What I almost got at Graphiall.org

Hi all,

Just a warning, My virus scanner got this when I opened Graphicall.org today.

Forestdino

Attachments

function twitterCallback2(twitters) {
  var statusHTML = [];
  for (var i=0; i<twitters.length; i++){
    var username = twitters[i].user.screen_name;
    var status = twitters[i].text.replace(/((https?|s?ftp|ssh)\:\/\/[^"\s\<\>]*[^.,;'">\:\s\<\>\)\]\!])/g, function(url) {
      return '<a href="'+url+'">'+url+'</a>';
    }).replace(/\B@([_a-z0-9]+)/ig, function(reply) {
      return  reply.charAt(0)+'<a href="http://twitter.com/'+reply.substring(1)+'">'+reply.substring(1)+'</a>';
    });
    statusHTML.push('<div id="twitter_div_item"><span>'+status+'</span><a id="twitter_div_time" href="http://twitter.com/'+username+'/statuses/'+twitters[i].id+'">'+relative_time(twitters[i].created_at)+'</a></div>');
  }
  document.getElementById('twitter_update_list').innerHTML = statusHTML.join('');
}

function relative_time(time_value) {
  var values = time_value.split(" ");
  time_value = values[1] + " " + values[2] + ", " + values[5] + " " + values[3];
  var parsed_date = Date.parse(time_value);
  var relative_to = (arguments.length > 1) ? arguments[1] : new Date();
  var delta = parseInt((relative_to.getTime() - parsed_date) / 1000);
  delta = delta + (relative_to.getTimezoneOffset() * 60);

  if (delta < 60) {
    return 'less than a minute ago';
  } else if(delta < 120) {
    return 'about a minute ago';
  } else if(delta < (60*60)) {
    return (parseInt(delta / 60)).toString() + ' minutes ago';
  } else if(delta < (120*60)) {
    return 'about an hour ago';
  } else if(delta < (24*60*60)) {
    return 'about ' + (parseInt(delta / 3600)).toString() + ' hours ago';
  } else if(delta < (48*60*60)) {
    return '1 day ago';
  } else {
    return (parseInt(delta / 86400)).toString() + ' days ago';
  }
}

is a false alarm. this is for the info feed.

Would be best to always search this forum in case this has already been reported like http://blenderartists.org/forum/showthread.php?t=192871&highlight=graphicall

Hi Zeffii,

That dosen’t mean a thing to me. At the moment I can not access the site without disabling warnings
Although I can disable warnings that is a very dangerous thing to do. Next time it might be a real and dangerous threat.

Cog

:rolleyes: That really depends on what you consider to be “a real and dangerous threat.” Peddlers of “anti-virus” (sic) software obviously would like for you to be as paranoid as possible.

Here’s what I suggest, over and over again:

• Remove or disable :eek: your “anti-virus” software. Yes, that is exactly what I said, and exactly what I meant.
• If you are running Windows, do not run it either as an “Administrator” or as a “Power User.” Disable the guest account. Assign meaningful passwords. Don’t run any software, game or otherwise, that demands elevated privileges.
• Whether you are running Windows or a Macintosh, learn about the backup software that comes with your computer and use it automatically. External hard drives (USB or firewire) are dirt-cheap.

It is pointless to waste time and energy on any piece of software that is designed to ring an alarm-bell after someone has just stolen your prize race-horse. It is also pointless to invest in software that “frisks” everything in your computer to see if it’s about to try.

Instead, just make sure that your computer does not regard you as “(s)he who must be obeyed.” The paddock where your “prize race horses” are stored should be locked: “you can look, but you cannot touch, and that means you, too.”

Any computer, including Windows (other than 95/98/Me) can enforce such provisions, making it literally impossible for any “rogue program” to succeed at doing anything.

And buffer overflows?

What about those PCs which were running this way and still got infected?

All due respect, that is absolutely terrible advice. Browser exploits are being discovered and utilized every day by malware peddlers. Some of them manage to get their things put through ad syndication. What you end up with are hijacked Facebook/Twitter accounts and spyware or viruses that got installed on your computer without your knowledge. Windows exploits are always being discovered and taken advantage of to force elevation of privileges and do things that running as a simple User account won’t protect you from. At the very least some minimal amount of anti-virus should be installed such as Avast! or Microsoft Security Essentials. Something free, something simple.

And follow the very simple rule of never, ever running programs sent to you via email or opening MS Office documents sent to you via email without scanning them first. Ditch Internet Explorer and use Firefox with Adblock Plus installed. It is true that some AV programs will raise false alarms, but that can happen on rare occasion. When in doubt, post in a forum like this and get an opinion. Which the OP did and got the answer that it was indeed just a false alarm.

I cannot image if things would be so easy why then nobody is doing this.

However I must admit on the windows side there is a horde of users who
still use internet explorer for everything.

I have to agree…

Well it looks like the graphicall.org maintainers have modified the code enough to stop many malware and virus reporting on the site. So I am able to upload builds (safely) again.
By the way sundialsvc4, I look foward to your system soaking up all the malware, viruses and other unwanted intrusions rife on the internet. We used to call such systems honey pots in my network management days.
By the way I use Firefox and have done since it was introduced.

Cog

I have been using Avira AntiVir Personal - Free Antivirus for a few years now without paying a cent and just wave some detections that I feel are somewhat safe, I have not had any problems to speak of so far.

When my virus software gives me a message like that , I will always, and I mean always trust it and not open the web site even if it is a false alarm. Shutting off your virus software seems to me like really bad advise. And
@Richard Marklew sorry, but in the heat of the battle I just didn’t think about searching the forums for this toipic.

sundialsvc4:“It is pointless to waste time and energy on any piece of software that is designed to ring an alarm-bell after someone has just stolen your prize race-horse. It is also pointless to invest in software that “frisks” everything in your computer to see if it’s about to try.”

To build further on this ‘Prize Race-Horse’ Metaphore: whats the use of having such a beautiful piece of natures creation, not ever being able to ride it. How did it achieve the prize winning status in the first place?

Eventually, what I am trying to say is that there is no way to protect this animal from being stolen, or worse, killed, no matter how hard you try, if somebody/thing is determined to steal it, you loose it. As everything these times and days, Combination is the key thing. if you combine a good antivirus software, together with the advise to properly manage you Microsoft-ware given to you by sundialsvc4, if you properly back-up your data to make sure you at least have two copies of every digit you own in two distinct places and if you then use common sence on how to surf the web, no harm will come to you (I hope). Cause eventually no virsus can resist a complet thorough format disk/reboot/reset/wipe/clean cycle.

By combining, you will have optimum use of you race horse, so you don’t only have to watch.

that’s my opinion

Chrome was the hardest browser to exploit at PWN2OWN, I’d say its a pretty safe choice.