Comments on: Delphi3000 Malware Problems

By: jamie

jamie — Fri, 27 Mar 2009 16:11:38 +0000

@Hok: Thanks for confirming, I thought I might be going mad if I was the only one that was seeing this problem.

@Ken Knopfli: True, it sounds ridiculously foolish when put like that. From a web developer point of view I find Javascript extremely useful for providing smoother interfaces and executing visual effects. Without some ability to execute something on the client side you couldn’t have Rich Interface Apps (whether they be in Flash, Javascript or Silverlight) and that would be a step backwards. Sometimes this concept is definitely a step too far (think of ActiveX) but properly controlled it’s essential for the web.

What would help is if the browser makers sand-boxed executing javascript properly…

By: Ken Knopfli

Ken Knopfli — Fri, 27 Mar 2009 10:03:21 +0000

I use NoScript in FireFox.

Years ago, viruses spread through diskettes.

When this JavaScript lark started, I couldn’t believe people would be naive enough to install something that can run unknown code on their PC.

Well, whaddaya know.

By: Hok

Hok — Fri, 27 Mar 2009 03:47:26 +0000

Chrome, Firefox say exactly as this article told. IE 8 64 bit, Opera, Safari just open the page.

By: jamie

jamie — Thu, 26 Mar 2009 20:21:39 +0000

@Jim: I didn’t mean to give the impression that the Delphi code samples might have been hacked (although I hadn’t looked at any of them). It’s more likely that there is alteration to the html code on some pages (Google says 4 out of 435) to include some Javascript or an invisible iFrame that tries various browser exploits. I’m fairly certain it’s this kind of exploit that Google is highlighting in it’s report.

It could just be one of their advertiser’s Javascript files that has fallen into the spyware/malware category on Google. It may not even be that serious an exploit but if Chrome and Firefox are warning me against it on security reasons then that’s still a serious problem for them.

@Brett Griffin: That’s ok – I’ll forgive your grammar in your first post if you’ll any I may make! It’s very sad indeed when we see great community resources sliding into inactivity and irrelevance, particularly those with the volume of content that D3K had on it. However, as one site exits, it leaves room for another in it’s place.

@richard populin: Did FireFox give you a red and warn you that it was a suspicious site too? Mine gave me the following notice, similar to the one shown by Chrome and linking to the same report:

http://jamie.op-i.net/blog/wp-content/uploads/2009/03/windowclipping-5.png

As you said, maybe one of the adverts has become classified as using Javascript too similar to malware/spyware. I’m sure you would be fine visiting the site and certainly using the code samples (unless you truly don’t read what you compile! ) but there is something not quite right some of their pages and the browser warning will put many people off.

By: richard populin

richard populin — Thu, 26 Mar 2009 19:12:40 +0000

Equiped with ADBlack and ScriptBlock for Firefox, i juste went to Delphi 3000 to read and download MathParser code.

No advice from AdBlock; a general advice from scriptblock telling that the site is suspicious. Delphi source code at Delphi 3000 is clean. May be few of the ads seen on the pages are malware prone? Don’t accept any cookies from the site.

By: Brett Graffin

Brett Graffin — Thu, 26 Mar 2009 19:12:34 +0000

Sorry about my grammar in the first post. I had changed thoughts in the middle of the sentence, and did not go back to proof it. Yes, the site has been in a suspended state for years. Postings have been the same for a long time. I used to be a pretty regular visitor to the site. There are article postings that are defined as “current” and have been there for a “L O N G” time. Finding good Delphi sites is a hobby. Unfortunately, they are rare and few. That’s why I am alway critical of Torry’s when he goes down. I don’t want them to turn in a 3000.

By: Jim McKeeth

Jim McKeeth — Thu, 26 Mar 2009 18:08:19 +0000

Although I was looking closer at the analysis and it may be safer to just avoid it after all. I guess someone could have uploaded an exploit. I didn’t think about the fact that users may still be uploading code. . . . . Bummer.

But was said, it hasn’t been updated in a long time anyway.

BTW, thanks for being on the podcast!

By: Jim McKeeth

Jim McKeeth — Thu, 26 Mar 2009 18:05:51 +0000

I visited Delphi 3000 and I don’t think it is compromised. Some of the code samples on there might be considered malicious, but I don’t think there is any risk of them being executed within your browser unless Chrome can execute Delphi / Object Pascal code now too!

By: jamie

jamie — Thu, 26 Mar 2009 17:10:10 +0000

@Brett Graffin: True; That it hasn’t really been updated for years may have contributed to it’s hacking (if it was indeed hacked). I can’t say I visit it regularly but I was Googling for something and it lead me to an article on there so I guess many will end up there for that reason.

By: Brett Graffin

Brett Graffin — Thu, 26 Mar 2009 16:52:09 +0000

That site has not really had been updated for years. Why anyone would want to visit it is beyond me. I also like the counter on how many people are currently connected. It’s always between 490 to 500.