C'mon Afterdawn!

Discussion in 'AfterDawn feedback & suggestions' started by KillerBug, Feb 23, 2010.

  1. Ketola

    Ketola Turned ninja Staff Member

    Joined:
    Jun 10, 1999
    Messages:
    1,233
    Likes Received:
    102
    Trophy Points:
    78
    If you run across the malware advertisement, please do the following:

    1) Provide your IP address

    This will enable us to identify the user's ISP. A user can identify her IP address by visiting http://www.ip-adress.com/


    2) Snapshot of HTTP traffic

    If possible, affected users may take a snapshot of the relevant HTTP traffic and send it to our team for review. If you're using Google Chrome as your browser, simply right-click on the page and select "Inspect Element." You can also capture the web traffic information by using a web debugging proxy, such as Firebug http://getfirebug.com ) if you're using Firefox, Charles (http://www.charlesproxy.com/ ) if you're using Safari, or FiddlerCap (http://www.fiddlercap.com/FiddlerCap ) if you're using Internet Explorer.


    3) HijackThis log, if possible

    To help us figure out if a user's computer is infected, the user may send us a HijackThis log (Windows-only). HijackThis is a free program that audits the processes running on a machine. It is available for download here:

    http://www.afterdawn.com/software/desktop_software/desktop_security/hijackthis.cfm


    On this site, you can find more information on malware from the Google
    Anti-Malvertising Team:
    http://www.anti-malvertising.com/
     
  2. cyprusrom

    cyprusrom Active member

    Joined:
    Jan 5, 2006
    Messages:
    5,439
    Likes Received:
    1
    Trophy Points:
    96
    I have used IE again, just to see if I could replicate the issue...I don't know, maybe due to whatever you guys have implemented,I had no issue. All works fine, no hijacking/redirecting;all adds are there, just benign.
     
  3. dailun

    dailun Active member

    Joined:
    Mar 16, 2006
    Messages:
    3,074
    Likes Received:
    0
    Trophy Points:
    66
    AVG caught it.

    I opened AVG and was redirected to

    http://94.23.72.47/index.html

    AVG identified it as:

    Exploit Rogue MCOS type `1027

    The problem is that I didn't see what ads were up before the redirect. I did a back and Cheetocorn was the banner ad.
     
  4. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,802
    Likes Received:
    0
    Trophy Points:
    66
    I figured I would give AD another chance...but it seems people are still having the problems.

    As for Adblock plus: It still downloads the ads and any viruses they may contain...it just does not show them. It also does nothing to prevent the most malicious advertisements...as it does not even offer the option to block these. Becides, ads pay for most of the web...and I don't mind them as long as they don't:
    1.) Forward me to other sites without permission
    2.) Try to infect me with malware
    3.) Make a 10K page take 30 seconds to load.
    ...and the ads on AD do all of these things.

    I assumed that the malicious ads were coming from the advertisers (why would AD try to do this?)...but that does not change the fact that they are on your site. It sounds like you only have two advertising partners, and one is providing most of the ads. It is in the site's own best interest to find more sources anyway, regardless of the fact that your primary advertiser is nothing more than a malware peddler.

    BTW...by adding that particular IP adress to the block list, you make AD fail to load (or take very long to load) every time that IP is referenced by an ad. This is because this site is setup to load the advertising before the content...something very silly for a site that is mostly text. Also, rouge security companies rarely (if ever) use only 1 IP for their crimes, for this very reason.
     
  5. creaky

    creaky Moderator Staff Member

    Joined:
    Jan 14, 2005
    Messages:
    27,900
    Likes Received:
    1
    Trophy Points:
    96
    I have no such problems across any of my machines, whether linux or Windows (XP & 7). I use AVG for Antivirus, but i have to admit ( iknow that AD wants the revenue from adverts) that i'm a heavy user of AdBlock Plus. ABP just has to be applied carefully, sometimes you can block a site or most of a site if ABP isn't used correctly.
     
  6. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,802
    Likes Received:
    0
    Trophy Points:
    66
    Adblockers ignored, this is still a "Legit" site that forwards you to a malware site. Most porno and warez sites don't even do that! If you are going to run a website that forwards people to malware, you might as well add a "how to steal credit card numbers" section to the forum.
     
  7. creaky

    creaky Moderator Staff Member

    Joined:
    Jan 14, 2005
    Messages:
    27,900
    Likes Received:
    1
    Trophy Points:
    96
    I don't know about any of that. I block adverts because they slow down page loading on my slower machines, but even if the adverts weren't blocked, i just wouldn't click on them. Maybe hidden malware or page redirections are triggered by accidentally clicking on popups or whatever, i haven't experienced such behaviour since i started using ABP though so can't comment on specific examples
     
  8. dRD

    dRD I hate titles Staff Member

    Joined:
    Jun 10, 1999
    Messages:
    8,312
    Likes Received:
    191
    Trophy Points:
    143
    Yet, nobody has helped us to stop the problem -- the ONLY way we can stop the problem is by getting a full list of adverts (preferrably in a screenshot that contains all the ad spots of our site) shown when the issue arised.

    We have contacted Google - our Google contact, not just their generic feedback - and the instruction set Ketola posted, is from them. Even they can't do much without people telling us what were the adverts that were shown on the page (as what happens is that one of AdSense advertisers have changed their advert against Google's TOS to spawn a rogue popup). They're however scanning their entire fleet of tens of thousands of advertisers now to find the culprit.

    So, if you're experiencing this problem (that none of our staffers have managed to reproduce), tell the details and help us to get rid of the problem.
     
    Last edited: Mar 2, 2010
  9. donewell

    donewell Regular member

    Joined:
    Nov 10, 2005
    Messages:
    400
    Likes Received:
    0
    Trophy Points:
    26

    I have been coming back here every 2 or 3 hrs for the last 3 days and nothing has poped up anymore. If it does i'm ready to capture a view of the page. I hope it was a hit and run deal, where they have pulled it and moved on to somebody else
     
  10. Dela

    Dela Administrator Staff Member

    Joined:
    Aug 25, 2002
    Messages:
    8,895
    Likes Received:
    3
    Trophy Points:
    118
    Maybe if someone experiencing this problem could let AfterDawn use remote desktop software to get what we need to block ads we can get rid of the malvertisement? I can't recreate with any browser or proxy.
     
  11. scum101

    scum101 Guest

    Normally I would rise to the challenge.. but nothings going to infect a linux system.. and I disallow java all the time because the horrid stuff has nasty habits with the 64 version of java right now... nothing worse than a java based flash window failing to open (applet:start) and then locking up the whole browser.. grrrr..

    anyway.. IF people would ditch that retard proprietary operating system with all it's deliberate faults and security holes when online none of this would matter... Creaky and myself sometimes even download this malicious stuff when we find it.. just for fun.

    I want more malware redirects and trojan infected flash ads, not less.. they are cool.. hehehehehe.. My collection is slowly growing.
     
    Last edited by a moderator: Mar 2, 2010
  12. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,802
    Likes Received:
    0
    Trophy Points:
    66
    It looks like your friends at google changed the ads that AD gets...now most of the banner ads are for Google phones, and none seem to try to do anything malicious.


    Scum...
    Linux ( and those who write software for it ) don't keep up with the times, and don't even support many things that microsoft was doing years ago. They excuse themselves by saying that "You don't REALLY need it" or "it would be a security hole"...and thus force most users to stick with windows. If linux was really secure, then it would be possible to do things such as activeX securly...as it is, they cannot be done at all. Don't get me wrong, I do think linux has lots of good uses...but untill the devs start including the features that have been standard with windows for years, very few end users will switch.
     
  13. scum101

    scum101 Guest

    bull.. we don't keep up with "unnecessary" gimmicks.. next time you use a dvd ripper or a freeware x264 codec think about who you apologists are slating.. .. the very people who write the software your favourite website uses to provide you with all this chance to slag us off.. given the opportunity m$ would have you all locked down 100% now if it wasn't for us.. You will never be quoted by Richard Stallman.. I have been.. hehehehe. I will be free to do as I choose when you can't even watch a dvd without inputting your credit card details..

    M$ have never had an original idea ever.. they are just following the herd who go before them.. aero.. compiz+beryl.. but those are mature and don't need 2 gigs of ram to implement..

    afterdawn RUNS and is HOSTED on LINUX servers.. now who looks stupid?? hahahahahaha
     
    Last edited by a moderator: Mar 3, 2010
  14. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    knock it off children.
     
  15. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,802
    Likes Received:
    0
    Trophy Points:
    66
    "unnecessary" gimmicks

    You just proved my point...you say they are "unnecessary" and I need them to do my job...I genuinly tried to go to linux, but most of the things I needed to do were deemed "Unnecessary" by the linux programers. Who decides what is necessary anyway? The Amish don't seem to think any part of a computer is necessary.

    I have never had to enter a credit card to watch anything; with the exception of when I signed up for netflix. (BTW..."watch instantly" is another "unnecessary feature" that linux "does not need")

    As for the AD servers, I assumed they were linux (windows server is a joke, and Unix is just Linux with fewer features and a price tag). Linux makes an excelent server...that is why I wrote "Don't get me wrong, I do think linux has lots of good uses" in my initial post. However, there is a big difference between a web server and a workstation; even if the hardware is very similar.

    Yes, linux makes an excelent server...but it does not even have full bluray support...something that even video games have.

    AGAIN, LINUX HAS IT'S PLACE...BUT IT DOES NOT DO WHAT I NEED, AND IT DOES NOT DO WHAT MANY AVERAGE USERS NEED, LET ALONE WHAT THEY WANT.

    (sorry for yelling).
     
  16. Ketola

    Ketola Turned ninja Staff Member

    Joined:
    Jun 10, 1999
    Messages:
    1,233
    Likes Received:
    102
    Trophy Points:
    78
    First of all, please stick to the topic. Thanks. =)

    I know this post is a couple of days old, but I'd still like to address it. Apparently the ads have disappeared, but just in case they would re-appear...

    Wow. It's sounds like you're experiencing heaps of problems. Let me address some of them.

    Adblock does block all advertisements. If you still experience problems with popups, it's very very likely that your computer is infected with some type of ad malware. Please run some online checks or try scanning your computer with Avast and it's boot time scan. I've found it one of the best on the market.

    We use the most reputable advertisement networks on the market, and they have very strict policies regarding the advertisements being run. So far we haven't been able to track down the source of these fake AV ads, but they will certainly be blocked by Google when the source has been located.

    Actually it's quite the opposite. Having a number of smaller ad networks or ad providers would be both inefficient (tons of management, limited number of impressions for each network), and would make problems like this even more difficult to track. Now there's only two possible sources for the misbehaving ads. Consider we would be using 20 networks..

    This, again, sounds like strange behaviour. Proper blocking should do exactly the opposite - make things load faster.

    I won't go into further debate on how ads should be loaded, and how they work. Things are done differently on the v4 site, but still the ads need to be loaded where they are shown - there's no real way around it.

    Again I would ask anyone experiencing the problems to please post diagnostic information that would help us track the source of the ads.

    If you run across the advertisement:

    1) Take screenshots of all the advertisements shown on the particular AfterDawn.com page.

    2) Email the information to me or support at afterdawndotcom.


    Thanks!
     
  17. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,802
    Likes Received:
    0
    Trophy Points:
    66
    I think google did find them (either that, or they only paid for a few days). I've been trying to make it happen since yesterday without luck...when I started this thread, it had happened twice in 5 pages.

    At least I know it was not coming from anything on my machine...because I didn't remove anything from my machine.

    Even when blocked, the ads still download (I agree, this should not happen...and that is why I don't like adblock plus). I can tell because I can see what is being downloaded as it downloads...and the banner adds download before anything but the header and about 1K of styling. I know this is common because it is easier to write this way...but I also know that it can be written so that the text loads before images, videos, and flash objects.

    Most flash-based ads can be blocked by hovering over the ad untill an X tab appears above the image...but it will not do this for other flash ads. I never get popups anyway (unless I hold shift while I click a link)...even without adblockers.

    Bad links in HTML make the page load faster, this is true...but this is not always true with the various other languages that make up most of the internet, and it certainly isn't true of adresses referenced by flash-based objects. (Can you tell that I hate flash almost as much as apple does?)
     
  18. Ketola

    Ketola Turned ninja Staff Member

    Joined:
    Jun 10, 1999
    Messages:
    1,233
    Likes Received:
    102
    Trophy Points:
    78
    Let's hope they did. They haven't reported any findings to us yet, though.

    That's good. =)

    That is very peculiar indeed. I use Adblock Plus 1.1.3 (disabled, of course, on all sites I frequently visit =) ), and tried loading this forum thread with it enabled. It did not load any advertisements at all. I verified this with Firebug's Net panel which shows all content that is downloaded duing a page load.

    Yes, the first banner advertisement is loaded after the top navigation elements. It is, however, not possible to create pages the way you describe - load text before images, videos and flash. The only way to do this would be to inject all non-textual content using Javascript at the footer of the page. This is not feasible, and I don't think there are too many sites out there that would do things this way. Just about the only bullet-proof way of speeding up page loads is putting slow content in iframes. Unfortunately Google Adsense doesn't work that well in an iframe.

    Luckily next generation browsers will feature non-blocking Javascript (current browsers halt page rendering to wait for most Javascript code executed on a page).

    At least for me Adblock plus blocks all Flash advertisements by default. To further speed up pages, you can (and probably should on older machines) use Flashblock.

    I'm not exactly sure what you mean by this. Javascript calls to "non-existing" (i.e. blocked) content doesn't block the browser. Flash objects are non-blocking by nature - they don't "freeze" the rest of the page if content is unreachable.
     
  19. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,802
    Likes Received:
    0
    Trophy Points:
    66
    My bad, I didn't know google's ads were written to prevent the use of iFrames.

    "I'm not exactly sure what you mean by this. Javascript calls to "non-existing" (i.e. blocked) content doesn't block the browser. Flash objects are non-blocking by nature - they don't "freeze" the rest of the page if content is unreachable."

    this is true, but they do block the rest of the page while they are loading, and bad links can cause them to take a very long time to load (or rather, to repeatedly attempt to load). Idealy, flash objects would be written clean and simple, and to give up after one try...but we all know that this is not the case most of the time.
     
  20. dailun

    dailun Active member

    Joined:
    Mar 16, 2006
    Messages:
    3,074
    Likes Received:
    0
    Trophy Points:
    66
    Well, whatever it is, it's still there. Strange that it only pops up when I open Afterdawn. No other websites seem to trigger it.
     

Share This Page