The Game Box
October 15, 2018, 04:45:22 pm
Welcome, Guest. Please login or register.

Login with username, password and session length
News: The new site is Running.
This one is closed.


sign up here: http://thegamebox.gamesontables.com/
 
  Home Help Search Gallery Links Staff List Login Register  

Weird Malware Experience

Pages: [1] 2   Go Down
  Print  
Author Topic: Weird Malware Experience  (Read 291 times)
Calandale
Mockingbird
Wyrd
Forum Malcontent
**
Offline Offline

Posts: 983


I mock you


View Profile WWW
Badges: (View All)
« on: July 16, 2014, 07:32:28 pm »

In the interests of disclosure, Roger had some issues accessing this site. I don't think there's anything
wrong, but thought I'd copy our conversation over on CSWSocial.


Quote from: Roger
I went there, said I had to install some player as firefox version was out of date, then dumped a poopieload of other spammy programs on my PC....I will not be going there to see your vids.....I will stick to youtube

especially Omiga-plus.....what poopiety hijack program.

Quote from: Me
Odd. Never had any issue there. Haven't used FF for a long time though.
There are no 'players' required for the site. It's a pretty simple SMF forum.

You had me worried so I ran  Norton and TrendMicro scans.
They showed no issues.


Quote from: Roger
Did not mean to alarm, more to warn. I have recently changed to Firefox, and when I went to your new "home", it said my FF video player was needed to be updated. I am normally more cautious about these things, but being new to FF and it's love of add-ons and plug ins I just ok'ed it.....WRONG MOVE.
I got rid of all the crap with Malwarebytes, but it had totally hijacked FF and installed a pile of new programs which needed to be uninstalled.
My bad judgement really as I should know better....ha ha ha


Not wargames, I meant military games, and I have just tried Google Chrome and it was fine. It must be something to do with Firefox, or something looks for Firefox users.....







Quote from: Me
My worry is that there is something on the site. But the AV web test sites say it's all clean.
No one else has had anything like that.

Looking at the source page, I'm not seeing this. Can't duplicate the behavior in my
very old firefox.
It almost sounds like clickjacking - but if that's the case, I'm not sure why I
wouldn't see signs of it in the source displayed, unless there is something
local to your firefox installation. Sad



There are a number of ways to attack someone directly at otherwise secure sites.
I'm not sure that someone would go through that effort though. It strikes me more
likely that this is something that was already present on his side. If anyone else
has gotten any weird redirects though, let me know - there will be residual evidence
to any such attack. If possible, keep a copy of the source page that redirected you.


Report Spam   Logged

Social Buttons

KevinR
Professional Rules Lawyer
Forum Curious
*
Offline Offline

Posts: 30



View Profile
Badges: (View All)
« Reply #1 on: July 16, 2014, 07:39:46 pm »

I was getting a lot of odd things on my Android phone, until I turned off Javascript.  It struck me as likely being bad ads.

On my Mac I block Flash and am not getting that, but there are quite a few Flash-based ads here.
Report Spam   Logged
Calandale
Mockingbird
Wyrd
Forum Malcontent
**
Offline Offline

Posts: 983


I mock you


View Profile WWW
Badges: (View All)
« Reply #2 on: July 16, 2014, 07:42:13 pm »

If they're supporting bad flash ads, it's an issue.

Flash is very exploitable. Someone could definitely launch
a clickjacking attack that way.
Report Spam   Logged
usrlocal
Magnificent Bastard
Forum Malcontent
**
Offline Offline

Posts: 448


Tony Clifton's love child


View Profile
Badges: (View All)
« Reply #3 on: July 16, 2014, 07:44:35 pm »

I run a Malwarebytes Anti-Malware scan on my Win7 rig nightly, and haven't picked anything up from this site when using Firefox. Norton is also good with it. And just for fun, I also tried Avast. It's clean.
Report Spam   Logged
jezarik
n00b

Offline Offline

Posts: 4



View Profile
Badges: (View All)
« Reply #4 on: July 16, 2014, 07:59:26 pm »

I'm using Chrome.  When I came over to this site yesterday (it was probably the third or fourth time I accessed the forum) I got a message saying I needed to download an update to Java and then it automatically downloaded a file labelled java_installer.exe.  I'm pretty ignorant when it comes to stuff like this, but I knew better than to open files that download without my consent.  A few seconds later I got a notification from AVG saying that the file contained Malware and it deleted the file.  According to my Chrome history, here is the address associated with the file:

websitecom.us/entry/node/file/pkg/java/s/java_installer.exe?offer_id=13232&aff_id=20749&transaction_id=2d323a2b-ea54-497f-b89c-b448aa64ba95

Report Spam   Logged
KevinR
Professional Rules Lawyer
Forum Curious
*
Offline Offline

Posts: 30



View Profile
Badges: (View All)
« Reply #5 on: July 16, 2014, 08:06:02 pm »

This site seems to be using several ad providers, including some I've never seen before.  One (adnxs) I've seen associated with malware before, although I can't quickly find a comment on whether they are ever legitimate.
Report Spam   Logged
usrlocal
Magnificent Bastard
Forum Malcontent
**
Offline Offline

Posts: 448


Tony Clifton's love child


View Profile
Badges: (View All)
« Reply #6 on: July 16, 2014, 08:09:54 pm »

I am running AdBlock, by the way. Maybe that's why I'm not picking anything up.
Report Spam   Logged
Calandale
Mockingbird
Wyrd
Forum Malcontent
**
Offline Offline

Posts: 983


I mock you


View Profile WWW
Badges: (View All)
« Reply #7 on: July 16, 2014, 10:03:33 pm »

This is troubling.
Report Spam   Logged
Sluggonics
Fancy Lad
Forum Malcontent
**
Offline Offline

Posts: 107


Tell you what, Smithers- have him beaten to a pulp


View Profile WWW
Badges: (View All)
« Reply #8 on: July 16, 2014, 10:44:36 pm »

I'm using Chrome.  When I came over to this site yesterday (it was probably the third or fourth time I accessed the forum) I got a message saying I needed to download an update to Java and then it automatically downloaded a file labelled java_installer.exe.  I'm pretty ignorant when it comes to stuff like this, but I knew better than to open files that download without my consent.  A few seconds later I got a notification from AVG saying that the file contained Malware and it deleted the file.  According to my Chrome history, here is the address associated with the file:

websitecom.us/entry/node/file/pkg/java/s/java_installer.exe?offer_id=13232&aff_id=20749&transaction_id=2d323a2b-ea54-497f-b89c-b448aa64ba95



I had this happen, too.  It's only happened once so far - I just closed the browser through Task Manager and didn't click on anything.  It didn't actually download any file.
Report Spam   Logged

Look out honey, 'cause I'm using technology!
usrlocal
Magnificent Bastard
Forum Malcontent
**
Offline Offline

Posts: 448


Tony Clifton's love child


View Profile
Badges: (View All)
« Reply #9 on: July 17, 2014, 09:55:43 am »

I just had Avast do a realtime in-browser report of this site (using its Firefox plugin). Avast declare it as safe. Once again, this is Firefox under Windows 7, with Adblock enabled.
Report Spam   Logged
Sluggonics
Fancy Lad
Forum Malcontent
**
Offline Offline

Posts: 107


Tell you what, Smithers- have him beaten to a pulp


View Profile WWW
Badges: (View All)
« Reply #10 on: July 17, 2014, 10:14:52 am »

I just had Avast do a realtime in-browser report of this site (using its Firefox plugin). Avast declare it as safe. Once again, this is Firefox under Windows 7, with Adblock enabled.

It's got to be related to the ads the site is running, then.
Report Spam   Logged

Look out honey, 'cause I'm using technology!
Calandale
Mockingbird
Wyrd
Forum Malcontent
**
Offline Offline

Posts: 983


I mock you


View Profile WWW
Badges: (View All)
« Reply #11 on: July 17, 2014, 11:05:29 am »

That's my guess. They probably don't screen them well enough.

And they suggest turning off flash in POSTS because it's a possible security risk!
Report Spam   Logged
pnpfanatic
Now 100% PnP
Forum Malcontent
**
Offline Offline

Posts: 191


View Profile
Badges: (View All)
« Reply #12 on: July 17, 2014, 12:05:05 pm »

I run FF and have had no problems but I run Noscript as well which blocks click jacking and malware and warns you if something is trying to run under the browser.

I highly rec Noscript...it's free, available through add-ons and has saved my butt more times than I can count at other sites (primarily well known commercial sites and even a couple times at BGG).
Report Spam   Logged
pnpfanatic
Now 100% PnP
Forum Malcontent
**
Offline Offline

Posts: 191


View Profile
Badges: (View All)
« Reply #13 on: July 17, 2014, 12:26:05 pm »

Just played the video for The Fall in the 'embed' thread and after allowing the base site and YT (Noscript allows you to pick what you want to allow to run...nice way to keep Google out of your ass as well if you like) the video displayed and played properly. No warnings, no pop ups or directions to upgrade or install anything.

Noscript throws a big box in the middle of the screen and stops anything from happening if it appears suspicious or is in its database. ALWAYS follow its directions no matter what the **** video is that you are trying to see Smiley
Report Spam   Logged
pnpfanatic
Now 100% PnP
Forum Malcontent
**
Offline Offline

Posts: 191


View Profile
Badges: (View All)
« Reply #14 on: July 17, 2014, 12:31:24 pm »

That's my guess. They probably don't screen them well enough.

And they suggest turning off flash in POSTS because it's a possible security risk!

That's why Apple doesn't allow FLASH on their gear. ALL FLASH has potential to harm. That is why the new HTML 5 browsers and up support the WEBM video format...it plays in the browser without a plug-in. I haven't read anything bad about it at this point but I know YT supports it.
Report Spam   Logged
Pages: [1] 2   Go Up
  Print  
 
Jump to:  

Powered by EzPortal
Bookmark this site! | Upgrade This Forum
Free SMF Hosting - Create your own Forum

Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy