PDA

View Full Version : Banner add on DDO "may" contain malware.



M.ham
12-10-2009, 10:40 PM
Just a cautionary note regarding malware when closing browser after visiting forums.ddo.com website.

I opened a IE8 browser window in which Google is my only Home page. I clicked on my Favorites shortcut to DDO forums, browsed around for a while and then closed the browser window, immediately saw window popup saying I may be infected and do I want to install program called Antivir (note: this is not the same as the free SW from AVIRA). Behaviour is typical for a type of Malware called a Winfixer.

As with all malware you cannot know for sure where it comes from but the fact the only sites I visited were Google.ca and forums.ddo.com most likely means it was one of them. As Google does not use banner adds on their basic search page I can only assume that the code came from a banner add on forums.ddo.com.

We have been encountering this type of Winfixer lately at work. I do not recommend you close the warning dialogue box using the X, I would recommend you right click the app in the Task Bar and select "Close" or use Task Manager to close all processes with the name "iexplore.exe". Winfixer downloaders give you buttons that say "Cancel" or "Close" within the advert window but you risk actually clicking on an button that accepts or approves the download.

Just thought I would provide a warning in case others saw the same message.

M.

Lirial
12-11-2009, 12:46 AM
i got that the other night, and sure enough was only on ddo forums.

Soulself
12-11-2009, 12:50 AM
Got the same thing here wen i opened DDO home page a warning popped up that said a program was trying to install a torjan on my pc

Siro
12-11-2009, 09:06 AM
I opened a IE8 browser window

I think I found the problem.

Visty
12-11-2009, 09:08 AM
just wanted to say that too, dont use IE, problem solved

Gol
12-11-2009, 09:11 AM
Happened to me with Firefox last week.

Cedwin
12-11-2009, 09:13 AM
Most likely, you already have some form of malware on your computer that pops those messages up, unless you are saying that you don't go to any other websites at all except google and the ddo forums, but I doubt that's the case.

Gol
12-11-2009, 09:22 AM
Most likely, you already have some form of malware on your computer that pops those messages up, unless you are saying that you don't go to any other websites at all except google and the ddo forums, but I doubt that's the case.Most likely we're computer-savvy enough to know what we're talking about, unless you're calling us stupid and/or liars, but I doubt that's the case.

Zaodan
12-11-2009, 09:23 AM
AdBlockPlus

A must-have for all Firefox users.

Block those ads permanently.

angel_dragon
12-11-2009, 09:35 AM
I had the same thing happen on the DDO forums on Monday. I think DDO needs to check with there add department and see if there be threat to the forums.

Siro
12-11-2009, 09:36 AM
Happened to me with Firefox last week.

You're doing it wrong, see post 9:

"AdBlockPlus

A must-have for all Firefox users.

Block those ads permanently."

Missing_Minds
12-11-2009, 09:46 AM
I've never touched adblock once in my lifetime of using firefox/mozilla.

Been using noscript and never had an issue once.

Executie
12-11-2009, 09:46 AM
Gogo Sandboxie!

Firefox

LinkExtend

Adblockplus

No Script

WOT

Dr. Web

All in a limited rights enviornment..

Wheee!

Cedwin
12-11-2009, 10:19 AM
Most likely we're computer-savvy enough to know what we're talking about, unless you're calling us stupid and/or liars, but I doubt that's the case.

No, I'm just saying that I've been using these forums for quite a while now, with IE8 I might add, and I get none of these pop-ups you are seeing.

Basic trouble shooting, process of elimination. If I'm not having the problem, and I'm using the same browser, it must be something else.

To the OP, look up ComboFix, or MalwareBytes, and see if you have anything that might be causing the problems.

Cedwin
12-11-2009, 10:30 AM
My favorite banner ad so far. :p

http://i292.photobucket.com/albums/mm34/stevoli/Capture-1.png

Schmoe
12-11-2009, 10:37 AM
Happened to me with Firefox last week.

Here too. Using Firefox, I didn't get a pop-up, but my DDO Forums tab navigated away to a page containing the fake "Malware infection alert" warning. I had to shut down Firefox entirely.

LordJair
12-11-2009, 10:59 AM
IE7 here and zero problems with DDO forums and I seem to be spending way too much time here...I love the peeps who instantly jump to the conclusion that IE is to blame. I'm sure as h3ll no MS fanboy but FF has had more than its fair share of vulnerabilities - and as I seem to remember is one of the most problematic software items in companies that havent locked down their OS' properly as the 'users' who install it dont/cant keep them up to date...

http://www.tgdaily.com/security-features/44602-firefox-most-insecure-browser
http://readerszone.com/mozilla/most-insecure-browser-mozilla-firefox.html

for some of the many reports.

Back On Topic, maybe someones post has an external link on the site causing problems?

Good luck getting rid of them! Some can be awful :O

Off-topic, anyone who uses a social networking site like Facebook will probably be seeing dozens of these faux fixes lately. Sad times :(

M.ham
12-11-2009, 12:27 PM
Just an update: I was able to replicate the behaviour at work using forums.ddo.com.

Captured the link that the browser had been redirected to:

"http://removepcthreats2.cn/1/?sess=p2T30jTwMC03MiZpcD03Mi4xNzIuMTYwLjImdGltZT0x MjY2NUAMPQdN"

edit: I do not recommend pasting this link into a browser windows, do so at your own risk.

Note: this time it did not happen when the browser was closed, it happened when clicking on a thread header. Typically when clicking on a thread it reloads the forum page with a new banner add, in this case the forum page never loaded. The browser page was redirected to the above site and the dialogue box said: "Warning!!! Your Personal computer needs to install antivirus software! Antivir can perform fast and free virus and malicious software scan of your computer."

I am not sure if I can capture what banner add is causing this as the redirection seems to happen when page is refreshed and the banner add is not displayed, instead the page is redirected to the above link.

M.

ahpook
12-11-2009, 12:37 PM
I have been experiencing something similar. When surfing the DDO forums (w/FireFox) I sometimes get redirected to a page on the host: secure-zone-021.cn. This happens when loading a new page, all of a sudden I am sent to the wrong site.

It has happened 3 times over the past week or so.

It has never happened when checking out any other site. Only on forums.DDO.com

It seems like a banner Ad is redirecting me there but with the random load of the ads, it is impossible to tell.

It could be something else but my machine is currently free of malware. A corrupt SWF file banner ad in DDO's random rotation seems to be the simplest explanation.

Delt
12-11-2009, 01:08 PM
Ya, malware/viruses through banner ads is an annoying problem, especially lately it seems (I've had that antivirus system pro scamware try to infect my PC at least 5 times in the last month).

I happen to like IE though, and I'm too lazy to try to plug the holes. I have good virus protection, and some handy extras running (security task manager, etc) instead. For people who don't run relatively secure systems and use IE, sites with ad banners really, really suck.

Siro
12-11-2009, 01:44 PM
I've never touched adblock once in my lifetime of using firefox/mozilla.

Been using noscript and never had an issue once.

Even if not using it to block ads, one can use it to block known malware domains or top level countries. Like .cn, which seems to be the problem.

MrWizard
12-11-2009, 01:54 PM
turn off javascript when reading the forums...done.


you should have one browser for your banking sites.
You should have a different browser for your billing sites.
You should have a different browser for viewing the web


Cross browser hacks are not available at this time so it makes it much safer to do it this way.

I use IE8 for bank and one or two other sites ONLY.
I use firefox for web browsing with flash, adobe, javascript, and have a dozen other things disabled. I will, if the site is safe enough (like youtube or cnbc) enable javascript to view something then disable it.

Javascript VERY bad...VERY. Always disable unless really really needed. Webmasters who do not build sites without 'having' to use javascript are just poor coders.

Cedwin
12-11-2009, 02:05 PM
Javascript VERY bad...VERY. Always disable unless really really needed. Webmasters who do not build sites without 'having' to use javascript are just poor coders.

Sorry to say but if you visit any relatively new website, it's going to be loaded with javascript. Especially anything that uses ajax (web 2.0), asp.net, or FlashObject for loading flash. Disabling javascript will pretty much disable 99% of your browsing experience, unless you only visit static html websites.

Tolero
12-14-2009, 01:23 PM
We noticed that in the dev pit too. The fear of Khyber has been beaten into the ad folks now, and these abominations should be gone. If anyone gets one of these malware ads while viewing the forums, please report it to myself or one of the other community members right away!

dopey69
12-14-2009, 01:36 PM
I have my antivirus running all the time and on these forums it fends off an attack every half hour or so . Never or hardly ever does ne other time . This is my gaming comp and is only used for gaming . there is surley something prowling this site i have all the ip and comp numbers of the offenders but it seems to change a lot . so all prolly rerouted i think! it would be nice for turbine to clean their own website up

twix
12-14-2009, 02:03 PM
So this is where that stupid thing came from saying my comp is ****ed with viruses and ****.Silly ddo.com wear some protection.Go buy a rubber.

Dark_Helmet
12-14-2009, 08:40 PM
We noticed that in the dev pit too. The fear of Khyber has been beaten into the ad folks now, and these abominations should be gone. If anyone gets one of these malware ads while viewing the forums, please report it to myself or one of the other community members right away!

Just say no to banners ads. There are several products out there to block them (but you need to get a reputable one as some trojans are masquerading as banner blockers).

Seriously, Adobe Flash just had an update last week to take care of an exploit... and they aren't done yet. I wouldn't put flash banner ads on any reputable web site.

chubbs99
12-15-2009, 12:53 AM
I usually use Opera for my viewing pleasure... For some reason I can't log into the forums though with it. On IE7 instead

The easiest and most effective way to stop ads loading from any site is go veiw > soruce
Skim through till you find the site the ads are coming from (99% of the time "ad" or "ads" are used in the address) and then go Tools > Advanced > Blocked content and turn that ad server into a wild card (ie. http://ad.thissite.com/*" hit okay, reload the page and if you did it right ads will no longer load ;)

Most ads don't bug me to the point of pulling out this gun, only on sites filled with them, or where they cause slow loading times.

parvo
12-15-2009, 07:54 AM
We noticed that in the dev pit too. The fear of Khyber has been beaten into the ad folks now, and these abominations should be gone. If anyone gets one of these malware ads while viewing the forums, please report it to myself or one of the other community members right away!

So as Lars Heyton would say, "you beat them off, this time..."

Just eliminate the adds. They ruin the atmosphere of the forums.

t3pt6k
12-15-2009, 08:17 AM
Javascript VERY bad...VERY. Always disable unless really really needed. Webmasters who do not build sites without 'having' to use javascript are just poor coders.

Now that's just funny. Welcome back to the early 90s - just give me a list of links. Those that don't properly protect their computers against all of the threats out there are just poor consumers ... oh wait that'd be just another slippery slope