Notice: Virus Detected On Blender Associated Websites

Hello, everyone. This is an important notice, but I am not sure where to post it.

A virus attempted to install on my computer as a result of visiting these sites:

e2-productions(dot)com/repository

AND/OR

blendermodels(dot)org

I’m not sure which site is the culprit exactly (or if both are), my antivirus alert came up on the second site listed, but I can’t remember if something came up on the first site. Both were visted only a few minutes apart.

I don’t know much about viruses or what one does to remove them from websites, but if someone here knows who to contact or what step to take next, please go ahead.

This happened around 11:00 A.M. today, and good ol’ Webroot Spy Sweeper with Antivirus and Firewall finished scanning and removing it about 10 min. ago.

Thanks,
-Copperplate

I’d like to know what your AV really said, as I bet it just judged over the file by its file name, whilst comparing it to the file names in the database.

edit: oh, yeah, btw what file was it(filename.blend?)?

Hi, I didn’t download any files at all. I simply entered the sites, did a search a few times, browsed the categories, and then was notified some malicious software was attempting to install. I don’t remember the exact order of the notifications, but the items involved included:

Adware: trojan-downloader-xpreload

Adware: virtumonde

3 different behavioral threats

and 2 viruses.

I’ll send a note to Dion Moult. e2-productions belongs to him, maybe his site got infected somehow.

It could be that if either of those sites display third party advertisements that the ads are actually the culprit. Ads are sometimes used as methods of spreading viruses when new exploits are discovered. Also, what AV are you using?

I thought you guys might have gotten hacked today because I saw this one username posting 3 ascii character laden topics titles on the first 3 forum threads. Off -Topic, News and D, and Python and Plugins - about 30 minutes ago.

forgot the naem it was ren- or rem- something or another

renblender? remblender? soemthing like that

blendenzo, you may be right.
AVG page scan shows the site as safe.
So it may be some secondary trick.
I am pretty sure last time I visited e2 resulted in Bad Virus Infection.
So bad I had to reboot my comp from scratch.

Thanks for the warning.

I’ve had no problems with either of those sites, I do have NoScript though? I seconded
blendenzo suggestion thats its probably ad based.

Hello,

Yes this is due to third party advertisments hosted by Clicksor. I complained to them last time and they said they fixed it. Apparently not. I will complain to them again, and then manually run some tests myself. If it is not fixed, I will remove the advertisements.

Thanks for the notice.

Edit: Oh, by the way the virus is targeted at only people in the UK (or US), therefore people outside those countries will not get affected. I am seriously considering removing the ads altogether, though then I need some other form of advertising to get bills paid.