What the heck? Attack Site?

[guyver01]

Quick update:

1) All ads are off the site.

2) We've submitted a review request to Google. These usually take several hours to complete. Once we come back clean, the malware warnings will disappear.

3) At the same time, we're working to fix the root cause of the problem.

More updates as I get them. Thank you all for helping each another out and being patient with us while we work through this.

Take care,
Anand

:thumbsup:

 

[RebateMonger]

In IE Protected Mode, you would get a "this program will open outside of Protected Mode" prompt that you could cancel, ending the attack. Here's a screenshot of an actual visit to the attack site:

That's what I was getting (in I.E. 8). I couldn't imagine why AnandTech Forums would need the Acrobat 3D tool, so I denied the requests. But I can certainly imagine some folks allowing the request.

My installation of Win7 is one-week-old, so there's not much installed and everything is up-to-date. I'm glad I didn't click on "Allow", though.

Edit: I ran a quick MalwareBytes scan and a full Microsoft Security Essentials scan. Nothing detected on my new PC.

 

[Zorkorist]

Thanks, Anand. I have not seen the virus since the ads disappeared.

-John

 

[GodlessAstronomer]

This makes me glad I blocked AT's ad providers in my hosts file months ago. Thanks AT for making your ad servers incredibly slow and unreliable! You saved me a couple of hours of screwing around with malware removal.

127.0.0.1           dynamic2.anandtech.com
127.0.0.1           tenzing.fmpub.net
127.0.0.1           edge.quantserve.com

FTW

 

[Zorkorist]

It's easier and safer just to white-list.

-John

 

[RebateMonger]

Thanks AT for making your ad servers incredibly slow and unreliable!

I noticed that AnandTech page load times, which had been running very long lately, are near-instant now. The load times were getting pretty painful, especially since I only browse the non-graphical Forum pages.

 

[GodlessAstronomer]

I noticed that AnandTech page load times, which had been running very long lately, are near-instant now. The load times were getting pretty painful, especially since I only browse the non-graphical Forum pages.

I recently stopped using ad blockers as a way of supporting the websites that give me so much free content, but I intentionally blocked the AT ads because of the ridiculous load times. Like I said earlier in this thread, AT should start using a reliable ad provider like Google just like everyone else on the internet. Yeah, you might get slightly less revenue, but how many of your users are now blacklisting or using adblockers because of this incident?

 

[Zorkorist]

I thought you blocked to try and improve performance.

If the incident you are speaking of is tonights, then, I would wait and give the ops time to respond.

-John

 

[KillerCharlie]

Holy crap, I got that "Antivirus Soft" trojan too. Who would have guessed I got it from FORUMS FOR A COMPUTER WEBSITE. Good Lord. As everyone else said, it was a bitch to clean. Avira never caught it in the first place. It completely prevented me from running any program, and I couldn't get online in safe mode. I had to boot up normally then very quickly run task manager and kill it before it started blocking everything. Then it would keep coming back every few minutes so I had to mess with the registry and run Malwarebytes.

When a computer technology website is giving you viruses... well, that says a lot about that website.

 

[AnonymouseUser]

I recently stopped using ad blockers as a way of supporting the websites that give me so much free content, but I intentionally blocked the AT ads because of the ridiculous load times. Like I said earlier in this thread, AT should start using a reliable ad provider like Google just like everyone else on the internet. Yeah, you might get slightly less revenue, but how many of your users are now blacklisting or using adblockers because of this incident?

So what do you do when even Google isn't immune to malware? More info.

 

[Zorkorist]

What do I do when people say, Google?

I say they are the new Microsoft.

Pervasive, intrusive, and, in the end, expensive.

Google! You sing out... like they are anything but the next Hi Tech company to be darlings.

-John

 

[Zorkorist]

When a computer technology website is giving you viruses... well, that says a lot about that website.

I couldn't agree more.

-John

 

[Zorkorist]

Can you imagine how big a target Dell, HP, Commodore, Atari are?

-John

 

[JEDIYoda]

Educate me, fuck face.

-John

Gladly douche nozzle----

Here is what Anand said, had you read anands post instead of opening your mouth to insert your foot you would have at least had a clue...instead of showing your ignorance!!

Anand--Hey guys, we've seen it too and we're trying to track down which ad is causing it. If you do get the above error and are willing/able to could you email me the source to the page? It looks like the malware may be served by a 3rd party's ad server that we have no control over, so as soon as we know exactly which ad it is, we can kill it. I'm working on getting some suspect ads pulled right now.


Take care,
Anand

 

[ViRGE]

I noticed that AnandTech page load times, which had been running very long lately, are near-instant now. The load times were getting pretty painful, especially since I only browse the non-graphical Forum pages.

That has less to do with taking down the ad servers and more to do with the fact that the site was getting slammed once AT's GTX 400 series review went up. The site was slow on Friday even with things blocked.

 

[GodlessAstronomer]

That has less to do with taking down the ad servers and more to do with the fact that the site was getting slammed once AT's GTX 400 series review went up. The site was slow on Friday even with things blocked.

The ad servers have been slow for years.

 

[JJChicken]

Hey guys, for a non-techie like myself, is there anything to be worried about? Do I have a virus???

 

[Locut0s]

Hey guys, for a non-techie like myself, is there anything to be worried about? Do I have a virus???

Shouldn't be too worried. Are you using Firefox? If so then just make sure you don't bypass the site warning. If not you probably are ok also. Just do a virus and or malware scan if you are concerned.

 

[TruePaige]

Hey guys, for a non-techie like myself, is there anything to be worried about? Do I have a virus???

Yes. It is a mass mailer.

Everywhere you go you send out copius amounts of hope and change.
:awe:

 

[JJChicken]

Shouldn't be too worried. Are you using Firefox? If so then just make sure you don't bypass the site warning. If not you probably are ok also. Just do a virus and or malware scan if you are concerned.

I use Opera. I haven't had any site warnings. Thanks for your help, I'm re-assured now

Yes. It is a mass mailer.

Everywhere you go you send out copius amounts of hope and change.
:awe:

lol

 

[TruePaige]

I use Opera. I haven't had any site warnings. Thanks for your help, I'm re-assured now




lol

I knew you used Oprah already, didn't know she had a browser though. Thought she just campaigned for you.

 

[yepp]

Avast block these while i was browsing the forums last night:

That could be your culprit.

Not going to post those links directly since some people are stupid enough to click on them.

 

[Homerboy]

Holy crap, I got that "Antivirus Soft" trojan too. Who would have guessed I got it from FORUMS FOR A COMPUTER WEBSITE. Good Lord. As everyone else said, it was a bitch to clean. Avira never caught it in the first place. It completely prevented me from running any program, and I couldn't get online in safe mode. I had to boot up normally then very quickly run task manager and kill it before it started blocking everything. Then it would keep coming back every few minutes so I had to mess with the registry and run Malwarebytes.

When a computer technology website is giving you viruses... well, that says a lot about that website.

It really wasnt that hard to clean out. Boot to safe mode with networking.
Get/run rkill.com
scan with malwarebytes.
done.

 

[hclarkjr]

As I mentioned in the Technical Forum Issues thread, this would be a good time for a checkup. To save some typing...

i ran the Secunia PSI utility and got 100% secure system, so no script is doing its job for me

 

[Anand Lal Shimpi]

Google has completed its review of AT and the forums and has cleared us both You shouldn't be seeing that Malware error any longer and more importantly, you shouldn't be seeing anything trying to infect you either

Our admin staff was up all night working on the problem, if you see anything else that's strange feel free to contact me directly: anand@anandtech.com.

Take care,
Anand