What the heck? Attack Site?

[Matthiasa]

I didn't get anything from that.

 

[Fenixgoon]

i tried going to the Bench-CPU section and got a warning.

 

[Red Squirrel]

Did anyone actually get infected with anything through firefox? I'm assuming I'm safe, but I don't want to assume wrong, maybe something did attack me and I just don't know it. Running a Malwarebyte scan now so far so good.

 

[ponyo]

I got hit last night using Chrome. That was one nasty malware. Spent about 2 hours removing it using malwarebytes. Spybot did nothing.

Now I'm back to using Firefox, adblock plus, and no script on all my computers.

 

[Anubis]

It's easier to just white-list, Anubis.

Everything is black, until you white-list them.

-John

i know but its more work

 

[Hacp]

Did anyone actually get infected with anything through firefox? I'm assuming I'm safe, but I don't want to assume wrong, maybe something did attack me and I just don't know it. Running a Malwarebyte scan now so far so good.

If nothing happened to you, chances are you're infected.

 

[Zorkorist]

Did anyone actually get infected with anything through firefox? I'm assuming I'm safe, but I don't want to assume wrong, maybe something did attack me and I just don't know it. Running a Malwarebyte scan now so far so good.

While I was attacjed more than once, I don't believe the code actually ran.

-John

 

[Red Squirrel]

If nothing happened to you, chances are you're infected.

I did get that firefox warning, but thinking there's always the possibility that something else got through.

Ironicly as I read your post I got an avira popup about some trojan in my temp internet files. I hope it never got executed.... but this can't be good.

Worse thing is, I have noscript for crap like this to be stopped, but this site is white listed... too bad you can't white list on a per script bassis or per function bassis. At least block out the js functions that are capable of accessing your computer. There's zero reason why JS should even have access to stuff outside of it's own scope variables.

 

[Ozoned]

Images are the source of the problem.

 

[mechBgon]

As I mentioned in the Technical Forum Issues thread, this would be a good time for a checkup. To save some typing...

This would be a good time for Windows users to give their rigs a check with the Secunia PSI utility, and for users of other OSes to manually confirm that their Adobe Flash Player and Adobe Reader installations (if present) are fully up-to-date.

http://secunia.com/vulnerability_scanning/personal/ Secunia says 98% of first-time scans find at least one program that needs a security patch. You?

http://get.adobe.com/flashplayer/

http://get.adobe.com/reader/

Moar security tweaks for Windows: http://www.mechbgon.com/security Vista/7 users, note the new SEHOP item.

Also make sure your Data Execution Prevention's fully enabled:

 

[AnonymouseUser]

Images are the source of the problem.

Wrong. Javascript loads a malicious PDF, and if you have the Adobe Reader plugin you get hosed.

Did anyone actually get infected with anything through firefox? I'm assuming I'm safe, but I don't want to assume wrong, maybe something did attack me and I just don't know it. Running a Malwarebyte scan now so far so good.

I would suspect that all browsers that have enabled the Adobe Reader plugin are susceptible.

 

[Zorkorist]

The only real lesson to be learned here is that Anandtech has no idea when, why, or where they are serving up viruses.

The rest of us, that pracrice safe browsing will remove them from white-list.

How can you POSSIBLY RUN a website, and not whitelist your ads?

-John

 

[miri]

If you use firefox + adblock + noscript are you safe from the recent attacks?

 

[mechBgon]

I would suspect that all browsers that have enabled the Adobe Reader plugin are susceptible.

In IE Protected Mode, you would get a "this program will open outside of Protected Mode" prompt that you could cancel, ending the attack. Here's a screenshot of an actual visit to the attack site:

Protected Mode FTW. If you get unexpected Protected Mode dialogue boxes out of the blue, like the one pictured above, obviously you should not allow them.

 

[Zorkorist]

No. You are more vulnerable, because you think you are safe.

-John

 

[Red Squirrel]

How do I check if that PDF plugin is enabled? I have foxit, but come to think of it, I still have adobe installed. Uninstalling it now...

 

[Zorkorist]

From my understanding, if you have the virus, you know it.

If your computer is operating normally, you do not have the virus.

-John

 

[vi edit]

From my experience it was an obvious problem -

1) I had popups in my lower right hand icon tray saying stuff like "You have internet attacks from IP 204.XXX.XXX" and a host of others. And a window's security agent looking popup menu would come up asking if I wanted to run antivirus.

2) If you opened up IE it would redirect to some fakesecurity.microsoft.com domain (a result of the Proxy hijack)

3) If I tried to run any legitimate antivirus on my machine or msconfig I'd get an error that some exe was infected and that I needed to pay to upgrade my security software

Oh and even if I disabled my NIC I still had this thing popping up telling me I had various IP addresses attacking me.

 

[JEDIYoda]

The only real lesson to be learned here is that Anandtech has no idea when, why, or where they are serving up viruses.

The rest of us, that pracrice safe browsing will remove them from white-list.

How can you POSSIBLY RUN a website, and not whitelist your ads?

-John

obviously you have no clue.......
If you read Anands response earlier you would understand that what you just said was plain stupid!!

 

[Anubis]

As I mentioned in the Technical Forum Issues thread, this would be a good time for a checkup. To save some typing...


stuff
Also make sure your Data Execution Prevention's fully enabled:

funny thing about Secunia, i cant seem to get flash to show up as anything but insecure, even after downloading the solution

 

[Zorkorist]

Educate me, fuck face.

-John

 

[FelixDeCat]

By the way, Ive been getting hit with this stupid malware from different sites going back to early January. I suspected it was Peer Block that was doing it, and removing the software did decrease the attacks (see my thread on the issue: http://forums.anandtech.com/showthread.php?t=2052031&highlight=peerblock)

But this is what it looked like on MSE:

 

[mechBgon]

funny thing about Secunia, i cant seem to get flash to show up as anything but insecure, even after downloading the solution

1) Try a reboot.

2) if a subsequent scan still shows vulnerable versions of Flash after rebooting, run the Flash Player Uninstaller, then reboot, then install the latest version of Flash into whichever browser(s) you use.

Any good?

 

[Anubis]

2) if a subsequent scan still shows vulnerable versions of Flash after rebooting, run the Flash Player Uninstaller, then reboot, then install the latest version of Flash into whichever browser(s) you use.

Any good?

yea that worked

 

[Anand Lal Shimpi]

Quick update:

1) All ads are off the site.

2) We've submitted a review request to Google. These usually take several hours to complete. Once we come back clean, the malware warnings will disappear.

3) At the same time, we're working to fix the root cause of the problem.

More updates as I get them. Thank you all for helping each another out and being patient with us while we work through this.

Take care,
Anand