Virus from this site or very rare coincidence? (1 Viewer)

Status

Doppy

Thread Starter
SatelliteGuys Pro
Aug 24, 2006
239
0
So, two days ago I only had this site open and facebook open for about two minutes. Then suddenly spyware popped up titled XP internet security 2012 and was one of those types of spyware that blocka you from opening programs and wants your credit card info. I removed the spyware using methods found online. Then yesterday i went back to sarelliteguys with about 4 other sites opened at the same time, but all trusted sites i visit on a daily basis and have not had any trouble with since the following incident. This time i got a weird error from adobe reader which wasnt even open, and had to click ok 3 times for 3 dialog boxes. Never seen that error before and havent made any chabges to adobe reader. Could it have been malware trying to get into my pc through adobe?
So it seems rather odd that satguys was open both times when i received the spyware and the weird adobe occurence. So whats the deal? Has anyone else experiencex this lately? Maybe its from one of those ztupid rotating ads since it took a minite or two to happen each time. Please tell me what is happening becauze i refuse to visit thte site on my pc until i hear if it is the cause of the malware. Right now im on my phone so please excuse all the typos.
 
Last edited:

Magic Static

FTA Geek
Staff member
HERE TO HELP YOU!
Lifetime Supporter
Oct 12, 2010
7,350
4,645
Montana
It's coincidence. If it were a problem you wouldn't be the only one after it. Those anti-virus/malware gotchas can be unbeleivably difficult to remove. They appear to be gone after removal processes and reappear a week later. To be sure , wipe the drive.

From what you said so far, I'd say you been "FaceBooked" Now there's a nasty site full of e-mines.
 
Last edited:

Ilya

XXI Century Explorer
Staff member
HERE TO HELP YOU!
Lifetime Supporter
Feb 16, 2004
21,240
5,703
NE OH
Do you have an antivirus running on your computer? In addition to running antivirus, make sure you are up-to-date on all patches and updates. It is critical these days, not only to run Windows update, but also to update any browser plug-ins/add-ons. Particularly, Java, Adobe Flash, Adobe Reader, etc. A lot of viruses are getting through security holes that are being found in those plug-ins all the time. Adobe has been releasing patches and updates almost monthly. Go to Adobe.com and install the latest versions directly from there.

Once your computer is compromised you will start getting strange pop-up ads no matter what site you visit. Don't assume that it's coming from the sites you have open at the moment. Most likely it has nothing to do with them.

Sent from my iPhone using SatelliteGuys
 

radio

"On the Air" in MI
Pub Member / Supporter
Oct 13, 2007
3,659
895
West Central Michigan
You're on one of the most carefully monitored and maintained (quality, content, safety, not necessarily in that order) and may actually find being here may be the best HELP you could get for your problem! Don't be afraid to ask as you work your way through it! There are members here for most every "tech" need and interest.
 

Scott Greczkowski

Welcome HOME to SatelliteGuys!
Staff member
HERE TO HELP YOU!
Sep 7, 2003
98,754
16,040
Newington, CT
All syndicated ads that run here are screened and deamed to be safe by the ad agencies who serve them.

We actually have fired ad agencies for letting crap get through.

With that said my wife got hit last week while her browser was left open on Facebook. Looks like it got in through a rouge flash ad on Facebook. She. Would have got it if she kept her flash player up to date. :)

Now she knows.
 

sergei

SatelliteGuys Pro
Aug 29, 2007
1,266
5
iowa
Another site that I like to read (Right of Middle) has reported again a problem with the web site Download.com which is part of CNET. If you've downloaded from them lately you might have gotten something from them. Some might find the site interesting and the article he posts.

Download.com Problems

Many years ago, when the Internet was still a fraction of what it is today, download.com was the place to go to find interesting or useful freeware and shareware. I haven’t visited it much lately because I prefer to go directly to the website of the developer, or perhaps use Sourceforge when possible/necessary. After C|Net purchased Download.com, it just didn’t have the same “feeling” and frankly, I was skeptical of the process.
One of my most favorite tools in my toolbox is Nmap. Anyone who knows anything about the art of digital security knows what Nmap is and what it can do. I’ve been an Nmap user for… well, a long time. But again, I go directly to Fyodor’s website so I know that I’m getting the most up to date release, and to avoid any potential shenanigans from middleman sites like Download.com.
As it turns out, I was right to be suspicious of Download.com. If you use them, you should be wary of them too. They profess to be free of malware and adware, but as Fyodor recently discovered, that is absolutely not the case. It turns out C|Net installs (or tries to install) a number of other “goodies” on your system when you use them to get software. This sent Fyodor over the edge yesterday, and the word has spread across the Internet like wildfire. He has a great write-up on his site about the situation, which is far from over.
C|Net should be ashamed of themselves. Professing to be free of malware might be true if you’re only referring to things like the latest virus, Trojan, or worm. But I’m willing to bet that none of you reading this would unknowingly permit your Internet search settings to be changed. Nor would any of you be willing to have other ad-related software, toolbars, or add-ons put on your system simply because you chose to get your software from Download.com.
For my part, I will no longer visit anything related to C|Net until they clean up their act. There are many people out there who are simply not aware of what happens when you blindly click “Yes” to the boxes that pop up during an installation routine, and the very last thing that any company should do is prey on that. Especially a company that is as old and (used to be trusted) like C|Net.
Stay away from Download.com, folks. Your PC and your favorite PC repair technician will thank you.
 

Polarys425

Member
Dec 2, 2011
14
0
Grottoes, VA.
I have on two occasions had my antivirus software inform me of a blocked intrusion attempt while on this site. This time, just a few minutes ago it happened for the second time and is why I found this thread. The only other site I had open this time was the Dtv firmware watcher site. I have a suspicion it invloves an ad stream hack.

The attacking ip was 72.51.44.40 I've pasted the info below that i found on this ip. ***** I have not clicked on the three domains listed as being hosted on this ip, caution advised******

IP Location


IP Address:72.51.44.40City:Los AngelesState/Region:CaliforniaCountry:United StatesZIP Code:90001Latitude/Longitude:34.052°, -118.244°Time Zone:America/Los AngelesCurrent Time:8:48 PM on Dec. 11, 2011


Host Details


IP Address:72.51.44.40IP Block Start:72.51.32.0IP Block End:72.51.47.255Reverse DNS:miscomma4.specialweboffer.infoHost/ISP:peer 1 Network Inc.
Domains Hosted on IP 72.51.44.40 (3)
goldenmile (dot) net
hospitalityonthepark (dot) net
rowntreeenterprises (dot) net




Host Analysis:

IP address 72.51.44.40 is located within an IP block ranging from 72.51.32.0 to 72.51.47.255 with CIDR 72.51.32.0/20 and netmask 255.255.240.0. According to a DNS lookup, the host name attributable to this IP is miscomma4.specialweboffer.info. Other information about this IP block suggests that users of 72.51.44.40 are in the vicinity of Los Angeles, CA, USA, located at 34.05223° latitude, -118.24368° longitude (indicated on the map to the right), and are users of an ISP called Peer 1 Network Inc.. The ZIP code from this locale is 90001, and the time zone is America/Los Angeles.
We have further analyzed this IP address and found that several domains name are currently mapped to it, such as hospitalityonthepark (dot) net, goldenmile (dot) net, and rowntreeenterprises (dot) net. This suggests that the IP address is being used by a server (rather than an end user) to vend web pages or other on-line content.
 
Last edited by a moderator:

sergei

SatelliteGuys Pro
Aug 29, 2007
1,266
5
iowa
I would say that your system has already been infected as I come to this site everyday and never has my antivirus software detected anything nor has my firewall send me a alarm and I get alarms that sites from Japan to Russia have done a port scan. So I'd say you need to recheck you software or your system for traces of that web site, because it wasn't from here.
 

Polarys425

Member
Dec 2, 2011
14
0
Grottoes, VA.
Yeah well, being in computers and in the biz for 15+ years, I can say it's not originating from my computer. Its either tied to this site or the firmware tracker site. Both times its happened, I've had those two sites open. Do what you want. I provided the info for anyone who wants to look into it, but it sounds like i wasted my time.
 

Polarys425

Member
Dec 2, 2011
14
0
Grottoes, VA.
Thanks, it may well be coincidence. However I posted so that the powers that be could at least err on the side of caution. I did run a few scans- virus, malware, rootkit, etc (including deep scans run out of the windows environment) and all came back clean as I expected. It may be related to the Firmware Watcher site, or neither. I just found it odd that both times I've gotten the message from my antivirus I was on this site and the Firmware Watcher. The first time though, I had some other sites up as well. The second time, just this site and FW.
 

Scott Greczkowski

Welcome HOME to SatelliteGuys!
Staff member
HERE TO HELP YOU!
Sep 7, 2003
98,754
16,040
Newington, CT
Thanks, I have been through everything and also checked with our ad agency and all of them claim all their ads being served are safe. :)

To be honest I would rather have people report stuff like this just in case, as who know what some of these smart hackers can do. :)
 

scoobyxj

SatelliteGuys Pro
Jul 14, 2009
335
1
Ohio
I hate to bust your bubble but there are way more than three add streams on this site. My add blocker blocks anywhere from 8-14 adds every time I get on here. With a few of them being known tracker carriers. Unless you have a strong add blocker installed I feel visit at your own risk.
 

sergei

SatelliteGuys Pro
Aug 29, 2007
1,266
5
iowa
Like others have said, if this site had been infected by anything I'm sure you would have heard from a lot more members than just one. I'm glad that you took a positive position on checking on it as some of this stuff is nearly impossible to get rid of. That's one reason I have a backup server that has a DLT IV tape unit that I backup all my PC's and servers data so I can do a rebuild if necessary.
 

navychop

Member of the Month - July 2014!
Pub Member / Supporter
Lifetime Supporter
Jul 20, 2005
51,031
15,941
Northern VA
....He has a great write-up on his site about the situation, ......

My Trend Micro Corporate is reporting the above as a malicious URL and is blocking it.




Website blocked by Trend Micro Worry-Free Business Security

Malicious website blocked

http://insecure.org/news/download-com-fiasco.html
Rating: Dangerous Verified fraudulent page or threat source.
What You Can Do:

* Contact your administrator about security settings on your network
* I understand the risks and I want to continue browsing

Copyright © 2006-2010. Trend Micro™ Incorporated. All rights reserved.
 

Hall

SatelliteGuys Master
Feb 14, 2004
18,409
3,192
Germantown OH
Yeah well, being in computers and in the biz for 15+ years, I can say it's not originating from my computer. Its either tied to this site or the firmware tracker site. Both times its happened, I've had those two sites open. Do what you want. I provided the info for anyone who wants to look into it, but it sounds like i wasted my time.
What browser do you use ?
 

sergei

SatelliteGuys Pro
Aug 29, 2007
1,266
5
iowa
My Trend Micro Corporate is reporting the above as a malicious URL and is blocking it.

I haven't received any warnings from my software when opening the URL, but if others are also seeing a warning when going to the page then my posting should be deleted. Every scanning tool will not identify every possible problem. Some tools will detect things that others will miss and that maybe the issue here.

As an update I went to Google's malware database and checked the the URL and came back with the following:
Safe Browsing

Diagnostic page for insecure.org


What is the current listing status for insecure.org?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Of the 44 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-12-13, and suspicious content was never found on this site within the past 90 days.This site was hosted on 2 network(s) including AS6939 (HURRICANE), AS8121 (TCH).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, insecure.org did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.


 
Last edited:

Hall

SatelliteGuys Master
Feb 14, 2004
18,409
3,192
Germantown OH
Every scanning tool will not identify every possible problem. Some tools will detect things that others will miss and that maybe the issue here.
And many tools will give false alarms... Google Chrome, which I believe has some built-in tools, reports nothing wrong with that site.
 
Status

Users who are viewing this thread

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Top