip address.

 

Has anyone else seen this? Is this from your ad server?

 

Sorry to put this in the bug forum, but I could not find a support email address to send this to.

 

Catfish ...

 

Link to comment
Share on other sites

Just happened again today!

 

=======================================

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
9/23/2014 12:45:42 PM,High,An intrusion attempt by camis.urightwaysolution.augustow.pl was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 32,No Action Required,No Action Required,"camis.urightwaysolution.augustow.pl (217.23.14.7, 80)",camis.urightwaysolution.augustow.pl/images/upload/1402063806_1x1.gif,"COONASS (X.X.X.X, 57041)",217.23.14.7 (217.23.14.7),"TCP, www-http"
Network traffic from <b>camis.urightwaysolution.augustow.pl/images/upload/1402063806_1x1.gif</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME3\USERS\CATFISH\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE. 
=======================================
 
:-(
 
 
Catfish ...
Link to comment
Share on other sites

We've notified the appropriate team of both incidents. Thanks for posting these, as it is extremely helpful in verifying whether particular ads are indeed malicious. If they are deemed to be, we'll remove them. The effect on the user-side should be that you do not see them again.

Link to comment
Share on other sites

  • 2 weeks later...

This is roughly translated from my friends comp it uses norton but he is french i google translated the message since i can not copy paste it i just typed as i seen it ok here it is...

Network traffic from the signatured of girls.rapasilsskoczow.pl/imagase/uploads/1402063806_1x1gif possesses a known attack The attack comes from / DEVICE / HARDISCKVOLUME4 / USERS / ZYLGYN / APDATTA / ROAMING uTorrent / UTORENT.EXE To stop between ADVISED such traffic in pannue Shares click Do not prevent me

The french is available if needed but it is the same number of catfishes attacks on his system only a different volume number mines vol 4 Inave used this client for many years never having as many attacks as i been haveing on y friends,but I also get them at home on a laptop

Link to comment
Share on other sites

utorrent 3.4.2, not sure of build but recent, Windows XP 32bit, Norton 360

 

For what its worth, I also started getting web intrusion warnings from Norton 360 after updating to the recent build of 3.4.2.  In my case the warning is about "Exploit toolkit website 33" and shows a URL with a .pl (Poland) domain as the attacking site.

 

I uninstalled utorrent, installed BitTorrent and encountered the same warning.  Found out that BT is a relabeled version of uT so no surprise there now. So uninstalled BT and tried Vuze.  Yay, no more attack warnings but I want to get back to uTorrent and my setup there.

 

uT worked great until one of the latest builds.  Please fix. 

 

Thanks!

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...