[Bevan]

This popped up a few minutes ago. Maybe related to a 4chan picture posted in 'amusing images'. I don't do 4chan and don't recognise the link. I had Reuters and Tinypic open at the time but in the separate browser from forum. ?

Category: Intrusion Prevention

Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description

2012-07-20 21:13:01,High,An intrusion attempt by www.comix.it was blocked.,Blocked,No Action Required,Web Attack: Mass Iframe Injection Website 10,No Action Required,No Action Required,"www.comix.it (85.94.209.236, 80)",www.comix.it/wp-content/files_mf/63408/4chan-meme-faces-list-717.gif,"BEVAN-PC (192.168.1.64, 63495)",85.94.209.236 (85.94.209.236),"TCP, www-http"

Network traffic from <b>www.comix.it/wp-content/files_mf/63408/4chan-meme-faces-list-717.gif</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

[Jezebel]

Thanks. I removed the image to prevent further warnings.

[Bevan]

I take it the matching signature doesn't indicate an actual attack.

[Jezebel]

Anti-virus programs sometimes flag sites that have had any potentially harmful content on them. When any content is remotely linked from that domain, it can set them off. Since we don't allow script execution in posts it's unlikely that the content is actually dangerous. I'm aware of some Windows exploits in the past that allowed malicious code to be imbedded in image files, but it was patched and generally this would be pretty rare.

We remove all images that trigger anti-virus programs on INTJf even if they are false alarms just so members don't have to deal with seeing the alerts.

[Bevan]

Got it. Thanks.