The Great Bottle Opener Giveaway

Home Brew Forums > Home Brewing Beer > Equipment/Sanitation > trojan horse detected on chugger pump web site

Reply
 
LinkBack Thread Tools
Old 06-16-2012, 09:51 PM   #1
megalomani
HBT_SUPPORTER.png
Feedback Score: 0 reviews
 
megalomani's Avatar
Recipes 
 
Join Date: Oct 2007
Location: Cincinnati, OH
Posts: 167
Liked 4 Times on 4 Posts
Likes Given: 2

Default trojan horse detected on chugger pump web site

My computer has Avast antivirus running. Just a few minutes ago I went to the Chugger pump site (chuggerpump.com) and avast sounded an alarm. It said it detected and blocked a trojan horse. Any time I navigated anywhere else on the site avast repeatedly reported the pages a malicious.

Anyone else having this happen? I wanted to contact the owner but didn't want to stay on the site any longer to get his contact info. Don't wabt to make things sound bad for Chugger but wanted to warn others without virus protection if there really is a danger.

__________________
megalomani is offline
 
Reply With Quote Quick reply to this message
Old 06-17-2012, 02:54 PM   #2
bdjohns1
Feedback Score: 0 reviews
Recipes 
 
Join Date: Dec 2011
Location: Sun Prairie, Wi
Posts: 315
Liked 34 Times on 33 Posts
Likes Given: 2

Default

There is something there. I went to the chuggerpumps page, and after a few seconds, it automatically went through a few reloads to some kind of scam advertising page.

I did a little debugging, and it appears that someone go into the site and inserted some obfuscated malicious code at the bottom of one of the JS files the page loads. (/js/cufon.js).

Don't visit their site for a bit, as it definitely appears to have been exploited.

__________________
bdjohns1 is offline
 
Reply With Quote Quick reply to this message
Old 06-20-2012, 05:50 PM   #3
JohnTheBrewist
Feedback Score: 0 reviews
Recipes 
 
Join Date: Nov 2010
Location: SoCal
Posts: 620
Liked 8 Times on 7 Posts
Likes Given: 6

Default

The virus is still there as of today, found by ESET antivirus.

__________________

Somewhere between
your liver and spleen
its always clear
for one more beer!

JohnTheBrewist is offline
 
Reply With Quote Quick reply to this message
Old 06-20-2012, 05:55 PM   #4
IrregularPulse
Hobby Collector
HBT_LIFETIMESUPPORTER.png
Feedback Score: 0 reviews
 
IrregularPulse's Avatar
Recipes 
 
Join Date: Nov 2007
Posts: 41,977
Liked 2747 Times on 2698 Posts
Likes Given: 110

Default

Too bad he's too busy trying to bash March Pumps to fix it

__________________
Tap Room Hobo

I should have stuck to four fingers in Vegas. :o - marubozo
IrregularPulse is offline
 
Reply With Quote Quick reply to this message
Old 06-20-2012, 06:11 PM   #5
stamandster
Feedback Score: 0 reviews
Recipes 
 
Join Date: Jun 2011
Location: springfield, ma
Posts: 756
Liked 50 Times on 43 Posts
Likes Given: 25

Default

People have to realize that they need to spend money to protect their sites. Third party security vendors are REQUIRED for audit and penetration testing.

stamandster is offline
 
Reply With Quote Quick reply to this message
Old 06-20-2012, 06:13 PM   #6
jbsengineer
HBT_SUPPORTER.png
Feedback Score: 0 reviews
Recipes 
 
Join Date: Aug 2011
Location: Syracuse, NY
Posts: 350
Liked 8 Times on 7 Posts
Likes Given: 1

Default

Quote:
Originally Posted by stamandster View Post
People have to realize that they need to spend money to protect their sites. Third party security vendors are REQUIRED for audit and penetration testing.
Exactly!
__________________
Electric Brewery Build
jbsengineer is offline
 
Reply With Quote Quick reply to this message
Old 06-20-2012, 06:18 PM   #7
bdjohns1
Feedback Score: 0 reviews
Recipes 
 
Join Date: Dec 2011
Location: Sun Prairie, Wi
Posts: 315
Liked 34 Times on 33 Posts
Likes Given: 2

Default

Quote:
Originally Posted by stamandster View Post
People have to realize that they need to spend money to protect their sites. Third party security vendors are REQUIRED for audit and penetration testing.
Ironically, the site has a "McAfee tested" logo on it.
__________________
bdjohns1 is offline
 
Reply With Quote Quick reply to this message
Old 06-20-2012, 06:25 PM   #8
stamandster
Feedback Score: 0 reviews
Recipes 
 
Join Date: Jun 2011
Location: springfield, ma
Posts: 756
Liked 50 Times on 43 Posts
Likes Given: 25

Default

If they accept credit cards they are required by their agreements with credit card companies to follow PCI (PCI DSS) standards. It's designed to protect the "company" against lawsuits from consumer information theft. If you don't there are big fines associated with it.

This is a security breach and could possibly lead to compromised account holder information. I guess that Mcaffee secure badge at the bottom of the page means diddly.

__________________
Untappd - @TheBarleyMen - The Barley Men - Blog
stamandster is offline
 
Reply With Quote Quick reply to this message
Old 06-20-2012, 06:27 PM   #9
stamandster
Feedback Score: 0 reviews
Recipes 
 
Join Date: Jun 2011
Location: springfield, ma
Posts: 756
Liked 50 Times on 43 Posts
Likes Given: 25

Default

Quote:
Originally Posted by bdjohns1 View Post
Ironically, the site has a "McAfee tested" logo on it.
Yeah and when your password is ChuggerPumpRock! it's moot. lol
__________________
Untappd - @TheBarleyMen - The Barley Men - Blog
stamandster is offline
 
Reply With Quote Quick reply to this message
Old 06-20-2012, 09:25 PM   #10
jbsengineer
HBT_SUPPORTER.png
Feedback Score: 0 reviews
Recipes 
 
Join Date: Aug 2011
Location: Syracuse, NY
Posts: 350
Liked 8 Times on 7 Posts
Likes Given: 1

Default

Quote:
Originally Posted by stamandster View Post
If they accept credit cards they are required by their agreements with credit card companies to follow PCI (PCI DSS) standards. It's designed to protect the "company" against lawsuits from consumer information theft. If you don't there are big fines associated with it.

This is a security breach and could possibly lead to compromised account holder information. I guess that Mcaffee secure badge at the bottom of the page means diddly.
A lot of times the PCI compliancy is a joke. Just a form to fill out that you "certify" you are doing things within spec. If you do have a breach you are then marked as a level 1 and it makes it far more difficult to be re-certified.
__________________
Electric Brewery Build
jbsengineer is offline
 
Reply With Quote Quick reply to this message
Reply


Quick Reply
Message:
Options
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chugger pump issues phoenixs4r Equipment/Sanitation 5 05-22-2012 07:00 PM
How far down does the chugger pump have to be? Rivenin Equipment/Sanitation 4 05-17-2012 08:34 PM
Chugger Pump in San Diego chuggerpumps Equipment/Sanitation 0 02-28-2012 12:44 AM
Looking for a SS Chugger Pump brewerswife1 Equipment/Sanitation 5 12-15-2011 11:00 PM
Chugger Pump Review petecj Equipment/Sanitation 0 09-03-2011 03:05 PM