Tumblr Infection

4 posters

Go down

Tumblr Infection Empty Tumblr Infection

Post by Big_Piglet 2/7/2013, 6:31 pm

Apparently Tumblr has been infected, and by extension the miecraft launcher has. Almost anyone with Avast! will be getting a notice when they open the launcher saying that a malicious url from "pixel quantserve" was blocked. Some quick research on the Avast! and minecraft forums show that this is a relatively new problem, and people have traced it to a malicious script infecting Tumblr pages, and since Tumblr is used for the news feed on the launcher, we seem to be at risk until the issue is fixed.... though one post on one of the forums claimed that avast falsely listed a Tumblr script as malicious, though it didn't have evidence to backup the claim.

That said, I'm horrible with computers, and have had extremely bad luck with viruses and malware, so it's probably best for anyone reading this to take this all with a grain of salt, at least until someone who knows what they're doing gets a word in.
Big_Piglet
Big_Piglet
Redstone Miner
Redstone Miner

Posts : 203
Join date : 2012-09-21

Back to top Go down

Tumblr Infection Empty Re: Tumblr Infection

Post by Guest 2/7/2013, 9:55 pm

I got this earlier trying to log on:
Tumblr Infection O18W3rS

Guest
Guest


Back to top Go down

Tumblr Infection Empty Re: Tumblr Infection

Post by madscientist032 2/7/2013, 10:28 pm

jr8.... that refers to java! Unfortunately the latest version is jr7, not 8.... so I can see why it's being flagged as malware.
madscientist032
madscientist032
Oasis SMP Owner
Oasis SMP Owner

Posts : 5000
Join date : 2011-02-09
Age : 32

https://www.youtube.com/user/madscientist032

Back to top Go down

Tumblr Infection Empty Re: Tumblr Infection

Post by Guest 2/7/2013, 10:34 pm

That's what I thought too... I have a whole folder for "8" though.... I'm deleting java and reinstalling to see if anything changes

Guest
Guest


Back to top Go down

Tumblr Infection Empty Re: Tumblr Infection

Post by Big_Piglet 2/7/2013, 10:39 pm

I found some evidence that it might be a false positive... people are saying that due to the way the supposedly malicious gif/link was linked, it's being flagged as malicious because they can be used in a DDOS and can be used to track users of certain programs through their IP.

So apparently if it is a false positive it's just avast being paranoid.... Really wish I could find more information on what exactly is happening, though.

Main problem is for half the people it says a nonexistant version of Java is infected, or just the current java, but the other half has it say minecraft itself is infected.
Big_Piglet
Big_Piglet
Redstone Miner
Redstone Miner

Posts : 203
Join date : 2012-09-21

Back to top Go down

Tumblr Infection Empty Re: Tumblr Infection

Post by ReachAndromeda 2/7/2013, 10:57 pm

itd be funny if when you log in your skin defaults to the zombie skin... xD lol infected!
ReachAndromeda
ReachAndromeda
Iron Miner
Iron Miner

Posts : 54
Join date : 2012-04-12
Age : 34

Back to top Go down

Tumblr Infection Empty Re: Tumblr Infection

Post by Big_Piglet 2/8/2013, 12:51 pm

Been to another forum researching this again... supposedly quantserve is just what Mojang is using to see how many people are logging on to minecraft at any given time, and Avast! is blocking it because it sees it as a potential threat, but the game itself is still able to be played.


Anyone here have more information, or able to confirm this? I probably won't be playing until this is all sorted out.
Big_Piglet
Big_Piglet
Redstone Miner
Redstone Miner

Posts : 203
Join date : 2012-09-21

Back to top Go down

Tumblr Infection Empty Re: Tumblr Infection

Post by Gweedo358 2/8/2013, 1:27 pm

I dont use Avast, I am not having any problem with the logon screen. Sorry I cant help with this issue.
Gweedo358
Gweedo358
Professional Miner
Professional Miner

Posts : 1143
Join date : 2012-06-03
Age : 57

Back to top Go down

Tumblr Infection Empty Re: Tumblr Infection

Post by Big_Piglet 2/8/2013, 5:48 pm

My most recent bit of research mainly seems to confirm the false positive idea. Supposedly it's a legit company with a server named Pixel, that is used for services like Google analytic, and that it only measures usage such as the time of day and where you're logging in from, and that it doesn't track things like IPs or other personal information. I've also seen posts from people that say they analyzed the code itself and that it contained nothing malicious, even going to far to post the code itself to show other people what exactly it contains. Because so many people are giving evidence that it's just something used to analyze how many people play, because people have analyzed the code itself, because many people are giving evidence that due to the way this type of program *could* be malicious may be causing Avast! to block it just in case, and because of the fact that even if it *was* malicious, Avast! blocks it every time the launcher is opened, I'm gonna go ahead and say that it's probably safe, and it most likely *is* just Avast! being paranoid.... it also seems to be *only* Avast! blocking to program, meaning that unless Avast! is the single greatest virus protection of all time, it adds a lot more credence to the false positive theory.

Again though, I'm not savvy with computers, so I may very well be proven wrong by anyone who knows what they're doing... but for the time being I'm going to accept the idea that it's just a false positive.
Big_Piglet
Big_Piglet
Redstone Miner
Redstone Miner

Posts : 203
Join date : 2012-09-21

Back to top Go down

Tumblr Infection Empty Re: Tumblr Infection

Post by Big_Piglet 2/9/2013, 4:19 am

One last quick post, partially a bump for the second point of this post.


According to Nathan Adams Twitter account, the malware alert is in fact a false positive, so if anyone with Avast! is reading this, just ignore the warning. And a quick link to the twitter for a bit of confirmation https://twitter.com/Dinnerbone/status/299577210044547072


Second point - Since this issue here has been cleared up and there ended up being no threat, I'd appreciate a staff locking this topic, since it's now pointless.
Big_Piglet
Big_Piglet
Redstone Miner
Redstone Miner

Posts : 203
Join date : 2012-09-21

Back to top Go down

Tumblr Infection Empty Re: Tumblr Infection

Post by Gweedo358 2/9/2013, 12:37 pm

Roger that topic locked as requested.
Gweedo358
Gweedo358
Professional Miner
Professional Miner

Posts : 1143
Join date : 2012-06-03
Age : 57

Back to top Go down

Tumblr Infection Empty Re: Tumblr Infection

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum