Alpha India Group

General Discussions => General Discussion => Topic started by: Per Ardua Ad Ars on January 16, 2020, 02:09:40 PM

Title: Apparent problem with Avsim - malicious code.
Post by: Per Ardua Ad Ars on January 16, 2020, 02:09:40 PM
Today I tried a few DLs from Avsim, and their main library page is being replaced by a bogus virus alert, as are their download pages.

Shortly after the first one popped up I also received a bogus phone call regarding internet being shut down due to router malfunction, which is obviously BS, so there's the possibility that some code on the page is able to sniff the phone numbers on any line you are using to get online. The phone call might have been a robo-dial coincidence (we're unlisted), but if so it's a pretty big coincidence.

It's repeatable for me, just trying a download does it every time unless I shut the Avsim tabs immediately after a d/l.

Since Avsim was unavailable the other day, for a spell, I'm guessing that the servers were one way or another getting some malicious code installed! Just a heads up. The pages that pop up (in any new Avsim tabs) are evident BS, although older or unsuspecting/vulnerable people might be fooled.

So, Avsim might create some fake virus alerts, just be aware. The d/ls still work, but it's a nuisance shutting down the scam pages and as I hinted earlier, they may be doing more than just trying to get you to overreact to a fake virus alert. For now, don't trust Avsim.
Title: Re: Apparent problem with Avsim - malicious code.
Post by: jabloomf1230 on January 16, 2020, 04:31:51 PM
It looks like the server has been hacked.  We should report this to AVSim.
Title: Re: Apparent problem with Avsim - malicious code.
Post by: Kaiii3 on January 16, 2020, 04:36:51 PM
working on my end just fine ::confused::
Title: Re: Apparent problem with Avsim - malicious code.
Post by: Holger on January 16, 2020, 04:53:50 PM
I just tried and have no problems... ???
Title: Re: Apparent problem with Avsim - malicious code.
Post by: BruceN on January 16, 2020, 05:07:44 PM
Yes, no problems for me.

Is it possible with only one person reporting the problem that it's the local computer that is infected and not AVSIM?
Title: Re: Apparent problem with Avsim - malicious code.
Post by: Kaiii3 on January 16, 2020, 05:12:58 PM
could be some problems with the local ISP as well
Title: Re: Apparent problem with Avsim - malicious code.
Post by: sharklet_a319 on January 16, 2020, 05:18:13 PM
I had troubles yesterday, but now everything is fine again.
Title: Re: Apparent problem with Avsim - malicious code.
Post by: jabloomf1230 on January 16, 2020, 06:24:34 PM
https://www.avsim.com/forums/topic/569440-avsim-library-problems/?do=findComment&comment=4170496

Jim Young of AVSim advises not to download anything from the AVSim library until they can figure out what is wrong. This includes the AIG FM. Since it is unknown what the problem might be, it would be advisable to run a full malware scan if you downloaded any files from that site recently.
Title: Re: Apparent problem with Avsim - malicious code.
Post by: jabloomf1230 on January 16, 2020, 06:30:25 PM
The malicious site that is capturing the AVSim library URL is www.ampugi334f.com, which should be blocked by most anti-malware utilities, as long as the database is up to date.
Title: Re: Apparent problem with Avsim - malicious code.
Post by: jabloomf1230 on January 16, 2020, 06:57:40 PM
Here's an update. The library itself was not hacked, but rather one of the external servers that feeds advertising to the library. The actual malware doesn't appear to be more than just malvertising; something that will send even more annoying adds via your browser.
Title: Re: Apparent problem with Avsim - malicious code.
Post by: Per Ardua Ad Ars on January 16, 2020, 09:45:29 PM
Yes, no problems for me.

Is it possible with only one person reporting the problem that it's the local computer that is infected and not AVSIM?

System is clean at this end. My last malware detector update was yesterday, so it might have slipped through the update cycles. With Avsim being subject to some strange errors yesterday it seems reasonable to suspect a link. Normally I block ads, and whitelisted Avsim in order to earn them some revenue which, with hindsight..
Title: Re: Apparent problem with Avsim - malicious code.
Post by: jabloomf1230 on January 16, 2020, 09:55:55 PM
All fixed:

https://www.avsim.com/forums/topic/569440-avsim-library-problems/?do=findComment&comment=4170541
Title: Re: Apparent problem with Avsim - malicious code.
Post by: russian on January 17, 2020, 01:32:33 AM
I use ADblock for Chrome, no ads are loading in my web pages.