TSR: In Ur Accounts, Deletin Ur Stuffs!

[CatOfWar]

While it wouldn't surprise me that T$R is full of the computer equivalent of STD's, I am curious how someone could get a virus from there unless they download.  Even if they download, wouldn't they have to unzip and run something to get infected?  Does the T$R site have scripts that try to dl stuff onto your machine without notifying or asking you?  Wouldn't NoScript stop that?  Is T$R doing something else that could give you viruses?

[karu]

While it wouldn't surprise me that T$R is full of the computer equivalent of STD's, I am curious how someone could get a virus from there unless they download.  Even if they download, wouldn't they have to unzip and run something to get infected?  Does the T$R site have scripts that try to dl stuff onto your machine without notifying or asking you?  Wouldn't NoScript stop that?  Is T$R doing something else that could give you viruses?

Too many questions,  not enough answers.    

[simsrocks]

It might be a ad that gives people viruses.
I think someone mentioned about getting a virus from a ad on that thread.

[CatOfWar]

It might be a ad that gives people viruses.
I think someone mentioned about getting a virus from a ad on that thread.

Are we talking about a Flash ad that's running Javascript?  Or are we talking about actually clicking on ad, which one shouldn't do?  Again, wouldn't NoScript block this?

edit: here's a link
NoScript: Death to stupid scripts!

[SnarkyShark]

Proving (yet again) that TSR is the skeeziest of all sim sites. I haven't browsed that toxic site in a while and really have no intention of doing so ever again.  If their items are not in the booty, then I don't know about them or even care to know about them.

[simsrocks]

Are we talking about a Flash ad that's running Javascript?  Or are we talking about actually clicking on ad, which one shouldn't do?  Again, wouldn't NoScript block this?

Yeah, probably. I kind of wish I was using Firefox instead of Google Chrome, because it has plug ins to remove ads and block scripts.
On Google Chrome, Avast! is my only protection  Not that I ever plan on going there again.

I thought TSR were the lowest of the low, but now they're even lower.

[Dr House]

An ad can do that - without clicking on it. I had that problem a year ago (at Simchic I think) they later apologized - 'cause I wasn't the only one who had problems - and they blamed an infected ad. I use opera + Avast + Zone alarm yet it's sometimes not enough

[kenmtl]

It's really shit what happened to that person but unfortunately it does happen. However I hardly think TSR is doing it on purpose. I mean really, it can't be good for business. It's for sure delivered via one of their trashy unregulated flashy/blinky adverts. So ya they definitely need to be more diligent.

Ok I'm sorry but this fucking killed me. It's from the thread.

I guess I better download what i can before the viruses hit me and then cancel my subscription.

She almost deserves to get her comp wiped.

I'm like Dr House with Firefox/NoScript->Avast->ZoneAlarm. I rarely get bugged but it still possible. Sometimes I have to turn off the script blocker or some clicky buttons won't work *ahem MTS ahem* but generally it's always on. Scripts are bad.

[rum nate]

I just thought of this. Back in 2003 Maxis made a Makin Magic desktop gnome.  I am pretty sure TSR had it on their site for some time, and I'm pretty sure I got it there. After I installed it it gave our computer a nasty virus, causing us to have it compleatly wiped. We got the computer back and I installed it again, because we didn't know that caused it, and we got the same virus again. I really don't think I could have gotten the a virus from downloading something from Maxis website, and you actually can still download it off of The Sims 1 site, you just have to look hard for it. So if it was causing problems, they would have taken it off like they did the Bon Jovi sim for Superstar.  

[CatOfWar]

Sometimes I have to turn off the script blocker or some clicky buttons won't work *ahem MTS ahem* but generally it's always on. Scripts are bad.

You can set permissions on an individual script level.  With MTS, I just selectively allow the minimum number of scripts needed for the clicky buttons, and disallow the rest.  It's a pain to have to figure out what's needed though.  I assume the clicky button / menu scripts are separate from any ad-related scripts, but is that a safe assumption?  Don't know.

I agree that we can't blame T$R directly for an infected ad, but also agree they should screen their damn ads much better, for viruses and smut.  That Evony sex slave ad really gets on my nerves.  "Play with my tits now, my lord?"

[Dr House]

Virus from unclicked ads/scripts are extremelly rare and are generally only on very "bad" sites, the one at simschic really surprised me since I wasn't expecting anything nasty on a sims site. As all the other victims as soon as I opened a very particular page (was there for a free mesh) Zam! opera called its mama and avast and zonealarm both started howling That shit took a lot of cleaning-rebooting-etc. Their 'excuse-us' didn't make up for the hours of cleansing & worrying. I won't ever go there again for any free mesh.
Maybe coconut will bring us some infos on the T$R case? *puts coconut flavored rum glass on the table* *waits*

Never heard of that gnome. I had the aquarium (boring), the crib one (arg x_x quickly removed it) and the talk simlish (useless). But at least they were free stuff. Now all the tiny sims related gimmik games are pay. There was a couple of ones I've seen like a bust-a-move simmified, a mini-sim city or something and I-don't-recall-what. All buyables. Lame.

[rum nate]

http://thesims.ea.com/us/news/november03.html

Eight one down is the gnome.

I got the aquarium, and yeah, that is really really boring. I tried to get the crib one but it wouldn't work. Never got the talk simish one.

Yeah, we haven't heard much from coconut in a while. Would be nice if she can give us some info on this.

[scrappysim]

I got a virus from TSR almost two years ago.  I notified their admins and I believe it was Thomas that replied to me that it had to be from an ad.  I told him that I didnt really care what on the website caused it, I still felt it was their responsibility.  It was a vundo virus.  He basically told me that they were not responsible for anything in the ads or anything that the ads did since all they did was allow the ads to be on the site.  I responded that by allowing the ads to be there and not monitoring (or dealing with the consequences) of the ads they were disrespecting thier visitors and customers and that if they still insisted on having ads on their site that were at best inappropriate (remember all the smut) and at worst dangerous, then they would have to deal with losing anyone and everyone that I could get to listen to me about visiting thier site.  His only response was something about how it really wasn't fair for them to be blamed for something that thier advertisers did.  I never did get him to understand that as a business he is ultimately responsible for all of the content on his site since he allows it all to be there in the first place. 

It is different when you bring it to the attention of the site owner and they pull the ads or show any regret or gratitude that you have let them know so it can get fixed but to act like "I don't care; not my fault; buy my stuff!"  That is just wrong.  And, no I don't expect anything else form them anyway. It is just a shame that they still don't care.

[Witchboy]

I've seen other sites that have the same problem, specially blogs etc. Most likely TSR was injected with malicious code unknowingly. Here's how Code Injection works.



Step 1:
The hacker breaks into your system through vulnerabilities in your web site.

Step 2:
The hacker injects malicious code into your website.

Step 3:
Your customer visits your website trusting your reputation.

Step 4:
The injected code in your site compromises his machine: a virus is downloaded to his machine (machine can be turned into a bot that the hacker controls from his computer).

Step 5:
Search Engines visit and blacklist your website as malicious.

Web security is an arms race between good and evil. If a service is networked and interactive, it is most likely not 100% secure. It can be only made less vulnerable. Proof: Security giant Symantec and Kaspersky’s websites were cracked by hackers in 2009. If security companies can’t keep their website safe, who can claim they are secure?

Why antivirus software and a firewall are not enough.
Unless you are willing to give up on Web 2.0 functionality, web-site owners need to go beyond antivirus software and firewalls. There are ever evolving vulnerabilities and mechanisms for gaining access to a website. A major factor is vulnerabilities through one’s website. In addition there is the human factor; the careless employee who visits a malicious website, fails to protect their password, or brings an infected laptop inside the firewall. As a result, expecting you will never be broken into is like hoping that your home will never be burglarized.

The Code Injection attack and how it can kill an e-business.
Code injection turns your website into a beacon of malware dissemination without your knowledge. Its typical goals are to: (a) disseminate viruses and compromise your customers’ computer, and (b) perform identity theft on your customer. The problem is real: BusinessWeek was hacked (Nov 2008), 70,000 pages were hacked in June 2008. Code Injection can ruin an e-business: Once blacklisted by the major search engines, the reputation of one’s website plummets (reportedly from top 10 to bottom 10,000). In addition, currently there are no good tools to help you recover from a code injection. The stopbadware.org is filled with people unable to get off the blacklists.

I BET YOU DIDN’T KNOW:
a. Viruses started to masquerade as anti-virus software to fool people into downloading them.
b. Cyber-crime as a Service: (CaaS): Providing a rogue spam campaign or launching a DoS to a target of choice has its own market:

“Malware writers that sell toolkits online for as little as $400 will now configure and host the attacks as a service for another $50, a security expert has said.” ITNews 3/2009.

“Researchers have found that, in their haste to get rid of annoying popup alerts, most users don't bother to examine popups for the telltale signs of browser-based malware.” - Ars Technica 8/08.

“40% of surfers don't bother with browser security updates” -Ars Technica 7/08.

The intertwined world of cyber-crime.
Interestingly, many malicious activities are interconnected and supportive of each other: viruses, bots, website intrusion, code injection, and spam are tightly related. For example, consider the following cycle of crime: (a) a hacker uses code injection to create a malicious website, (b) the hacker uses a botnet to launch a spamming campaign attracting users to a malicious website, (c) careless users visit the website, are compromised and turned into bots, (d) the newly created bots are used to do more spamming.

[qbbs]

I don't know how this site is still opened? I ASSUMED it would have died years ago.