NST Server Infected by HTML.Redlof.A Virus

Warning to Windows users (especially those using IE), do not click the links in the second paragraph, especially if you don’t have up to date anti-virus software installed. You have been warned.

It seems that the New Straits Times Press (Malaysia) Berhad‘s AdTimes archive hosting server is having a virus problem. Almost every article linked from this page is infected with the HTML.Redlof.A virus.

I was made aware of this issue through this post by Lainie. Hopefully, with more coverage on this issue, NST will take actions to clean up their archives. I would love to email the guys at NST about this issue, but unfortunately, their contact page doesn’t have an email address listed, and I couldn’t be arsed to call long distance 😛

Update: I emailed Ms Brenda Marshall, the Senior Manager of Advertising (if I’m not mistaken) via an email address from the contacts page found here. This was at 9:30 am (a few minutes after this post).

7 responses to “NST Server Infected by HTML.Redlof.A Virus”.

  1. Lainie Says:

    Ahhh…I didn’t dare to surf to those pages in case they had the virus too 😛 IreneQ messaged them too…haha…It’d better get fixed fast 🙂

  2. Artim Says:

    is a vbscript virus, firefox users are safe from it!

  3. Lainie Says:

    Yeah so I found out 🙂 Explains why I didn’t get a virus notification and Nessa did.

  4. Lucia Lai Says:

    Interesting Lainie, but wasn’t it you who blowed hot n cold all over in your blogsite? Next time dont panic fast fast. Four letter words and all. Doesnt look good on your blog or the site which hosts your rantings..

  5. Site Admin Azmeen Says:


    What Lainie wrote on her blog is entirely her opinions and her chosen way of expression. Added to the fact, that it’s her blog anyway.

    Anyway, thanks to everyone who commented. Hopefully the folks at NST have taken care of this problem.

    The server that hosts the pages seems down at the time of this comment. I don’t know if this is because they have purposely taken it offline or the server is suffering massive hits from curious visitors.

  6. pete Says:

    Every Maxis BB user will infected (I using Avast av log file to check) Every time you log on to internet with the maxis now that page will direct yours network to this page (which they suppose to clean it up by now)


    1/26/2008 12:41:47 PM SYSTEM 1496 Sign of “Win32:Agent-LSI [Trj]” has been found in “http://baidu1633.com/admin/xx.exe\[Upack]\[Embedded#d0d0]” file.
    1/26/2008 12:41:47 PM SYSTEM 1496 Sign of “HTML:CVE-2006-3227 [Expl]” has been found in “C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KQ19FG6C02[1].htm” file.
    1/26/2008 12:41:45 PM SYSTEM 1496 Sign of “HTML:CVE-2006-3227 [Expl]” has been found in “http://sina8488.com/admin/002.htm” file.
    1/26/2008 9:36:03 AM SYSTEM 1496 Sign of “Win32:Agent-LSI [Trj]” has been found in “http://baidu1633.com/admin/xx.exe\[Upack]\[Embedded#d0d0]” file.

    end of log file…

    I suspect maxis stuff surf to “baidu” ,thats where the virus host coming from….

  7. pier Says: