BbSupport Forums :: Bug Reports :: Malicious code in a popup window.

Board URL: http://emerald.bbboy.net/nickdisk

Not sure if this is the correct forum for this but anyhow had this info passed on to me by another user. Thought I'd let you all look at at and see what you think. Sure doesnt seem like something that should be happening. Here it is:

For the last couple of weeks or so I have been receiving a popup window with apparently no contents nor window title when I enter some of Nickdisk's forums, in particular the Rocket Power one. This popup appears randomly, which means that not everytime I go to the forum I receive it.

This kind of popup window seems to work on machines running Windows XP / Internet Explorer 6. I have seen it in three different machines, all of which have that configuration.

When that popup appears, it stays in top of the screen, but it doesn't get a new icon in the program bar, so, in order to minimize or close it, you have to click on the X icon on the top right corner of the popup.

THIS WINDOW STARTS A MALICIOUS CODE

If you click on this popup window, it will open a new browser window and link to a site called "NTSEARCH". Although this site seems quite innocent, it sends lots of cookies with malicious scripts to your computer, and if your equipment is not protected, those codes will start doing anything from harvesting data (the so-called "spyware" to instal plug-ins in your computer, modifiying your Internet Explorer program by adding a search bar (with spyware and pornography included) and setting your default home page to NTSEARCH.

To moderators: although I understand that this kind of popup windows are out of your control, most likely due to the fact that the site is hosted on a free account and thus can have commercial propaganda windows, it might be a good idea to report this window to the host administrator, since it could be a misuse of his infrastructure by the people at NTSearch.

To Windows XP users: So far, it seems this operating system is the only one with the vulnerability needed for this spyware to work. You can protect your computer by following these steps:

1) Upgrade your Windows OS to Service Pack 2. That SP includes many fixes to security breaches in Windows XP. If you use Internet extensively, this is definitely recommended.

2) Install a pop-up blocker plugin on your browser. Google and Yahoo! offer for download a search bar that plugs into Internet Explorer which, among other features, includes a very useful popup blocking tool.

3) Increase the security settings of your browser. Go to Tools - Internet options - Security and turn security level to high. This might cause some special features to stop working, but then again, you will be protected from malicious code.

4) Install a personal firewall. Windows XP has a built-in personal firewall that should be turned on, but it would be great to get an extra firewall.

5) Keep your antivirus updated. No need to explain why, uh?

6) Finally (if you are as paranoid as I am right now), download a spyware control program like Lavasoft's AdAware, and delete all the Internet temporary files (in Internet Explorer, Tools, Internet options. In the "general" tab, there's a section called "internet files" with a button labeled "delete all temporary files"). After deleting the temp files, run AdAware and make sure to quarantine all the spiders it finds.

Hope this works for you all. Like I said, this has happened to me only with machines running Windows XP, but if anyone has had a similar experience with other operating systems, please post. I think this is something we should definitely be aware of.