This is a FYI to alert whoever runs this site. I hope it gets attention here, or place it where it will get attention. This is not the first attack, but the second one from trying to complete a post or adding a smiley.
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-04-09 18:49:04,High,An intrusion attempt by www.bbweoil.com was blocked.,Blocked,No Action Required,Web Attack: Malicious JAR File Download 10,No Action Required,No Action Required,"www.bbweoil.com (64.34.127.185, 80)",www.bbweoil.com/52weiorad/XwnwqPtaq.jar,"(XXX.XXX.XXX.XXX)",64.34.127.185 (64.34.127.185),"TCP, www-http"
Network traffic from <b>www.bbweoil.com/52weiorad/XwnwqPtaq.jar</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
I removed my system name and IP configuration from the script for privacy purposes and added the XXX. This is the second time I was hit with this intrusion from this web site. Please do something about it. For those of you not running an anti-virus program or a cheap/free anti-virus program, good luck.
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-04-09 18:49:04,High,An intrusion attempt by www.bbweoil.com was blocked.,Blocked,No Action Required,Web Attack: Malicious JAR File Download 10,No Action Required,No Action Required,"www.bbweoil.com (64.34.127.185, 80)",www.bbweoil.com/52weiorad/XwnwqPtaq.jar,"(XXX.XXX.XXX.XXX)",64.34.127.185 (64.34.127.185),"TCP, www-http"
Network traffic from <b>www.bbweoil.com/52weiorad/XwnwqPtaq.jar</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\JAVA\JRE6\BIN\JAVA.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
I removed my system name and IP configuration from the script for privacy purposes and added the XXX. This is the second time I was hit with this intrusion from this web site. Please do something about it. For those of you not running an anti-virus program or a cheap/free anti-virus program, good luck.