What the heck? Attack Site?

[Number1]

Google has completed its review of AT and the forums and has cleared us both You shouldn't be seeing that Malware error any longer and more importantly, you shouldn't be seeing anything trying to infect you either

Our admin staff was up all night working on the problem, if you see anything else that's strange feel free to contact me directly: anand@anandtech.com.

Take care,
Anand

Very good, thanks for the update, I think the survival of the site was at stake here. Thanks for keeping the adds off a while longer. It's important to make absolutely sure the problem is resolve.

 

[Anand Lal Shimpi]

Very good, thanks for the update, I think the survival of the site was at stake here. Thanks for keeping the adds off a while longer. It's important to make absolutely sure the problem is resolve.

I agree completely. My loyalty here is first and foremost to the users, pulling down the ads was not an issue. The only reason it took as long as it did was because initially it was difficult to figure out where this was coming from and then getting the right folks in place at a random time on a weekend to make the appropriate changes delayed things a bit longer.

Everyone is on it now and we're making some good changes going forward. You'll see the beginnings of it tomorrow...

Take care,
Anand

 

[Rubycon]

Thanks for taking the time to respond at a professional level.
I know if this [h]appened on another site there would've been massive bannings due to discussion of blocking ads.

Anand, I've always thought you did this for a passion and not just to make a buck. Of course it helps put food on the table but you know what I mean.

 

[tyler811]

yep it was antivirus soft. pissed me off that MS security essentials didn't get it

This is the same thing that people were getting on Facebook or myspace

 

[Red Squirrel]

Glad to see it's being taken care of, I'm looking forward to finding out what happened at the end.

 

[tyler811]

N/M

 

[StrangerGuy]

Ya know ever time I tried to come here the last couples of days it was slower then heck. Now they load right in. Is this because the ads are gone?

Rest assured ads will be back ASAP. Someone has to pay for the server bandwidth after all...

 

[tyler811]

Holy crap, I got that "Antivirus Soft" trojan too. Who would have guessed I got it from FORUMS FOR A COMPUTER WEBSITE. Good Lord. As everyone else said, it was a bitch to clean. Avira never caught it in the first place. It completely prevented me from running any program, and I couldn't get online in safe mode. I had to boot up normally then very quickly run task manager and kill it before it started blocking everything. Then it would keep coming back every few minutes so I had to mess with the registry and run Malwarebytes.

When a computer technology website is giving you viruses... well, that says a lot about that website.

You need to educate yourself before posting something so fucking ignorant.

 

[Red Squirrel]

Actually for those of you who did get infected, what browser/OS where you using? I still can't find anything on my PC but I'm still nervous there's something hidden that may have slipped in. Drive by viruses were not an issue before with firefox, but seems they are now. They've gone the way of IE sadly. It's still not as bad though, so I'm hoping it got blocked.

 

[drnickriviera]

XP SP3, Firefox 3.5.8

 

[BoomerD]

AFAIK, no infection here with IE8.
I've run McAfee A/V, malware bytes, AdAware, and Spybot to check.

I realize that doesn't mean there's no infection...but if so, I haven't been able to find any.

I never had the issues (warnings) that many here have had, so maybe I missed it.

 

[SunSamurai]

Thanks for taking the time to respond at a professional level.
I know if this [h]appened on another site there would've been massive bannings due to discussion of blocking ads.

Anand, I've always thought you did this for a passion and not just to make a buck. Of course it helps put food on the table but you know what I mean.

i c wat u did t[h]ar

 

[SunSamurai]

AFAIK, no infection here with IE8.
I've run McAfee A/V, malware bytes, AdAware, and Spybot to check.

I realize that doesn't mean there's no infection...but if so, I haven't been able to find any.

I never had the issues (warnings) that many here have had, so maybe I missed it.

You still have windows installed dont you. :awe:

 

[BoomerD]

You still have windows installed dont you. :awe:

Oh noes...I've been slighted by a fanboi of one of the "other" O/S's...

 

[Engineer]

I just clicked on an article on the main page and received this (was a big red warning - I just cut and pasted the text here)...

Reported Attack Site!













This web site at www.anandtech.com has been reported as an attack site and has been blocked based on your security preferences.










Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

Of course, I came here to see if anything was up and found this thread. Should this have been cleared already? A lag perhaps?

 

[GodlessAstronomer]

Actually for those of you who did get infected, what browser/OS where you using? I still can't find anything on my PC but I'm still nervous there's something hidden that may have slipped in. Drive by viruses were not an issue before with firefox, but seems they are now. They've gone the way of IE sadly. It's still not as bad though, so I'm hoping it got blocked.

The virus exploited a vulnerability in Adobe Reader, it's hardly fair to blame Mozilla for that. All Firefox does is pass the infected PDF over to Reader.

 

[Red Squirrel]

The virus exploited a vulnerability in Adobe Reader, it's hardly fair to blame Mozilla for that. All Firefox does is pass the infected PDF over to Reader.

Ah so it's been determined it was PDF reader? I knew it was mentioned but was not sure if it was just an assumption. I just uninstalled it because I use Foxit. I should have uninstalled it when I installed foxit, but it never crossed my mind... not sure whether or not it was embeded in my browser though.

I'm thinking I'm safe and did not get it. I did a bunch of scans, looked for weird processes etc. Its stupid that pdf even has security flaws. It should not even be doing anything that would give it access outside it's own scope. It's just a static viewer! Adobe = fail.

 

[mechBgon]

Drive by viruses were not an issue before with firefox, but seems they are now.

Attack suites have been compromising FireFox users for years using this same general modus operandi, a multi-pronged attack on secondary stuff like Flash, Reader, WinZip, RealPlayer, Java and other stuff that can be called up via the browser. Welcome to, like, 2007.

They've gone the way of IE sadly.

Actually, if FireFox ever goes the way of IE, and gets a Protected Mode, you'd be considerably safer from this sort of thing, since PM stops it at this stage:

Maybe FF 4.x will bring some sort of sandboxing to the table. In the meanwhile, if you prefer FF, try running it in Sandboxie. And of course, uninstall stuff you don't use, check the rest with Secunia PSI, fully arm your Data Execution Prevention, enable SEHOP, and keep UAC enabled.

 

[Hacp]

I don't have adobe reader. Am I safe?

 

[mechBgon]

I don't have adobe reader. Am I safe?

Not necessarily. When I visited the attack page, it also attempted a Java exploit, and probably had a few other gos at my system too. If you want to be safer, I have a suggested approach here for Windows XP/Vista/7. If you're not ready for the whole enchilada, at least make sure you've done steps 3-7, and 13-15.

 

[Imyourzero]

I noticed the warning message in Chrome and did a little surfing yesterday but thankfully escaped unscathed.

I'm curious -- would having UAC enabled have prevented the software from installing? I saw posts from a lot of people who got bitten; surely all of them aren't on XP or Vista/7 machines with UAC turned down or off...

 

[Hacp]

Not necessarily. When I visited the attack page, it also attempted a Java exploit, and probably had a few other gos at my system too. If you want to be safer, I have a suggested approach here for Windows XP/Vista/7. If you're not ready for the whole enchilada, at least make sure you've done steps 3-7, and 13-15.

Well I already use a non-admin account for everything. I did a safe mode scan with malware bytes and nothing turned up but I'm still a bit worried.

 

[tyler811]

Well I already use a non-admin account for everything. I did a safe mode scan with malware bytes and nothing turned up but I'm still a bit worried.

Then do it twice I did lol

I disabled system restore went into safe mode used Malwarebytes, Avira and Spybot Search and Destroy. Twice

Found a browser highjacker on my laptop using malewarebytes but I never noticed anything out of the ordinary. Anway cleaned and ran everything a second time. Clean as a whistle on all six of my machines. Took up my whole afternoon but what the heck it is raining and I got to nap in between. ^_^

 

[drnickriviera]

The virus exploited a vulnerability in Adobe Reader, it's hardly fair to blame Mozilla for that. All Firefox does is pass the infected PDF over to Reader.

Nope, I don't even have adobe reader installed. Looks like there were multiple types of attacks

 

[gorobei]

i've had no problems/attacks

vista 64 hp
firefox 3.6.2 + adp + foxit
acrobat not installed
avast