New Life Games Tech Forums

WARNING!!! I just discovered a possible Trojan Horse application when visiting www.bettorslots.com.  I get a security window pop up asking if I am sure I want to run the application from this web site.  :81-
I do not press any of the buttons. I clicked the corner "x" to close the window.  I am also running "No-Script" so I may have been protected by that as well.

I have already E-mailed Jim about this. 

Please proceed with caution if you choose to visit the web site before Jim gives the all clear.

Thanks!

Joe
 

Thanks for the heads up...just sent off a message to service provider so they can kill it. 

Thanks for the update Jim.  :88-

Hi Joe,

My service provider did a complete sweep on all my pages and confirmed there are no viruses of any kind.   :3-

What we determined was that the "pop-up" window is asking you if you want to run a Java script on the page.  In the case of most pages there is either flashing or scrolling text which relies on Java to run.  What we also found was that when running with Explorer, it did not show this pop-up, only with Chrome.  We did not check Firefox.  I'm wondering if a recent Chrome update built in this as a user definable security option and maybe it can be turned off by the user...not sure yet.  What we did find however that if you click the box that says "do not show this again" and then click "run" that the page will run the Java graphic as it should and will never again show the pop-up question for that particular page.

I can see where this could look like a virus so I am going to see if I can contact Chrome to see if this is a temporary anomaly or a permanent pain in the butt "upgrade".  In some cases there may 2 or more Java scripts on the page and you have to give permission to run each and everyone of them through a separate pop-up box.  So I'm thinking what a pain in the ass...If so I will likely turn off all the scripts.

Anyway...thanks for pointing that out, I would hate to be the cause of spreading the Flu around  :96- .

Jim

You would think that the security warning screen would specify Java Script as the Application like I have seen in the past.  I allow Java-Script from the First Party Site (www.bettorslots.com (http://www.bettorslots.com)) but block Java from External sites (realtracker.com and PRNX.net). Anyway,  I would never allow an application to run that does not identify itself.

We have a computer here at work that was just infected with a Java-Script Site Redirect Root Kit Trojan.  I am having one hell of a time trying to detect and clean this sucker.
Everything I throw at it does not detect it, even in safe mode.  Microsoft Security Essentials runs ONLY in safe mode, but will not Detect it.  MS Security Essentials will not launch in a normal (non-safe mode window).
I have tried running an app called TDSSKiller.exe that is suppose to detect and kill the services that are blocking the AV programs from running, but that did not detect it. :103-
I also tried running Maleware bytes under safe mode and that doesn't detect the virus.

My next move will be to try a boot disk and pre-scan the boot sector before the O.S. launches.

What a PITA!  :279-

Jim-

FYI, in an old version of Internet Explorer (I know, I know) I get the following pop-up when I visit your site:

(http://i45.tinypic.com/nxnw9k.png)

That's indicating that your site is running Java, which is a different beast than JavaScript.  Java has been the subject of many recent bug reports and major security issues.  A quick Google search of "java security bug" yields a lot of articles like this one (http://www.informationweek.com/security/vulnerabilities/java-security-warnings-cut-through-the-c/240146598) taking about the dangers of running Java.  Typical home users of the Internet shouldn't need Java to view sites, and your site should be able to display all of its videos/flashy graphics/etc. without relying on Java.  Perhaps your web folks can help you get migrated away from whatever is calling for Java in your site while still allowing your content to appear the same as it is now.

I am still getting the pop up security warning from my home Windows 7 Pro PC.  Never got that before when looking at the bettor slots site.  :81-
I'm not sure why I am not getting the same window from my work XP Pro PC?  :103-
Both Home and Work PC running the same version of Firefox with No-Script running, just different O.S.  :103-

Bettor Slots do not require JAVA (or Java Script) to display correctly, That is why I still think there may be some malicious code embedded.

Jim, If you believe that the Java Script for the tracking software may be causing this, it is a simple task for the site administrator to disable it, then we can know for sure if the Java script is the source of the Security Alert box.   

It is not wise for anyone to accept a permission for an application to run that does not identify what it is as well as it's purpose.  That is a favorite vector that Malware uses to infect computers.

OK! Found some more information from Mozilla.  As Kevin correctly pointed out, the Security message window is caused by JAVA, NOT Java Script.  The Security Window message was responded to with this response from Mozilla...
"Yes that is a message coming from Java, not Firefox, and it was introduced in java's most recent update to try to improve security. Any time Java is used, it will ask you that message, to reduce the risk that a malicious java exploit is accidentally run without your knowledge."

This also explains why I am not getting that Security Warning box from my work computer, since I Uninstalled JAVA from that computer months ago!   :89-

I think I will also uninstall JAVA from my Home Computer now.

This leaves me to believe that the Bettor Web site IS infected with malware!  :81-

Karma to Kevin for catching the fact that this was a JAVA based Security issue and not a Java Script Issue!  :3- :259-

I just UN-INSTALLED JAVA from my home PC ... BINGO!  No more security window!!!  :3-   www.bettorslots.com works fine!

Well, just because there's something on the site trying to launch Java doesn't automatically equal that there's malware there.  There are legitimate uses of Java, too.  That said, if the site didn't previously require the use of Java, and if Jim from Bettor Slots hasn't added any kind of Java module into his site recently, that would at least raise a little bit of a flag as to exactly what's going on.

In general, most home users don't need Java for anything on their computer and can safely uninstall it (which will also help to prevent malicious websites from exploiting your computer).  The only reason I still have it is for one specific application for my work which relies on Java being installed, otherwise I'd ditch it, too.

Ok  I was able to duplicate the warning with IE. the same one Jim showed a picture of.  The problem isn't with Jims site, but the new version of Java.  Java Version 7.  This warning will popup on sites running older versions of Java.  If you go to Java Control Panel and change the Security level from High to Medium you won't get the popup anymore.  Hope this helps.
Mike

I understand what you are saying, and perhaps that is all that is going on here.  IF WE KNOW FOR CERTAIN that the problem is that Jim's site is running an older version of JAVA (which I can't figure out what on his site would require it) then I would agree that lowering the security Warning level of JAVA (if you need it installed) could be a temporary solution to the problem; Until the Site Administrator properly Updates the JAVA version that is currently running. 

Please correct me if I am wrong, but lowering the security level will not just Eliminate the Warning window, but will also allow the JAVA applet to RUN without prompting for your input.

I would not be comfortable with that solution, and would not advise it without knowing for sure that the cause of the Security warning is due to an older version of JAVA and NOT a malware infection.

The best solution for most of us would be to simply un-installl JAVA.

On the top of the page where you see The Bettor Slots Company. Under The Bettor Slots Company is a white bar inside that bar its flashing   Where every BETTOR knows where to shop for a BETTER slot machine !!!    Thats whats using Java. 
Also in the Java Control Panel under the security tab High reads   "High restrictions for web base Java content that attempts to run on and old version"  and Medium reads  "Basic restrictions for web base Java content that attempts to run on and old version"
Mike

I just went to Jim's site....no problems and no pop-ups...I'm using Windows Vista on a Dell laptop.
I'll try my XP-based work computer in the morning.

Appreciate you all looking into this...K+ to all.   :3-

I'm going to try one more time today with my service provider to see if there is anything they can do on their end....but from what I am reading here the average user is not going to know to change a setting as a result of Java's 7.0 update.  And if I were surfing a site that had these annoying security pop-ups I would pretty much leave after the first page....not what I had in mind.   :60-  So I guess if they can't fix it I'm going to go through the painstaking process of eliminating all the animated text.

Thx again guys...

I am not a coder, so forgive me if this sounds ignorant,  but couldn't you just use HTML or Java-Script to animate your text?