Title: Weird Malware Experience Post by: Calandale on July 16, 2014, 07:32:28 pm In the interests of disclosure, Roger had some issues accessing this site. I don't think there's anything
wrong, but thought I'd copy our conversation over on CSWSocial. Quote from: Roger I went there, said I had to install some player as firefox version was out of date, then dumped a poopieload of other spammy programs on my PC....I will not be going there to see your vids.....I will stick to youtube especially Omiga-plus.....what poopiety hijack program. Quote from: Me Odd. Never had any issue there. Haven't used FF for a long time though. There are no 'players' required for the site. It's a pretty simple SMF forum. You had me worried so I ran Norton and TrendMicro scans. They showed no issues. Quote from: Roger Did not mean to alarm, more to warn. I have recently changed to Firefox, and when I went to your new "home", it said my FF video player was needed to be updated. I am normally more cautious about these things, but being new to FF and it's love of add-ons and plug ins I just ok'ed it.....WRONG MOVE. I got rid of all the crap with Malwarebytes, but it had totally hijacked FF and installed a pile of new programs which needed to be uninstalled. My bad judgement really as I should know better....ha ha ha Not wargames, I meant military games, and I have just tried Google Chrome and it was fine. It must be something to do with Firefox, or something looks for Firefox users..... (http://api.ning.com/files/3A8rUyA9jKOqZ0JJrAEAKnmoCV0SBH7nJkHLQFE5i6SU*4yxfzdsp-4aQ1kh-u*zUQ170XzF2DxDWOjSDbNsynUXMabUcYrw/poopiescreen.jpg?width=530) Quote from: Me My worry is that there is something on the site. But the AV web test sites say it's all clean. No one else has had anything like that. Looking at the source page, I'm not seeing this. Can't duplicate the behavior in my very old firefox. It almost sounds like clickjacking - but if that's the case, I'm not sure why I wouldn't see signs of it in the source displayed, unless there is something local to your firefox installation. :( There are a number of ways to attack someone directly at otherwise secure sites. I'm not sure that someone would go through that effort though. It strikes me more likely that this is something that was already present on his side. If anyone else has gotten any weird redirects though, let me know - there will be residual evidence to any such attack. If possible, keep a copy of the source page that redirected you. Title: Re: Weird Malware Experience Post by: KevinR on July 16, 2014, 07:39:46 pm I was getting a lot of odd things on my Android phone, until I turned off Javascript. It struck me as likely being bad ads.
On my Mac I block Flash and am not getting that, but there are quite a few Flash-based ads here. Title: Re: Weird Malware Experience Post by: Calandale on July 16, 2014, 07:42:13 pm If they're supporting bad flash ads, it's an issue.
Flash is very exploitable. Someone could definitely launch a clickjacking attack that way. Title: Re: Weird Malware Experience Post by: usrlocal on July 16, 2014, 07:44:35 pm I run a Malwarebytes Anti-Malware scan on my Win7 rig nightly, and haven't picked anything up from this site when using Firefox. Norton is also good with it. And just for fun, I also tried Avast. It's clean.
Title: Re: Weird Malware Experience Post by: jezarik on July 16, 2014, 07:59:26 pm I'm using Chrome. When I came over to this site yesterday (it was probably the third or fourth time I accessed the forum) I got a message saying I needed to download an update to Java and then it automatically downloaded a file labelled java_installer.exe. I'm pretty ignorant when it comes to stuff like this, but I knew better than to open files that download without my consent. A few seconds later I got a notification from AVG saying that the file contained Malware and it deleted the file. According to my Chrome history, here is the address associated with the file:
websitecom.us/entry/node/file/pkg/java/s/java_installer.exe?offer_id=13232&aff_id=20749&transaction_id=2d323a2b-ea54-497f-b89c-b448aa64ba95 Title: Re: Weird Malware Experience Post by: KevinR on July 16, 2014, 08:06:02 pm This site seems to be using several ad providers, including some I've never seen before. One (adnxs) I've seen associated with malware before, although I can't quickly find a comment on whether they are ever legitimate.
Title: Re: Weird Malware Experience Post by: usrlocal on July 16, 2014, 08:09:54 pm I am running AdBlock, by the way. Maybe that's why I'm not picking anything up.
Title: Re: Weird Malware Experience Post by: Calandale on July 16, 2014, 10:03:33 pm This is troubling.
Title: Re: Weird Malware Experience Post by: Sluggonics on July 16, 2014, 10:44:36 pm I'm using Chrome. When I came over to this site yesterday (it was probably the third or fourth time I accessed the forum) I got a message saying I needed to download an update to Java and then it automatically downloaded a file labelled java_installer.exe. I'm pretty ignorant when it comes to stuff like this, but I knew better than to open files that download without my consent. A few seconds later I got a notification from AVG saying that the file contained Malware and it deleted the file. According to my Chrome history, here is the address associated with the file: websitecom.us/entry/node/file/pkg/java/s/java_installer.exe?offer_id=13232&aff_id=20749&transaction_id=2d323a2b-ea54-497f-b89c-b448aa64ba95 I had this happen, too. It's only happened once so far - I just closed the browser through Task Manager and didn't click on anything. It didn't actually download any file. Title: Re: Weird Malware Experience Post by: usrlocal on July 17, 2014, 09:55:43 am I just had Avast do a realtime in-browser report of this site (using its Firefox plugin). Avast declare it as safe. Once again, this is Firefox under Windows 7, with Adblock enabled.
Title: Re: Weird Malware Experience Post by: Sluggonics on July 17, 2014, 10:14:52 am I just had Avast do a realtime in-browser report of this site (using its Firefox plugin). Avast declare it as safe. Once again, this is Firefox under Windows 7, with Adblock enabled. It's got to be related to the ads the site is running, then. Title: Re: Weird Malware Experience Post by: Calandale on July 17, 2014, 11:05:29 am That's my guess. They probably don't screen them well enough.
And they suggest turning off flash in POSTS because it's a possible security risk! Title: Re: Weird Malware Experience Post by: pnpfanatic on July 17, 2014, 12:05:05 pm I run FF and have had no problems but I run Noscript as well which blocks click jacking and malware and warns you if something is trying to run under the browser.
I highly rec Noscript...it's free, available through add-ons and has saved my butt more times than I can count at other sites (primarily well known commercial sites and even a couple times at BGG). Title: Re: Weird Malware Experience Post by: pnpfanatic on July 17, 2014, 12:26:05 pm Just played the video for The Fall in the 'embed' thread and after allowing the base site and YT (Noscript allows you to pick what you want to allow to run...nice way to keep Google out of your ass as well if you like) the video displayed and played properly. No warnings, no pop ups or directions to upgrade or install anything.
Noscript throws a big box in the middle of the screen and stops anything from happening if it appears suspicious or is in its database. ALWAYS follow its directions no matter what the **** video is that you are trying to see :) Title: Re: Weird Malware Experience Post by: pnpfanatic on July 17, 2014, 12:31:24 pm That's my guess. They probably don't screen them well enough. And they suggest turning off flash in POSTS because it's a possible security risk! That's why Apple doesn't allow FLASH on their gear. ALL FLASH has potential to harm. That is why the new HTML 5 browsers and up support the WEBM video format...it plays in the browser without a plug-in. I haven't read anything bad about it at this point but I know YT supports it. Title: Re: Weird Malware Experience Post by: usrlocal on July 17, 2014, 06:30:27 pm Just played the video for The Fall in the 'embed' thread.... So, are you a fan now? ;D Title: Re: Weird Malware Experience Post by: pnpfanatic on July 17, 2014, 07:26:37 pm Love The Fall...been a fan for decades. Been filling in the collection recently. It's like trying to collect everything the Grateful Dead ever recorded.
I think Mark E.'s schedule is like wake up, get coffee, shot of liquor, record new album. Good choice...glad I 'tested' with that one. :) Title: Re: Weird Malware Experience Post by: usrlocal on July 17, 2014, 08:01:35 pm Love The Fall...been a fan for decades. Been filling in the collection recently. It's like trying to collect everything the Grateful Dead ever recorded. I think Mark E.'s schedule is like wake up, get coffee, shot of liquor, record new album. Good choice...glad I 'tested' with that one. :) Awesome! Colour me pleasantly surprised - Fall fans are relatively few and far between. I too have been getting caught up on their most recent stuff, from 2006 onward. Did a recent massive binge-buy mostly off of Amazon.co.uk: Your Future Our Clutter, Imperial Wax Solvent (scored it for about $15 - CD is going for about $200 on the American and Canadian Amazons, go figure), Ersatz GB, Re-Mit, and The Remainderer EP. I now have pretty much all of their studio albums except for Reformation: Post TLC, Code Selfish and Shift Work. I used to own the latter two on vinyl back in the day, but haven't yet got the CDs. Oh, and I have about 200 bootleg recordings. ;D |