Fiverr Forum

Fiverr down and Flashplayer virus


#1

fiverr was down , but now up , when it was down i got dowoload flashplayer virus program , now also i can see it

check loging to fiverr without http s


#2

Reply to @gallywix: Welcome


#3

@mgjohn78 I’m not arguing the point of downtime here. I am trying to make users aware that even though it is being denied by support there was in fact an infected file that was served to users. I would say the majority of users trust this site and seeing a download coming from another trusted source ‘Adobe’ they would have no hesitation in executing the file.



The hack is not the issue, these things happen. The issue is unless a wider audience is correctly informed of this, they are potentially opened up to much more serious problems.


#4

Reply to @buzzkillington: Hacks are a given in this day and age, a support system that denies the attack and refuses to assist their users and potentially opening them up to further malicious damage, is not.


#5

Reply to @flyby: Actually someone (a malicious third party) gaining access during a maintenance would make sense. Or the malicious file might have been in the main http dir for ages and thus during maintenance we all got it as we weren’t redirected to https.

Bottom line the file “install_flash_player_17_plugin.exe” was definitely served from “fiverr.com


#6
forcedlogic said:
  • Good job Fiverr. You burned you Ecosystem even more. I can guess that the culprits are laughing right now non-stopped while Fiverr continues to ignore the truth. Hope ya have deep pockets because this could easily lead to a class action lawsuit.






  • Rate this commentVote Up0Vote Down


  • This is being a tad melodramatic. Class action lawsuit on what basis? That someone may or may not have hacked it and put on a virus? Good luck with that - let me know how it works.

    Despite what you want to believe, governments with huge pockets get hacked regularly. It's 2015 - it's going to happen. Do you really expect Fiverr to be impervious to every single attack vector out there?

    #7

    Reply to @eddiethornton: The site was not down for planned maintenance, read the Fiverr twitter feed and you will see they were aware of a problem.



    FYI - I run the most up to date anti virus and anti malware systems. - Maybe you missed the part where you have multiple users reporting the same issue.


    #8

    The site was down for planned, routine maintenance. Now it’s back up and running fine. If you got a virus, it came from somewhere else. It’s always advisable to have RUNNING malware/virus protection on your device. When in doubt, run it again. It does no good to wait until the threat is already on your machine, then run the protection software.


    #9

    Good job Fiverr. You burned you Ecosystem even more. I can guess that the culprits are laughing right now non-stopped while Fiverr continues to ignore the truth. Hope ya have deep pockets because this could easily lead to a class action lawsuit.


    #10

    Reply to @flyby: Correct, but simply downloading the executable is not enough to get infected, you have to actually run it for the virus to work. Unless I’m terribly mistaken! The downloaded file will still be flagged by antivirus of course, but unless you actually run it, it can’t infect you technically.


    #11

    Reply to @globalva:

    Wow now i’m really concerned!



    Please let us know when you have investigated further and confirmed that whatever vulnerabilities were exploited have been patched!


    #12

    Reply to @doubleu: It was a forced download. Unless you were using Google chrome you would not have been aware of it downloading in the background.


    #13

    Reply to @steveeyes: They’re not providing any guidance. They’re taking the path that will cost them the least amount of negative publicity and of course less financial input.

    Their response below ‘it didn’t happen’ but just in case it did happen, scan you pc’s anyway.



    This is a root kit which normal scans will not detect, the saddest part is, this could cause serious damage to users that aren’t technically aware and Fiverr could not care a less.




    No Adware | Adware and Malware Removal Program

    http://no-adware.com




    #14

    This makes me so angry that you guys choose to disrespect and potentially cause massive damage to your entire community of loyal users by trying to deny you were hacked and infected.



    Everyone read this post. You will understand what Fiverr is downright lying about here.



    http://no-adware.com/blog/fiverr-hacked-serving-malware/



    No Adware | Adware and Malware Removal Program

    http://no-adware.com




    #15

    @globalva You can’t be serious? You have multiple users on here giving you information on a malicious download and you guys are denying this?



    Unbelievable. I was infected by the exact FORCED download everyone is talking about and Fiverr comes out with ‘We aren’t aware’ - head in the sand.



    Show some respect to your users at least and tell them how this can be removed.


    #16
    steveeyes said: Why fiverr is not providing guidance on this is amazing.

    Only explanation i can think of is that the entire team is still busy repairing the damage and patching the security issues!


    #17

    Hi everyone. The site is up and running and is fully functional. We are not aware of any viruses during the recent outage, however, we are advising all users with PCs to have their computers scanned as a precaution.


    #18

    Reply to @doubleu: That is where I was confused. I didn’t install it or at least I didn’t think I did. When I clicked the link to go to fiverr I saw the message about installing flash player and ignored it. But than my computer rebooted without me doing anything so that is when I became concern.


    #19

    Should be safe if you didn’t actually install the flash plugin that was being sent. But since this was probably a targeted virus, best to change your passwords and run a scan anyway.


    #20

    Please everyone…be sure to check for virus…I checked with malewarebytes and it found no virus. Next I tried microsoft security essentials and it found no viruses.



    Someone told me to use Avast and do a boot scan. As I write this (on my laptop) Avast has found the virus kryptik-HYB doing a boot scan on my main computer. So highly recommend that everyone does a boot scan to be sure you don’t have the virus. I have a huge drive so it may take all day for it to complete.



    Why fiverr is not providing guidance on this is amazing.



    Fragglesrock