Skip to main content
B
bswanwick
Participant
August 28, 2012
Question

Attempted Trojan was downloaded from forums.adobe.com

  • August 28, 2012
  • 4 replies
  • 4600 views

While viewing a thread in the Adobe forums my Avast! Antivirus blocked a script running in Firefox. It attempted to download a trojan to my PC.

The source of the script was: http://forums.adobe.com/4.5.6/resources/scripts/gen/220b1b06a29F901e1d24252ac800883e.js.

The infection was: JS:Blacole-AV [Trj]

EDIT: It is happening more frequently now from various links. Like: http://forums.adobe.com/community/coldfusion

Message was edited by: bswanwick

This topic has been closed for replies.

4 replies

A
Anonymous
September 1, 2012

Security Alert for CVE-2012-4681 released August 30, 2012 by Oracle to address 3 distinct but related vulnerabilities (CVE-2012-4681, CVE-2012-1682 and CVE-2012-3136) and one security issue (CVE-2012-0547) affecting Java running in desktop browsers.

These - high severity - vulnerabilities can be exploited to install malware, including Trojans, onto the targeted system. This malware may in some instances be detected by current antivirus signatures upon its installation.

https://blogs.oracle.com/security/entry/security_alert_for_cve_20121

Noel Carboni
Noel Carboni
Legend
September 1, 2012

Thanks for the info, Rick, but...  What's the relationship you're seeing between these announcements and this thread?  I thought we'd written this off as a false positive.

-Noel

A
Anonymous
September 3, 2012

I was just following @mytaxsite's post #9 above concerning there might've been something more than just a 'simple false positive' as concluded by Jive support.

If it was so then why is it that the referenced page isn't available since then?

While I think there might've been a redirecting attempt, it was probably 'to' and not 'from' that Adobe page, originated by a malicious javascript on bswanwick's FF browser?

Anyway, without further information (if reported to Avast!) from @bswanwick there's nothing else to add but that I'm glad he is (and the forums) Ok.

______________________________________________________

PD.- Security researchers' reports on the BlackHole Kit to exploit Java (and others) flaws - Did you read the latest?

http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/

adobe-admin
adobe-admin
Legend
August 28, 2012

From Jive support:

We have concluded that this was an issue with the virus definitions of Avast (#120828-1). If you update to the newest virus definitions (currently #120828-2), you should not receive the warning anymore as it has fixed the problem. This was a simple false positive, so there is no need to worry about infected computers due to this.

the_wine_snob
the_wine_snob
Inspiring
August 29, 2012

John,

We have concluded that this was an issue with the virus definitions of Avast (#120828-1). If you update to the newest virus definitions (currently #120828-2), you should not receive the warning anymore as it has fixed the problem.

Good to know, and thank you for reporting.

Appreciated,

Hunt

adobe-admin
adobe-admin
Legend
August 28, 2012

Almost positive this is a false-positive from Avast. Jive support is bringing in their engineering and hosting people for more investigation.

adobe-admin
adobe-admin
Legend
August 28, 2012

Not able to duplicate this with the latest update from Avast. Can you provide me with the current virus definition you have and the current program version?

Thanks!

TerriStone
Adobe Employee
TerriStone
Adobe Employee
August 28, 2012

Thank you for the information. We are invesitigating it now.

adobe-admin
adobe-admin
Legend
August 28, 2012

Is anyone else seeing this? We have a case opened with Jive to investigate it.

the_wine_snob
the_wine_snob
Inspiring
August 28, 2012

Have not encountered such, over about 1/2 dozen Adobe Forums - so far.

Hunt

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices