1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

C'mon Afterdawn!

Discussion in 'AfterDawn feedback & suggestions' started by KillerBug, Feb 23, 2010.

  1. funksoulb

    funksoulb Regular member

    Joined:
    Oct 4, 2008
    Messages:
    1,712
    Likes Received:
    0
    Trophy Points:
    46
    I normally use Opera and I visited the site today and wondered why it looked weird, so I checked it out in the latest version of IE only to get this: -

    [​IMG]

    Which when clicked, redirects me to here and attempts to install malware: -

    h**p://www1.firecure-forthis-pcnow.in/?p=p52dcWtkal%2FCj8bYbn2Ai1ik12qYVp%2FZatramleZm5qiw8KCd2xfqKygdW6Sk5idZ5Nla2ZtiqDWkaTboKCViaJ0WKrO1c%2Beb1qfnaSZdV%2FXlsndblaWpG9wmluUaF6XX5mSl1epl5yih9esb2VranBrbWyZX5iMpaNfcWNqmmWZZWOeX5eKxpR0eXg%3D

    EDIT - BTW, I was also not able to get a screen shot of the offending ads because the page on Afterdawn closes when that pop-up appears. I have been able to get it to appear 3 times now by repeatedly refreshing the page in the Xbox 360 section.

    The file that the site tries to download is only picked up by 4 out of 42 scanners at VirusTotal. It's another one of those fake anti-virus programs. Sophos is the only one that detects it as Mal/FakeAV-BW. 3 other scanners pick it up as suspicious and the other 38 don't pick it up at all.
     
    Last edited: Mar 16, 2010
  2. Ketola

    Ketola Turned ninja Staff Member

    Joined:
    Jun 10, 1999
    Messages:
    1,244
    Likes Received:
    100
    Trophy Points:
    78
    Can you try and track IE traffic using FiddlerCap and instructions posted here? Since the advertisements are never shown over here in Finland, we rely in the information you can provide to get rid of this pest.
     
  3. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,803
    Likes Received:
    0
    Trophy Points:
    66
    When you turn on FiddlerCap or Firebug, you prevent these things from being loaded. It is only when you run without these apps that the problem shows up. From the Microsoft post, it seems that it is not just AD that gets these, but so far it has only happened on AD for me.

    This malware is written very well, and I no longer think that it comes from Symantec...as they do not know how to write software that works this well.
     
  4. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,803
    Likes Received:
    0
    Trophy Points:
    66
    I keep getting this message from Flash...not sure if it helps or not:

    "Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://img-cdn.mediaplex.com/0/711/..._DAP_I106=0&ir_DAP_I107=0&dap3_template_id=71 cannot load data from http://dap.ebay.gslb.com:8080/dap?t...5=0&I106=0&I107=0&imp_id=4810530395518852746.
    at com.agency.ebay.oxfordLite.net::DAP3Loader/fetch()
    at com.agency.ebay.oxfordLite.net::DAP3Loader/onConfigLoadParsed()
    at flash.events::EventDispatcher/dispatchEventFunction()
    at flash.events::EventDispatcher/dispatchEvent()
    at com.agency.ebay.oxfordLite.data::DAP3Config$/parseData()
    at com.agency.ebay.oxfordLite.net::DAP3Loader/onConfigLoadComplete()
    at flash.events::EventDispatcher/dispatchEventFunction()
    at flash.events::EventDispatcher/dispatchEvent()
    at flash.net::URLLoader/onComplete()"
     
  5. Ketola

    Ketola Turned ninja Staff Member

    Joined:
    Jun 10, 1999
    Messages:
    1,244
    Likes Received:
    100
    Trophy Points:
    78
    That looks like a benign advertisement code. Seems to run some type of eBay advertisement, but I'll have a closer look at it anyway. Thanks!
     
  6. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,803
    Likes Received:
    0
    Trophy Points:
    66
    Even if it isn't a malware, it is still worth fixing just to avoid the Flash Error pop-ups.
     
  7. creaky

    creaky Moderator Staff Member

    Joined:
    Jan 14, 2005
    Messages:
    31,683
    Likes Received:
    1
    Trophy Points:
    96
    I still don't suffer from any of these things, i use Firefox primarily.
     
  8. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,803
    Likes Received:
    0
    Trophy Points:
    66
    That error only comes up with firefox...maybe I need to revert to an older version; I only upgraded because Firebug forced me to.
     
  9. creaky

    creaky Moderator Staff Member

    Joined:
    Jan 14, 2005
    Messages:
    31,683
    Likes Received:
    1
    Trophy Points:
    96
    Maybe try ABP, Flashblock & noscript..

    ..Saying that, this machine hasn't got noscript installed, and i do most of my surfing on it
     
  10. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,803
    Likes Received:
    0
    Trophy Points:
    66
    Nevermind me, I was just trying to keep new users from running away after getting slammed with malware sites and flash error messages. These things are not a big problem for me...the Flash errors are only a bit annoying, and any kind of proxy (even a pseudo-proxy like Firebug or FiddlerCap) will prevent the forwards.

    I'll stop trying...if things get too bad, I'll just jump ship with the rest of the users.
     
  11. Ketola

    Ketola Turned ninja Staff Member

    Joined:
    Jun 10, 1999
    Messages:
    1,244
    Likes Received:
    100
    Trophy Points:
    78
    Unfortunately it's, again, one of those things we have absolutely no control over. I run AfterDawn with Firebug all the time, and haven't come across the problem myself. Probably because that's yet another ad targeted at another market.
     
  12. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,803
    Likes Received:
    0
    Trophy Points:
    66
    Sounds like you have virtually no control over anything...and a bunch of whinny brats complaining every time something breaks. All well...like I said, I'll stick around as long as there are people here, and the site itself can be tamed. My main concern at this point is that if the AD gets to be more of a virus portal than the Pirate Bay, there will be no reason for anyone to come here.

    I kind-a miss the old days when advertising was either a JPG or a GIF...now you can include malicious code in you advertising, and there is nothing anyone can do about it other than blocking all ads!
     
  13. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,327
    Likes Received:
    120
    Trophy Points:
    143
    i'm not getting any of that stuff except for the feedback tab on right side of screen.
     
  14. donewell

    donewell Regular member

    Joined:
    Nov 10, 2005
    Messages:
    437
    Likes Received:
    0
    Trophy Points:
    26
  15. Ketola

    Ketola Turned ninja Staff Member

    Joined:
    Jun 10, 1999
    Messages:
    1,244
    Likes Received:
    100
    Trophy Points:
    78
    Thank you for reporting this. I've checked the site to see if there are any similarities to the problems reported here.

    From what I've observed the site is trying to load a malware script from http://google-aqalytics.info/ directly in the source. That indicates that this isn't a problem with their advertisements but the site itself. Either the code is there on purpose or the pages have been hacked in some way.

    Nevertheless the script is lightly encoded, and causes the page to be redirected to dragon4star.com , which in turn redirects to smart4-defence.com (both of these addresses need to be loaded with specific attributes to trigger malware load attempt). The last mentioned is a scam site that portrays a fake anti-virus scan and then attempts to start a download for a setup exe. Here is an analysis of the EXE file.

    Here are screenshots of the process. I think it bears resemblance to the advertisements causing problems here:

    [​IMG] [​IMG] [​IMG] [​IMG]
     
    Last edited: Mar 23, 2010
  16. miketrev

    miketrev Regular member

    Joined:
    Feb 1, 2009
    Messages:
    3,210
    Likes Received:
    0
    Trophy Points:
    46
    Just like to ad my two pennies worth. I have used afterdawn on a daily basis, everyday for the last year with non of these problems. I use Chrome & Firefox at home and IE @ work. I do not use any ad blockers at all.

    The only problem I every had with ADs ad's (afterdawns ads) was with that damn hummingbird sony ad. The humming birds would follow your cursor across the screen and when you went to click on a post, you would click on the hummingbird which brought you to sonys site. Haven't seen this for about a month though.

    I also find it very good that the mods & admins are actually actively trying to solve this problem.
     
  17. miketrev

    miketrev Regular member

    Joined:
    Feb 1, 2009
    Messages:
    3,210
    Likes Received:
    0
    Trophy Points:
    46
    Doh, double post! Ignore.
     
    Last edited: Mar 23, 2010
  18. Ketola

    Ketola Turned ninja Staff Member

    Joined:
    Jun 10, 1999
    Messages:
    1,244
    Likes Received:
    100
    Trophy Points:
    78
    If you run into problematic advertisements (advertisements that behave like you described above, or that cover content on the site or are clearly misplaced), please do send us feedback either via the discussion forums or by using the feedback tab at the right (or the contact link at the bottom).

    The advertisements shown for US and UK visitors at www.afterdawn.com are heavily geotargetted (i.e. visible only in countries specified by the advertiser), which means that most of the time we here at AfterDawn development never see them, and can't react to them. On our Finnish site we run a tight ship - no misbehaving advertisements are allowed on the site.
     
  19. KillerBug

    KillerBug Active member

    Joined:
    May 21, 2006
    Messages:
    3,803
    Likes Received:
    0
    Trophy Points:
    66
    I think this is why Bing is doing so well...google may have the best maps and the best search engine, but when you have to skip the first page of sponsored results (some of them viral, and already blocked!), you might as well be using AOL search!
     
  20. donewell

    donewell Regular member

    Joined:
    Nov 10, 2005
    Messages:
    437
    Likes Received:
    0
    Trophy Points:
    26

Share This Page