Comments on: Iran spreading viruses through Ahmadinejad’s blog? (Update: Maybe not)

By: The Moderate Voice

The Moderate Voice — Thu, 17 Aug 2006 07:46:13 +0000

Retraction…

Earlier reports that it could be possible that visitors from Israel run into a virus if they click on links on Ahmadinejad’s blog are most likely incorrect.

…

By: Jill’s notebook » Blog Archive » Iran’s president has a blog, part three

Thu, 17 Aug 2006 05:21:37 +0000

[...] Now they’re saying there’s no malware on Ahmadenijad’s blog. [...]

By: Crazy Factor » Blogs can get hoaxed, or mislead (sorry to Iran’s president)

Crazy Factor » Blogs can get hoaxed, or mislead (sorry to Iran’s president) — Thu, 17 Aug 2006 00:37:52 +0000

[...] Turns out that CNN, among others, is reporting that Iran’s president’s blog doesn’t have malware or viruses after all. So, how could I report such yesterday? I wasn’t reporting, just passing along information I had from a reputable technical source (O’Reilly). [...]

By: Scobleizer - Tech Geek Blogger » Blogs can get hoaxed, or mislead (sorry to Iran’s president)

Thu, 17 Aug 2006 00:10:47 +0000

By: gary

gary — Wed, 16 Aug 2006 22:33:33 +0000

By pass, I mean I will not visit it.

By: gary

gary — Wed, 16 Aug 2006 22:33:06 +0000

I think I will pass on the link.

By: Old War Dogs

Old War Dogs — Wed, 16 Aug 2006 18:56:09 +0000

Iran spreading viruses through Ahmadinejad’s blog?…

Allahpundit: That’s the word on the street, according to an e-mail Bryan just forwarded me. I’ve been over there a bunch of times, though, and haven’t noticed any problems with my computer. Except that I now have a new Mel…

By: Niko

Niko — Wed, 16 Aug 2006 17:48:55 +0000

Nope.

http://olehgirl.blogspot.com/2006/08/pres-ahmadinejad-trying-to-infect.html

We at Symantec Security Response have investigated this issue thoroughly and can find no indication of malicious code being present on that nor on the http://www.ahmadinejad.ir landing page that triggered the alert.
We believe what happened was that an IPS (Intrusion Prevention System) signature in Norton Personal Firewall triggered an alert on the http://www.khamenei.ir website due to HTML code on that page that must be present to exploit the MS IE DragDrop Embed Code vulnerability. Upon investigation, it appears that while the code in this case is harmless, its presence was suspicious enough to trigger an alert. Additionally, this issue is not limited to Israel, as we were able to reproduce the issue ourselves.
We have taken steps to modify the IPS signature which was causing this alert to appear and the updates will be available shortly. In the meantime, we recommend that all user ensure that their software, such as browsers and operating systems, are fully patched and their security software up to date with the latest updates and definitions.

By: BrunoMitchell

BrunoMitchell — Wed, 16 Aug 2006 17:39:27 +0000

Last I read is that a virus is loaded for visitors from Israeli IP addresses, so we wouldn’t get the virus.

By: Niko

Niko — Wed, 16 Aug 2006 17:21:47 +0000

There’s no virus on that site. The false alarm stems from the fact that most elements on that site are dynamically loaded via JavaScript, and that method could be exploited by malicious code that is injected there, e.g. by comment writers.

That man is dangerous enough by possibly having his finger on the Big Red Button a few months hence, so no need to spread such urban legends in-the-making.

By: Romeo13

Romeo13 — Wed, 16 Aug 2006 17:18:17 +0000

OK…. ummm… Possible virus on the site, so you post a disguised LINK to it???

By: shooter

shooter — Wed, 16 Aug 2006 17:16:13 +0000

I only wish I’madingabat would go down that easy.
one shot, one …… you know.