[enoeske]

u/rollingrawhide on reddit just posted this which I find disturbing if true? Any verification regarding his/her claim?

Trojan virus warning for pentaxforums.com : photography

I visited the said forums a few weeks ago and I've been an infrequent visitor for a number of years.

Tonight I visited and instantly got a warning from multiple Anti-virus/Anti-Malware products which I have installed.

It seems that the site owner has installed the crypto-loot virtual currency mining trojan virus. It's a bit of Javascript thats available to site owners if they want it, then they get a share of any virtual currency mined by their visitors.

It basically means they use the CPU power of visitors to mine virtual currency. In this case the virtual currency is Monero.

I didnt know who to tell about it, but I figured reddit would get the word out.

This is a very new virus apparently, similar to coinhive which has been around longer. Nevertheless, I dont want someone else profiting from my hard earned computer hardware and perhaps you dont either!

Just a heads up if you're a visitor there.

[Adam]

Hmm, I'm not aware of anything like this, but we do work with some third party networks so I will check all our scripts just in case. I know that a lot of toolbars these days have these kinds of malware, so that's something worth checking as well.

[Digitalis]

Extraordinary claims require extraordinary proof, in the R/ post there is no evidence of this malware just an allegation that pentaxforums is involved.Usually with threats of this nature multiple sites are affected - not just one which is suspicious to me. But then again it is 8:30AM here and I haven't had my second coffee yet...

This kind of malware would be pretty useless against anyone with a javascript blocker worth its salt....or JS turned off in their browser. And in any case If such Malware were present here i'm sure the administrators would do the right thing and remove it.

[aslyfox]

Extraordinary claims require extraordinary proof, in the R/ post there is no evidence of this malware just an allegation that pentaxforums is involved.Usually with threats of this nature multiple sites are affected - not just one which is suspicious to me. But then again it is 8:30AM here and I haven't had my second coffee yet...

This kind of malware would be pretty useless against anyone with a javascript blocker worth its salt....or JS turned off in their browser. And in any case If such Malware were present here i'm sure the administrators would do the right thing and remove it.

I agree, in Adam and other administrators we trust

[MarkJerling]

I've posted on Reddit that Adam is not aware of anything but that he is looking into it.

[foxandcrow]

I have malwarebytes installed on my computer and it has blocked something called crypto-loot.com. , I don't remember where I was on the forum. This happened over the last week or so. It has not happened over the last few days.

[Adam]

I have done a pretty thorough check of our third-party content and have removed a bunch of old banners that I didn't recognize, but apart from that nothing stood out. You guys should be safe. Will ask our server team to see if there has been any suspicious activity on the server, and keep an eye out for any reports over the coming days in case there's something else I may have missed.

Adam
PentaxForums.com Webmaster (Site Usage Guide | Site Help | My Photography)



PentaxForums.com server and development costs are user-supported. You can help cover these costs by donating or purchasing one of our Pentax eBooks. Or, buy your photo gear from our affiliates, Adorama, B&H Photo, KEH, or Topaz Labs, and get FREE Marketplace access - click here to see how! Trusted Pentax retailers:

[interested_observer]

I have malwarebytes installed on my computer and it has blocked something called crypto-loot.com. , I don't remember where I was on the forum. This happened over the last week or so. It has not happened over the last few days.

That's exactly what the post over at reddit was complaining about. That said, there are several places in the stack or food chain that this can originate from.

[foxandcrow]

I'm no techy but just Google crypto-loot.com and you can see lots of info on it.

[SSGGeezer]

The person reporting this is probably infected locally. Running multiple AV and anti-malware running concurrently is a recipe for false positives also. You are killing your performance if you are running multiples. If you can't show the link and the actual signature from seeing the malware in the wild, you shouldn't spread FUD.

[Adam]

The person reporting this is probably infected locally. Running multiple AV and anti-malware running concurrently is a recipe for false positives also. You are killing your performance if you are running multiples. If you can't show the link and the actual signature from seeing the malware in the wild, you shouldn't spread FUD.

I get a free mcafee subscription through my ISP, and it covers all the PCs in a household. But after many months of blindly installing this on all my computers, I realized how big of a CPU and memory hog it is. Who knows how much data it sends back, too. I even had to remove it for a neighbor whose computer simply couldn't be used as a result of all of the disk usage- it would crash a few minutes after logging in. Mcafee also blocks things such as spybot (anti-malware I've been using for a while) because the developers of mcafee see them as competitors. So, in a sense, anti-viruses can be viruses themselves. Be careful what you install on your computer! Your due diligence can outperform an automated tool any day.