Subscribe to AfterDawn's weekly newsletter.
C'mon Afterdawn!
#1
23 Feb 2010 @ 23:35
KillerBug
Visit user's personal pageSend private message to this user
AfterDawn Addict
1 product review
I can't believe that the admins allow banner advertising that forwards to a rouge spyware tool site...I'm done with AD.
AfterDawn
Advertisement
#2
24 Feb 2010 @ 2:17
Yeah that doesn't seem right but I think you should let someone from AD respond before saying your done with AD.
#3
24 Feb 2010 @ 3:19
Originally posted by KillerBug:Could you elaborate a bit? What advert?
I can't believe that the admins allow banner advertising that forwards to a rouge spyware tool site...I'm done with AD.
#5
26 Feb 2010 @ 0:24
dailun
AfterDawn Addict
I believe I hit was Killerbug is referring to, but I didn't catch which ad sent me there. I will try to be more specific.
More details, it was one of those "your computer Is infected" websites. Still no idea what triggered it, but it definitely popped up while browsing AfterDawn.
More details, it was one of those "your computer Is infected" websites. Still no idea what triggered it, but it definitely popped up while browsing AfterDawn.
This message has been edited since its posting. Latest edit was made on 26 Feb 2010 @ 12:13
#6
26 Feb 2010 @ 12:52
AdBlock Plus.
That doesn't cure the problem, just eliminates the symptoms, but I still cannot believe that anyone would be using the net without something as simple as AdBlock. I get 0.001% of any ads.
That doesn't cure the problem, just eliminates the symptoms, but I still cannot believe that anyone would be using the net without something as simple as AdBlock. I get 0.001% of any ads.
Piss me off, and I Will ignore You!
#7
26 Feb 2010 @ 13:56
scum101
Suspended due non-functional email address
I sometimes turn mine off.. just to see how horrid and annoying it is trying to read in a room full of jumping idiots... I can say without doubt adblock (and noscript) make the internet a much more civilised and pleasant experience..
Have found a few things from ad's in the past that turned out to be pretty cool and interesting.. 2 of my friends got a 75% reduction on a hotel booking they were planning on already thanks to an ad on my site.. and I found meezmall hehehehe
Have found a few things from ad's in the past that turned out to be pretty cool and interesting.. 2 of my friends got a 75% reduction on a hotel booking they were planning on already thanks to an ad on my site.. and I found meezmall hehehehe
#8
27 Feb 2010 @ 13:48
I'm with killerbug on this one. I thought it was just me. seems like every 3rd or 4 th time i tune into afterdawn right after i click on one of the posts to read , a splash screen pops up and says many virus are detected and they want to run a scan. i always shut down right away with out clicking on anything, and reboot and run all my installed antivirus and maywarebytes. But find nothing. It is getting to be a pain in the A$$. No other web site causes this!!
#9
27 Feb 2010 @ 20:22
From my Norton Security Log.
2/27/2010 8:11 PM,High,An intrusion attempt by 217.23.5.233 was blocked.,Blocked,No Action Required,HTTP Fake Antivirus Install Request 4,"217.23.5.233, 80",217.23.5.233/hitin.php?land=20&affid=93101,"SUMIDOHOMEX64 (192.168.2.180, 54517)",217.23.5.233,"TCP, www-http",
2/27/2010 8:11 PM,High,An intrusion attempt by 217.23.5.233 was blocked.,Blocked,No Action Required,HTTP Fake Antivirus Install Request 4,"217.23.5.233, 80",217.23.5.233/hitin.php?land=20&affid=93101,"SUMIDOHOMEX64 (192.168.2.180, 54517)",217.23.5.233,"TCP, www-http",
IRQ is my cat. He interrupts me anytime he wants attention.
#10
28 Feb 2010 @ 0:21
I tried to use Internet Explorer,with no protection; went from blank home page to Afterdawn.com.Without clicking on anything, here's where it tried to redirect-"My Computer Online Scan";definitely something crappy that needs to be looked into:
...
Which leads to this:
http://www.computing.net/answers/securit...ojan/26132.html
...
Which leads to this:
http://www.computing.net/answers/securit...ojan/26132.html
Piss me off, and I Will ignore You!
#11
28 Feb 2010 @ 4:08
Only place I can imagine this problem coming from, is via AdSense. I've added 217.23.5.233 advertiser to our blocklist there, which would take care of the issue if it is really coming from AdSense. Only other ads we're running are from IDG, who only have a handful of advertisers - the likes of Cisco and HP.
Just to ensure we get this killed, let me know of what ads are showing on the site when this particular thingy pops up, as it might spark from a different banner entirely and AdSense only allows to block ads based on their originating address.
The issue seems to be quite widespread, I'm hearing users of other sites seeing this as well -- which _might_ also mean that it is some kinda Trojan that has infected your PC before and now pops this type of adverts.
Just to ensure we get this killed, let me know of what ads are showing on the site when this particular thingy pops up, as it might spark from a different banner entirely and AdSense only allows to block ads based on their originating address.
The issue seems to be quite widespread, I'm hearing users of other sites seeing this as well -- which _might_ also mean that it is some kinda Trojan that has infected your PC before and now pops this type of adverts.
This message has been edited since its posting. Latest edit was made on 28 Feb 2010 @ 4:16
#13
28 Feb 2010 @ 10:55
A mate was looking for some info on video converting/PS3 stuff. I recommended Afterdawn, of course, and he just called me to say "screw you buddy" :), he said his Norton AV blocked access to AD and the warned him the page contained malicious stuff...
I never experienced anything using FireFox and AdBlock, only when testing with IE and no protection.
I never experienced anything using FireFox and AdBlock, only when testing with IE and no protection.
Originally posted by dRD:So, is it possible that we're ALL infected with the same trojan that lies dormant and our AV/AniSpyWare software doesn't detect it? If that's the case, has anyone on this forum experienced that symptom when navigating on ANY OTHER site, except AD?(I won't use IE just to test it out on any other sites I navigate to:)!)
....
The issue seems to be quite widespread, I'm hearing users of other sites seeing this as well -- which _might_ also mean that it is some kinda Trojan that has infected your PC before and now pops this type of adverts.
This message has been edited since its posting. Latest edit was made on 28 Feb 2010 @ 11:00
#14
28 Feb 2010 @ 13:55
Only way for me to find out what causes this is:
If this occurs again, take a screenshot or a note of _all_ the adverts that are showing on that particular page at that very time and post here. If I can get this info, I can track which advertiser is running this scam and block them. Without this info, I have nothing.
If this occurs again, take a screenshot or a note of _all_ the adverts that are showing on that particular page at that very time and post here. If I can get this info, I can track which advertiser is running this scam and block them. Without this info, I have nothing.
#15
28 Feb 2010 @ 14:23
I've been trying to track this myself and so far haven't been able to reproduce the problem.
I loaded a number of pages across the sites through our US proxy using a variety of browsers from un-patched and unprotected IE6 to the latest Firefox 3.6, and no fake-AV popups have shown up.
Getting to the bottom of this is our top priority. If nothing else, this goes to show that you always need to have your AV software up to date - no matter where you browse.
I loaded a number of pages across the sites through our US proxy using a variety of browsers from un-patched and unprotected IE6 to the latest Firefox 3.6, and no fake-AV popups have shown up.
Quote:Which exact page did you go to? The AD front page, forums or a different page altogether?
I tried to use Internet Explorer,with no protection; went from blank home page to Afterdawn.com
Getting to the bottom of this is our top priority. If nothing else, this goes to show that you always need to have your AV software up to date - no matter where you browse.
#16
28 Feb 2010 @ 14:31
I just got this from malwarebytes while i was trying to read the last post here IP-BLOCK 217.23.3.234
#17
28 Feb 2010 @ 14:39
Originally posted by donewell:Could you provide some more details about the circumstances? I.e. what advertisements were visible on the page, which browser were you using etc.
I just got this from malwarebytes while i was trying to read the last post here IP-BLOCK 217.23.3.234
Thanks,
Jari
#18
28 Feb 2010 @ 14:53
I am using ie8 with microsoft security essentials and malwarebytes pro. the only thing i could see was the add for google (add more something or other, and it was show a conveerstion going on in a chat room? I only seen the bottom of the post screen
#19
28 Feb 2010 @ 14:57
Haven't noticed anything at all myself, don't run Adblock and use AfterDawn for a few hours each day. If it's Adsense then it should also be reported to Google as well as blocked from AfterDawn. If it's IDG... I think that'd be quite surprising.
To reply to KillerBug's original comment, as dRD pointed out, the advertisements are fed by external sources, Google and IDG already named. It reminds me of a rant on IRC about AfterDawn one day when someone accused aD of showing erotic ads. I asked for a link and it turned out that the ad in question was from Adsense (text ad) and the reason it was "erotic" (well... it wasn't actually erotic... just didn't belong on a tech site IMO...) was because the discussion on the forum thread was about similar stuff.
The point is, the ads reflect the content, and on the forum, the content is written by users, so AfterDawn with its staff of below 20 altogether trying to track every single advertisement is absolutely impossible when the ads are fed from Google's ten's of thousands of ads AND based on the content of the page itself. Whenever an objectionable ad is displayed and it's reported by a user, if its deemed necessary it can be blocked, but until the staff is aware of it, there's nothing can be done about it.
As far as I know, and if I'm wrong I'm sure dRD will correct me, AfterDawn doesn't handpick any advertisements on its English sites.
Hopefully in this case the blocked source will get rid of it and Google will purge it.
To reply to KillerBug's original comment, as dRD pointed out, the advertisements are fed by external sources, Google and IDG already named. It reminds me of a rant on IRC about AfterDawn one day when someone accused aD of showing erotic ads. I asked for a link and it turned out that the ad in question was from Adsense (text ad) and the reason it was "erotic" (well... it wasn't actually erotic... just didn't belong on a tech site IMO...) was because the discussion on the forum thread was about similar stuff.
The point is, the ads reflect the content, and on the forum, the content is written by users, so AfterDawn with its staff of below 20 altogether trying to track every single advertisement is absolutely impossible when the ads are fed from Google's ten's of thousands of ads AND based on the content of the page itself. Whenever an objectionable ad is displayed and it's reported by a user, if its deemed necessary it can be blocked, but until the staff is aware of it, there's nothing can be done about it.
As far as I know, and if I'm wrong I'm sure dRD will correct me, AfterDawn doesn't handpick any advertisements on its English sites.
Hopefully in this case the blocked source will get rid of it and Google will purge it.
#20
28 Feb 2010 @ 15:07
Originally posted by donewell:If the problem occurs again, could you (anyone reading) take screenshots of all the advertisements on the page (i.e the top and bottom portions of the page). You can email the pictures to me at <mynickname>@afterdawn.com or to support@afterdawn.com.
I am using ie8 with microsoft security essentials and malwarebytes pro. the only thing i could see was the add for google (add more something or other, and it was show a conveerstion going on in a chat room? I only seen the bottom of the post screen
Edit: For reference, here's a discussion thread on Techarena.in regarding similar (or the same) advertisement.
http://forums.techarena.in/security-virus/1310563.htm
Most likely the advertisement originates from Adsense, since it is the only common denominator between the sites (wordtwist.org, gizmag.com and afterdawn.com). Looks like something slipped through Google's fingers.
This message has been edited since its posting. Latest edit was made on 28 Feb 2010 @ 16:24
#21
01 Mar 2010 @ 11:19
If you run across the malware advertisement, please do the following:
1) Provide your IP address
This will enable us to identify the user's ISP. A user can identify her IP address by visiting http://www.ip-adress.com/
2) Snapshot of HTTP traffic
If possible, affected users may take a snapshot of the relevant HTTP traffic and send it to our team for review. If you're using Google Chrome as your browser, simply right-click on the page and select "Inspect Element." You can also capture the web traffic information by using a web debugging proxy, such as Firebug http://getfirebug.com ) if you're using Firefox, Charles (http://www.charlesproxy.com/ ) if you're using Safari, or FiddlerCap (http://www.fiddlercap.com/FiddlerCap ) if you're using Internet Explorer.
3) HijackThis log, if possible
To help us figure out if a user's computer is infected, the user may send us a HijackThis log (Windows-only). HijackThis is a free program that audits the processes running on a machine. It is available for download here:
http://www.afterdawn.com/software/deskto.../hijackthis.cfm
On this site, you can find more information on malware from the Google
Anti-Malvertising Team:
http://www.anti-malvertising.com/
1) Provide your IP address
This will enable us to identify the user's ISP. A user can identify her IP address by visiting http://www.ip-adress.com/
2) Snapshot of HTTP traffic
If possible, affected users may take a snapshot of the relevant HTTP traffic and send it to our team for review. If you're using Google Chrome as your browser, simply right-click on the page and select "Inspect Element." You can also capture the web traffic information by using a web debugging proxy, such as Firebug http://getfirebug.com ) if you're using Firefox, Charles (http://www.charlesproxy.com/ ) if you're using Safari, or FiddlerCap (http://www.fiddlercap.com/FiddlerCap ) if you're using Internet Explorer.
3) HijackThis log, if possible
To help us figure out if a user's computer is infected, the user may send us a HijackThis log (Windows-only). HijackThis is a free program that audits the processes running on a machine. It is available for download here:
http://www.afterdawn.com/software/deskto.../hijackthis.cfm
On this site, you can find more information on malware from the Google
Anti-Malvertising Team:
http://www.anti-malvertising.com/
#22
01 Mar 2010 @ 12:14
I have used IE again, just to see if I could replicate the issue...I don't know, maybe due to whatever you guys have implemented,I had no issue. All works fine, no hijacking/redirecting;all adds are there, just benign.
#23
01 Mar 2010 @ 22:10
dailun
AfterDawn Addict
AVG caught it.
I opened AVG and was redirected to
http://94.23.72.47/index.html
AVG identified it as:
Exploit Rogue MCOS type `1027
The problem is that I didn't see what ads were up before the redirect. I did a back and Cheetocorn was the banner ad.
I opened AVG and was redirected to
http://94.23.72.47/index.html
AVG identified it as:
Exploit Rogue MCOS type `1027
The problem is that I didn't see what ads were up before the redirect. I did a back and Cheetocorn was the banner ad.
#24
02 Mar 2010 @ 7:21
I figured I would give AD another chance...but it seems people are still having the problems.
As for Adblock plus: It still downloads the ads and any viruses they may contain...it just does not show them. It also does nothing to prevent the most malicious advertisements...as it does not even offer the option to block these. Becides, ads pay for most of the web...and I don't mind them as long as they don't:
1.) Forward me to other sites without permission
2.) Try to infect me with malware
3.) Make a 10K page take 30 seconds to load.
...and the ads on AD do all of these things.
I assumed that the malicious ads were coming from the advertisers (why would AD try to do this?)...but that does not change the fact that they are on your site. It sounds like you only have two advertising partners, and one is providing most of the ads. It is in the site's own best interest to find more sources anyway, regardless of the fact that your primary advertiser is nothing more than a malware peddler.
BTW...by adding that particular IP adress to the block list, you make AD fail to load (or take very long to load) every time that IP is referenced by an ad. This is because this site is setup to load the advertising before the content...something very silly for a site that is mostly text. Also, rouge security companies rarely (if ever) use only 1 IP for their crimes, for this very reason.
As for Adblock plus: It still downloads the ads and any viruses they may contain...it just does not show them. It also does nothing to prevent the most malicious advertisements...as it does not even offer the option to block these. Becides, ads pay for most of the web...and I don't mind them as long as they don't:
1.) Forward me to other sites without permission
2.) Try to infect me with malware
3.) Make a 10K page take 30 seconds to load.
...and the ads on AD do all of these things.
I assumed that the malicious ads were coming from the advertisers (why would AD try to do this?)...but that does not change the fact that they are on your site. It sounds like you only have two advertising partners, and one is providing most of the ads. It is in the site's own best interest to find more sources anyway, regardless of the fact that your primary advertiser is nothing more than a malware peddler.
BTW...by adding that particular IP adress to the block list, you make AD fail to load (or take very long to load) every time that IP is referenced by an ad. This is because this site is setup to load the advertising before the content...something very silly for a site that is mostly text. Also, rouge security companies rarely (if ever) use only 1 IP for their crimes, for this very reason.
#25
02 Mar 2010 @ 9:01
I have no such problems across any of my machines, whether linux or Windows (XP & 7). I use AVG for Antivirus, but i have to admit ( iknow that AD wants the revenue from adverts) that i'm a heavy user of AdBlock Plus. ABP just has to be applied carefully, sometimes you can block a site or most of a site if ABP isn't used correctly.
Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***
This discussion thread has been automatically closed, as it hasn't received any new posts during the last 180 days. This means that you can't post replies or new questions to this discussion thread.
If you have something to add to this topic, use this page to post your question or comments to a new discussion thread.
If you have something to add to this topic, use this page to post your question or comments to a new discussion thread.
