CHUD.com Community › Forums › THE CHEWERS › The Chewers Catch-All › Malware/virus Report Thread
New Posts  All Forums:Forum Nav:

Malware/virus Report Thread

post #1 of 40
5/11/10 at 4:44am
Thread Starter 
This thread is to report instances of malware/virus attacks on CHUD. We are aware of the latest round of reports and have been working with Gorilla Nation to figure it out. As of this afternoon Gorilla Nation disabled some of our ads, and we're hoping that fixes the problem.

Please only report issues that occur AFTER the posting of this thread. It's important for us to be able to tell if disabling the ads fixed the problem.

Please do not post anything EXCEPT reports here. Please be as precise and detailed as possible. If you have a screenshot, that will help as well.

Posting ANYTHING except reports in this thread will be considered trolling. Trolls will be banned.
Reply
post #2 of 40
5/11/10 at 11:55am
Happening again this morning.

Unfortunately my Avira software is not letting me screenshot anything without first getting rid of the threat, but here is what it says the threat is:

Tr/dldr.mufanom.say trojan

I have no idea what that means, but I hope it helps. It was happening on the main CHUD page and in the MB area.
Reply
post #3 of 40
5/11/10 at 12:08pm
My work Pc crashed an hour ago. They are doing a clean format on it right now. Couldn't get a screen, the system just rebooted itself and then couldn't start up due to windows components missing.

I'm not 100% sure it's because of Chud, but that's one of the sites i was browsing.
Reply
post #4 of 40
5/11/10 at 2:31pm
Thread Starter 
Quote:
Originally Posted by bob loblaw View Post
Happening again this morning.

Unfortunately my Avira software is not letting me screenshot anything without first getting rid of the threat, but here is what it says the threat is:

Tr/dldr.mufanom.say trojan

I have no idea what that means, but I hope it helps. It was happening on the main CHUD page and in the MB area.
Do you remember what ads were displaying by any chance? Also, which articles on the main page were you looking at?
Reply
post #5 of 40
5/11/10 at 3:10pm
Quote:
Originally Posted by devincf View Post
Do you remember what ads were displaying by any chance? Also, which articles on the main page were you looking at?
I know I had a couple of warnings come up after clicking the FORUMS button from the main page. I didn't take notice of which ad banner was up, however.

I have been to the Forums page this afternoon without incident so far. The AD banners ive seen this afternoon include PROGRESSIVE, GI JOE, GROUPON, RUNNER'S WORLD, SWAMI with the DAYBREAKERS ad, KIN, and BING on the main page.
Reply
post #6 of 40
5/11/10 at 3:11pm
Thread Starter 
Thanks.
Reply
post #7 of 40
5/11/10 at 3:18pm
I have noticed only malwarebytes detecting an unauthorized port scan. Only on the forum. could not screen shot and did not recall the ad. Fairly useless, but wanted to note I see nothing on the main page.
Reply
post #8 of 40
5/12/10 at 5:19pm
At my office just now, I went to the "Mandarin in IM3" article, and the ad just to the right of the article was blocked by my company's virus software. If it helps, here's the text it showed:

"Blocked due to a virus being found(80)
The transferred file contained a virus and was therefore blocked by McAfee Web Gateway!
URL: http://googleads.g.doubleclick.net/p...p%3A//chud.com (IP removed by me)
User: (Info removed by me)
Policy: proxy-global-access (PROXY-GLOBAL-ACCESS)
Categories: Web Ads (wa)
File Name: ads
Media Type: text/html
Virus Name: McAfeeGW: Heuristic.Script.Infected.WebPage "

Hope that helps.
Reply
post #9 of 40
5/25/10 at 12:15pm
Found another one, this time it comes up at the bottom of the NFL 2010 thread in the sports forum:

http://googleads.g.doubleclick.net/p...p%3A//chud.com ()
User:
Policy: proxy-global-access (PROXY-GLOBAL-ACCESS)
Categories: Web Ads (wa)
File Name: ads
Virus Name: McAfeeGW: Heuristic.Script.Infected
Reply
post #10 of 40
9/7/10 at 12:18pm
Just got a warning from Google Chrome. Got the following message when I was on page 2 of "New Posts."

Malware Detected!

The website at chud.com contains elements from the site blog.lost.ro, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for blog.lost.ro.
Learn more about how to protect yourself from harmful software online.
Reply
post #11 of 40
9/7/10 at 12:27pm
Got it again while trying to open the Stardust (2007) thread.

Here's a screenshot of the message.

[IMG][/IMG]
Reply
post #12 of 40
9/7/10 at 3:06pm
I am also on Chrome, and got the same message when I tried to open the Stardust thread.
Reply
post #13 of 40
9/7/10 at 3:08pm
When I was trying to PM someone, this insurance ad popped up over whole screen. It has happened twice.
Reply
post #14 of 40
9/7/10 at 3:58pm
I'm on a Mac, and the Stardust thread is giving me the same exact warning in Chrome. Firefox is just loading everything normally, though it did seem to pause or hitch a little on first loading the thread.
Reply
post #15 of 40
9/7/10 at 4:02pm
Ok, did a little poking around in the thread and checked the URL's of all of the images posted in the thread. It looks like the problem is with the image that Princess Kate hotlinked/leeched in post #41 on
03-18-2010, 07:31 PM . The URL suffix matches the error message, and when I tried to "View Image" in Firefox, I got a warning message. Can a mod edit her post or PM Kate to remove the link?
Reply
post #16 of 40
9/7/10 at 4:30pm
Links to the actual posts please?
Reply
post #17 of 40
9/7/10 at 4:36pm
Can we Ban kate now?
Reply
post #18 of 40
9/7/10 at 4:37pm
Quote:
Originally Posted by Nick Nunziata View Post
Links to the actual posts please?
http://chud.com/forum/showpost.php?p...1&postcount=41

Edit: load that post, then right-click -> view image, and you'll get a warning about blog.lost.ro
Reply
post #19 of 40
9/7/10 at 4:45pm
Deleted image.
Reply
post #20 of 40
9/7/10 at 4:52pm
Nunz to the rescue. Thank you, sir!

EDIT: Suggestion - add to the board rules an injunction against [img][/img] linking to images that either aren't hosted on a common image hosting service or on one's own personal webspace?
Reply
post #21 of 40
9/7/10 at 4:55pm
But not banned?
Reply
post #22 of 40
9/7/10 at 5:25pm
I'm sure it wasn't a deliberate attempt on Kate's part to do anything malicious, and I'm also sure she's not the only one who's hotlinked around here. Don't think the banhammer is necessary, but Eyeball's idea is a good one to be stickied somewhere.
Reply
post #23 of 40
9/7/10 at 5:39pm
I hotlinked often because I'm lazy and ignorant. Won't do it again.
Reply
post #24 of 40
9/7/10 at 5:41pm
Quote:
Originally Posted by Phil View Post
I hotlinked often because I'm lazy and ignorant. Won't do it again.
Right, ban this fucker right now
Reply
post #25 of 40
9/7/10 at 6:59pm
Hotlinking's a bad idea, mostly because of the sites who put some real crazy NSFW shit in to block hotlinkers. Color me surprised the day that I took a quick break at work and clicked on a thread in the (normally worksafe) training forum I board at only to be greeted by an animated .gif of a shemale with her tits out, bouncing her erect cock like a diving board.
Reply
post #26 of 40
9/7/10 at 11:07pm
I apologize for hotlinking to a malicious image in the STAR DUST thread. It was not my intention, I was just trying to use the image for humor.

I've established a photo bucket that I've been using for most images that I post on the boards these days. However, I will now do that for all images I post (though, and correct me if I'm wrong, hotlinking an image from a site like HuffPo must be safe, right?)


Anyway, I would have edited it myself to remove it but I wasn't paying attention to the board or this thread this afternoon and missed it. Apologies again.
Reply
post #27 of 40
9/7/10 at 11:14pm
It's not solely a matter of safety, it's also a matter of leeching the site's bandwidth.
Reply
post #28 of 40
9/8/10 at 6:44pm
Quote:
Originally Posted by Richard Dickson View Post
It's not solely a matter of safety, it's also a matter of leeching the site's bandwidth.
Fair enough, Mr Dickson. However, I use images from HuffPo in order to show people a glimpse of the content on the other side of a link, not to steal their images. I bet it probably gets them hits

Anyway, this isn't the right thread to start a discussion on the issue I just wanted to clarify my use of images on the boards. I will stick with my photo bucket going forward.
Reply
post #29 of 40
9/8/10 at 7:10pm
It doesn't change the fact that you are leeching bandwidth. But not the thread for discussion.
Reply
post #30 of 40
9/17/10 at 5:54pm
I'm getting bombed with virus warnings from the forum today.
Reply
post #31 of 40
9/17/10 at 6:02pm
From the very first post in this thread.

Quote:
Please be as precise and detailed as possible. If you have a screenshot, that will help as well.
Reply
post #32 of 40
9/17/10 at 6:08pm
Quote:
Originally Posted by HBarr View Post
From the very first post in this thread.
I tried to get one, but had to click off the warning. Will grab one as soon as I can.
Reply
post #33 of 40
9/17/10 at 6:16pm
Were you in a particular thread? Which thread? Which page? What time?
Reply
post #34 of 40
10/4/10 at 12:54pm
The site is running very slowly for me this morning. It also timed out once when trying to load a page. I'm experiencing this slowness everywhere: the front page, the articles, the forum, and the threads.
Reply
post #35 of 40
10/4/10 at 12:57pm
We're doing work on the server. Have no fear.
Reply
post #36 of 40
10/4/10 at 1:01pm
Great! Thanks for the speedy feedback.
Reply
post #37 of 40
10/4/10 at 1:46pm
Avast got hit last night on one of the banner ads, but unfortunately the fucking thing wouldn't let me copy the URL so that I could paste it here. I'll keep y'all posted if anything else materializes.
Reply
post #38 of 40
10/4/10 at 1:47pm
We had something get added in one of Ryan Mason's DVD reviews, but I caught it and deleted it. We live in a weird age.
Reply
post #39 of 40
10/4/10 at 3:32pm
My computer at work just got hit up with a trojan that pretty much crippled it, making it see everything but Security Essentials as a trojan. Pretty sure it came from a banner ad. I was looking at the new posts section at the time. Had to be about 10 that the warning came up, but didn't do any damage till I had to restart. Spectacular.
Reply
post #40 of 40
10/15/10 at 8:49pm
Navigating through the site and boards today, a site called "maudecdn.com" (IIRC) keeps trying to open up. My work browser luckily asks me if it's trusted.
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: The Chewers Catch-All
CHUD.com Community › Forums › THE CHEWERS › The Chewers Catch-All › Malware/virus Report Thread