resolved Malware warning in thread

[Tacodidra 59,794]

While looking at an old thread on the forums, I got a malware warning in F-Secure. Supposedly this thread contains a banking trojan called Retefe:

Spoiler

WARNING! Don't visit the page if you don't have any antivirus software!

Spoiler

mlpforums.com/topic/179161-s08e22-what-lies-beneath/

 

I haven't got this warning in any other thread I've visited today. Could it have something to do with the link in the first post (to a now deleted Dailymotion video)? I know Dailymotion has had problems with malware at some point in the past, user accounts getting hacked etc. That's the only thing I can think of that could be causing the problem (I don't see any other links or file uploads in the posts)...

[Courageous Thunder Dash 7,809]

Uhm... @Rikifive, could you look into this?

[Jesse Terrence 2,963]

14 hours ago, Tacodidra said:

Could it have something to do with the link in the first post (to a now deleted Dailymotion video)?

Most likely. Never heard of F-Secure before, though.

Anyway, ESET nor MWBAM warned me of anything. It would be hard for them to detect anything anyway given I've configured my browsers to block all sort of stuff.

>Student 6 episode
Heh, maybe it was the episode itself :v

And investigating a bit, perhaps dailymotion itself uses F-Secure. Not that it matters, just a funny fact I guess?

EDIT:

Ok, so I've been doing some research. Perhaps retefe is a phishing tool to steal credentials and install more malware. My guess is the contaminated link will likely show a login prompt of some sort pretending to be whatever website it wants to steal your information from. It seems to be used to steal information from swedish bank systems as well. So watch out with any online shopping you might perform if you see that warning.

Finally, it seems to be rather old, with attacks to swedish banks being reported circa 2015. Supposedly, even windows defender can recognize it nowadays, but don't let your guard down just because of this.

Edited December 1, 2022 by Jesse Terrence
Further research

[Rikifive 23,489]

Hmm.. I went to this topic and didn't encounter anything odd.

Although Dailymotion prints some logs to the console:

feels like being back in commodore/amiga days lol

~ and causes a problem for using an obsolete function (in Chrome at least), there doesn't seem to be anything extraordinary at first glance.

 

Welp, I don't specialize in cyber security to be able to draw any conclusions from this. 

[Jeric 46,834]

Thanks all.
 

I removed the link to the old episode video. I didn’t see anything that triggers warnings on my end. 
 

if this occurs again let us know 

[Jeric 46,834]

1 hour ago, Rikifive said:

Although Dailymotion prints some logs to the console:

Heh. The old “you did a tech thing! Work for us” trick. 

[Tacodidra 59,794]

1 hour ago, Mayonnaise said:

Thanks all.
 

I removed the link to the old episode video. I didn’t see anything that triggers warnings on my end. 
 

if this occurs again let us know 

Thanks! I don't see the warning anymore, so it looks like everything's fine now!

It might have been a Dailymotion ad that caused it, I saw mentions of some of their past ads having contained malware. I then realized that I had whitelisted the site in my ad blocker to watch a video – seems to have been a bad decision (which I reversed as soon as I realized it).

Edited December 1, 2022 by Tacodidra

[Splashee 28,537]

20 hours ago, Tacodidra said:

I got a malware warning in F-Secure. Supposedly this thread contains a banking trojan called Retefe

Unless there is a download link or some video script that the forum allows to automatically load when going to that thread, there shouldn’t be any threats (both the forum software and most browsers won’t allow auto loading of scripts nowadays so it shouldn’t be a problem).

Links to suspicious content are usually removed (and is mostly done by us mods for new posts). Older threads could still have links to odd places though, and only if they are bumped (having an active discussion), they will be cleared of any suspicious links.

[Rikifive 23,489]

Since the source of the problem has been removed, I'll close the topic and mark as resolved. Thanks for reporting issues.