Iran spreading viruses through Ahmadinejad’s blog? (Update: Maybe not)

posted at 12:58 pm on August 16, 2006 by Allahpundit

That’s the word on the street, according to an e-mail Bryan just forwarded me. I’ve been over there a bunch of times, though, and haven’t noticed any problems with my computer.

Except that I now have a new Mel Gibson screensaver that I can’t seem to get rid of.

Anyway, I’m sure they’ll blame the whole thing on cunning Zionist hackers.

And you know what? They’ll be right.

Update: Reader Niko shares his techie wisdom and says it’s much ado about nothing:

There’s no virus on that site. The false alarm stems from the fact that most elements on that site are dynamically loaded via JavaScript, and that method could be exploited by malicious code that is injected there, e.g. by comment writers.

If you want to take your chances, here’s the link.

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

I only wish I’madingabat would go down that easy.
one shot, one …… you know.

shooter on August 16, 2006 at 1:16 PM

OK…. ummm… Possible virus on the site, so you post a disguised LINK to it???

Romeo13 on August 16, 2006 at 1:18 PM

There’s no virus on that site. The false alarm stems from the fact that most elements on that site are dynamically loaded via JavaScript, and that method could be exploited by malicious code that is injected there, e.g. by comment writers.

That man is dangerous enough by possibly having his finger on the Big Red Button a few months hence, so no need to spread such urban legends in-the-making.

Niko on August 16, 2006 at 1:21 PM

Last I read is that a virus is loaded for visitors from Israeli IP addresses, so we wouldn’t get the virus.

BrunoMitchell on August 16, 2006 at 1:39 PM

Nope.

http://olehgirl.blogspot.com/2006/08/pres-ahmadinejad-trying-to-infect.html

We at Symantec Security Response have investigated this issue thoroughly and can find no indication of malicious code being present on that nor on the http://www.ahmadinejad.ir landing page that triggered the alert.
We believe what happened was that an IPS (Intrusion Prevention System) signature in Norton Personal Firewall triggered an alert on the http://www.khamenei.ir website due to HTML code on that page that must be present to exploit the MS IE DragDrop Embed Code vulnerability. Upon investigation, it appears that while the code in this case is harmless, its presence was suspicious enough to trigger an alert. Additionally, this issue is not limited to Israel, as we were able to reproduce the issue ourselves.
We have taken steps to modify the IPS signature which was causing this alert to appear and the updates will be available shortly. In the meantime, we recommend that all user ensure that their software, such as browsers and operating systems, are fully patched and their security software up to date with the latest updates and definitions.

Niko on August 16, 2006 at 1:48 PM

I think I will pass on the link.

gary on August 16, 2006 at 6:33 PM

By pass, I mean I will not visit it.

gary on August 16, 2006 at 6:33 PM