trojan horse detected on chugger pump web site - Home Brew Forums

Register Now!
Home Brew Forums > Home Brewing Beer > Equipment/Sanitation > trojan horse detected on chugger pump web site

Reply
 
Thread Tools
Old 06-16-2012, 09:51 PM   #1
megalomani
 
megalomani's Avatar
Recipes 
 
Oct 2007
Cincinnati, OH
Posts: 178
Liked 7 Times on 7 Posts



My computer has Avast antivirus running. Just a few minutes ago I went to the Chugger pump site (chuggerpump.com) and avast sounded an alarm. It said it detected and blocked a trojan horse. Any time I navigated anywhere else on the site avast repeatedly reported the pages a malicious.

Anyone else having this happen? I wanted to contact the owner but didn't want to stay on the site any longer to get his contact info. Don't wabt to make things sound bad for Chugger but wanted to warn others without virus protection if there really is a danger.

 
Reply With Quote
Old 06-17-2012, 02:54 PM   #2
bdjohns1
Recipes 
 
Dec 2011
Sun Prairie, Wi
Posts: 315
Liked 35 Times on 33 Posts


There is something there. I went to the chuggerpumps page, and after a few seconds, it automatically went through a few reloads to some kind of scam advertising page.

I did a little debugging, and it appears that someone go into the site and inserted some obfuscated malicious code at the bottom of one of the JS files the page loads. (/js/cufon.js).

Don't visit their site for a bit, as it definitely appears to have been exploited.

 
Reply With Quote
Old 06-20-2012, 05:50 PM   #3
JohnTheBrewist
 
JohnTheBrewist's Avatar
Recipes 
 
Nov 2010
SoCal
Posts: 617
Liked 8 Times on 7 Posts


The virus is still there as of today, found by ESET antivirus.
__________________
Somewhere between
your liver and spleen
its always clear
for one more beer!

 
Reply With Quote
Old 06-20-2012, 05:55 PM   #4
IrregularPulse
Hobby Collector
HBT_LIFETIMESUPPORTER.png
 
IrregularPulse's Avatar
Recipes 
 
Nov 2007
Posts: 50,849
Liked 3459 Times on 3280 Posts


Too bad he's too busy trying to bash March Pumps to fix it
__________________
Tap Room Hobo

I should have stuck to four fingers in Vegas.

 
Reply With Quote
Old 06-20-2012, 06:11 PM   #5
stamandster
Recipes 
 
Jun 2011
springfield, ma
Posts: 790
Liked 54 Times on 45 Posts


People have to realize that they need to spend money to protect their sites. Third party security vendors are REQUIRED for audit and penetration testing.

 
Reply With Quote
Old 06-20-2012, 06:13 PM   #6
jbsengineer
Recipes 
 
Aug 2011
Syracuse, NY
Posts: 345
Liked 8 Times on 7 Posts


Quote:
Originally Posted by stamandster View Post
People have to realize that they need to spend money to protect their sites. Third party security vendors are REQUIRED for audit and penetration testing.
Exactly!
__________________
Electric Brewery Build

 
Reply With Quote
Old 06-20-2012, 06:18 PM   #7
bdjohns1
Recipes 
 
Dec 2011
Sun Prairie, Wi
Posts: 315
Liked 35 Times on 33 Posts


Quote:
Originally Posted by stamandster View Post
People have to realize that they need to spend money to protect their sites. Third party security vendors are REQUIRED for audit and penetration testing.
Ironically, the site has a "McAfee tested" logo on it.

 
Reply With Quote
Old 06-20-2012, 06:25 PM   #8
stamandster
Recipes 
 
Jun 2011
springfield, ma
Posts: 790
Liked 54 Times on 45 Posts


If they accept credit cards they are required by their agreements with credit card companies to follow PCI (PCI DSS) standards. It's designed to protect the "company" against lawsuits from consumer information theft. If you don't there are big fines associated with it.

This is a security breach and could possibly lead to compromised account holder information. I guess that Mcaffee secure badge at the bottom of the page means diddly.

 
Reply With Quote
Old 06-20-2012, 06:27 PM   #9
stamandster
Recipes 
 
Jun 2011
springfield, ma
Posts: 790
Liked 54 Times on 45 Posts


Quote:
Originally Posted by bdjohns1 View Post
Ironically, the site has a "McAfee tested" logo on it.
Yeah and when your password is ChuggerPumpRock! it's moot. lol

 
Reply With Quote
Old 06-20-2012, 09:25 PM   #10
jbsengineer
Recipes 
 
Aug 2011
Syracuse, NY
Posts: 345
Liked 8 Times on 7 Posts


Quote:
Originally Posted by stamandster View Post
If they accept credit cards they are required by their agreements with credit card companies to follow PCI (PCI DSS) standards. It's designed to protect the "company" against lawsuits from consumer information theft. If you don't there are big fines associated with it.

This is a security breach and could possibly lead to compromised account holder information. I guess that Mcaffee secure badge at the bottom of the page means diddly.
A lot of times the PCI compliancy is a joke. Just a form to fill out that you "certify" you are doing things within spec. If you do have a breach you are then marked as a level 1 and it makes it far more difficult to be re-certified.
__________________
Electric Brewery Build

 
Reply With Quote
Reply
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chugger pump issues phoenixs4r Equipment/Sanitation 5 05-22-2012 07:00 PM
How far down does the chugger pump have to be? Rivenin Equipment/Sanitation 4 05-17-2012 08:34 PM
Chugger Pump in San Diego chuggerpumps Equipment/Sanitation 0 02-28-2012 01:44 AM
Looking for a SS Chugger Pump brewerswife1 Equipment/Sanitation 5 12-16-2011 12:00 AM
Chugger Pump Review petecj Equipment/Sanitation 0 09-03-2011 03:05 PM


Forum Jump