This site will work and look better in a browser that supports web standards, but it is accessible to any browser or Internet device.

Whedonesque - a community weblog about Joss Whedon
"Do you want to be punished?"
11943 members | you are not logged in | 18 April 2014












November 13 2008

Whedonopolis write up of Dr. Horrible Halloween Screening. One Whedonopolis member writes up an account of the event, with some funky pictures.

There are a bunch of pictures in the gallery. (Found a good one of my daughter & her friend, yay!)
There are a bunch of pictures in the gallery.

Actually, that's "picturs".
They are seemingly endless, these "picturs". Help me, mine eyes are numb...
Wait... did I actually write "picturs"? Gorram it. Someone stole the E again. Frelling E thief.
E-thievery should be punishable by death.
I have no idea if you wrote "picturs". I just know they did.
Yes, the dreaded E Thief was Dr. Horrible's main rival for that open ELoE spot, but I think you can see why he didn't make it: nobody wants to join the "Vil Lagu of Vil".
I went to that page and immediately picked up a Trojan horse which crashed my system and appears to still be mucking up the works... (Avast flagged it, but apparently failed to contain it on the first try.) I'm currently trying to get rid of it when the whole reason I was up now is that I have an overdue assignment I'm supposed to be working on. Beware!
The first time I loaded that page, a file called "doc.pdf" downloaded to my desktop. But then I could not replicate the event, and so I assumed I was mistaken about the cause.

So that's two of us that had something automatically and mysteriously downloaded from this page.

[ edited by theonetruebix on 2008-11-13 09:17 ]
Oh! I noticed that and was looking for a pop-up ad but there wasn't any so I thought it was just a hiccup on the site. :(
Have squished it, I think. You might check your Windows system folder for brastk.exe... in my case, it was responsible for a window popping up claiming that I was infected with spyware, which would then download what appeared to be a bogus antivirus program. (Fortunately, these people never hire copyeditors and invariably commit errors in spelling and grammar...) Killed the process, deleted that file, plus a couple of others that I forget the names of.
"So that's two of us that had something automatically and mysteriously downloaded from this page."

Make that at least three, my Norton gave me a worm message and threw me off the site.
Bugger I just had it all lock up on me. Spybot just flagged up that brastk.exe. Better do a sweep.

grrrhh
Your experiences with this malicious site remind me of why I usually read the Whedonesque comments (i.e., here) before visiting the actual site referenced in the headline!
The site appears to have a PDF trojan on it, using the recent Adobe PDF Reader Javascript buffer overflow. It looks like somebody has hacked the site, or web host.
Well I've removed the link for the time being until someone can give a guarantee that it's now safe.
The file being dropped is this (link is safe, it's an analysis). It won't hurt Macs, but Windows uses will want to update their antivirus software (or get some if you don't have it) if you visit Whedonopolis.

Edit: Here's the other file.

[ edited by gossi on 2008-11-13 14:42 ]
I have emailed Brian to about this. If anyone ever has any problem with the working of the site please let me know.

Can someone email me exactly where this is happening [main page, event page, gallery, wherever] so I can tell Brian.
marsia@whedonopolis.com
I also want everyone to know we don't use any pop-ups nor PDFs on our site. Nothing should ever be asked to be opened or downloaded.

Please folks let me know where on the site this is happening as I can't get it to do it on my computer.
Hey guys, I'm the web admin for Whedonopolis. I'm not finding any PDF in question. Could y'all give me as much information as possible?
I think everything's been given. The name of the file, the two links gossi provided. It appears to be some sort of drive-by download.
K, I've looked through our code and can't find anything malicious, so I'm unsure why anyone is having this issue. I've run the file in three browsers and have had no issues. I also can't find any reference to doc.pdf in the code. This is weird. I'll be contacting our host to resolve this issue.
The problem has been found and rectified. Thank you.
So it's ok now to put the link back?
Yes, it's been fixed.
Whedonopolis has made me say awesome more than once. That's awesomer.
Whew, thanks for fixing the problem before I clicked on the link.

Loved the write-up!

You need to log in to be able to post comments.
About membership.



joss speaks back home back home back home back home back home