Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Malware?

2»

Comments

  • RohnRohn Saint Peters, MOMember Posts: 3,729 Uncommon
    Had the same thing happen to me today as well.  First time ever.

    Hell hath no fury like an MMORPG player scorned.

  • MeddleMeddle Kamuela, HIAdministrator Posts: 707 Uncommon

    We are aware of the issue and are working diligently to track down the source and correct it.

    - MMORPG.COM Staff -

  • MeddleMeddle Kamuela, HIAdministrator Posts: 707 Uncommon
    It looks to be completely random.  All of our servers look clean.  If anyone get's the redirect on a specific link every single time they visit it please post the link.  At this time we're looking at a malicious ad being served from one of our 3rd party ad servers.

    - MMORPG.COM Staff -

  • botrytisbotrytis In Flux, MIMember Posts: 2,608 Uncommon
    Originally posted by Barrikor
      Originally posted by botrytis
    Google ads use java and java script for the ads. Java is one big virus waiting to happen. There is no write once, run anywhere system. If you have older versions of JAVA, just uninstall them (keep java up to date) or do what I did, uninstall java and never look back.
        There is a lot of spoofing, etc that can be done in JAVA script so that is what is happening. I had this on other forums I belong to. Not the forums fault, it is Google that is not doing it's job.

     


    Java and JavaScript are 100% unrelated to each other. It's only the names that are similar.


    Judging from your post, it's Java that you have a problem with, not Javascript.

    Actually, it was both. You see many ads (such as Google ads) do use javascript which can be used for nefarious reasons - like calling on a java program to download a payload - this happens when you get the redirection virus.

     

    So, it is both actually.

    image

    "In 50 years, when I talk to my grandchildren about these days, I'll make sure to mention what an accomplished MMO player I was. They are going to be so proud ..."
    by Naqaj - 7/17/2013 MMORPG.com forum

  • cnutempcnutemp Fairfax, VAMember Posts: 230 Uncommon
    The iPumper file is distributed by a guy named Mart, here's his info - be sure to thank him for his virus! (info from Network Solutions lookup)
     

    Admin Name: Mart Vajda

    Admin Organization: 

    Admin Street: Hodoninska 15

    Admin City: Holic

    Admin State/Province: 

    Admin Postal Code: 90851

    Admin Country: Slovak Republic

    Admin Phone: +421.901234567

    Admin Fax: 

    Admin Email: *** Email address is removed for privacy ***

    Tech Name: Mart Vajda

    Tech Organization: 

    Tech Street: Hodoninska 15

    Tech City: Holic

    Tech State/Province: 

    Tech Postal Code: 90851

    Tech Country: Slovak Republic

    Tech Phone: +421.901234567

    Tech Fax: 

    Tech Email: *** Email address is removed for privacy ***

     

    His site redirects to www.anyfiledownloader.com - don't go there!  It's a company in Panama:

     

    Technical Contact

        Fundacion Private Whois

        Domain Administrator

        Email:*** Email address is removed for privacy ***

        Attn: anyfiledownloader.com

        Aptds. 0850-00056

        Zona 15 Panama

        Panama

        Tel: +507.65995877

     

    (you _could_ phone them but it's gonna be a long-distance call)

    The software was written by Escolade Solutions LTD.  Be sure to thank them too!

    You're welcome.  :-)
  • RidelynnRidelynn Fresno, CAMember Posts: 5,185 Rare

    It's something in one of the ads, but I can't tell which one yet.

    Some information:

    You will only infect your PC if you
    a) allow the download of the file api_Downloader.exe
    ~and~
    b) allow the file api_Downloader.exe to run

    That will infect your system. As far as I can tell right now, the malicious ad will attempt to auto-download the file, but i don't think it is able to run the file remotely - you would actually have to click on it to run it.

    I did come across this if anyone should need it:
    http://saviourforcomputer.blogspot.com/2013/03/how-to-remove-anyfiledownloadercom.html

    It's not great, but gives you some additional information if anyone should accidently run the file.

  • Sunnyguy46Sunnyguy46 Santa Rosa, CAMember Posts: 91 Uncommon
    Originally posted by psychobgr
    I'm using Kaspersky Internet Security and it keeps blocking some malware on mmorpg.com I gather its a dodgy advert or something has got onto the site. Kasperky stops it straight away as it happens each time I open any page from mmorpg.com.

     

    Same..with almost every re-fresh.

  • PerramasPerramas TanelornMember Posts: 83 Uncommon
    Originally posted by Meddle
      At this time we're looking at a malicious ad being served from one of our 3rd party ad servers.

     

    And this is why I always use ad block plus and no script.

    FUncom putting the FU in fun since 1993.

  • MeddleMeddle Kamuela, HIAdministrator Posts: 707 Uncommon
    Are the folks running adblock seeing this issue at all or not?

    - MMORPG.COM Staff -

  • cnutempcnutemp Fairfax, VAMember Posts: 230 Uncommon
    running google chrome with adblock, havent seen it yet. keep in mind using default setup, havent right click blocked any add yet.
  • cnutempcnutemp Fairfax, VAMember Posts: 230 Uncommon
    Originally posted by Meddle
    Are the folks running adblock seeing this issue at all or not?

    You could always have your team brute force to find it.

     

    Firefox with noscript, start with nothing blocked, check scripts on the page and click stuff till you get redirected.

     

    Block one script, keep clicking links till you get redirected, if you dont get redirected after 5-10 mins you found the script, if it happens again block another.

  • PerramasPerramas TanelornMember Posts: 83 Uncommon
    I have had no problems with firefox while running adblock plus and noscript.

    FUncom putting the FU in fun since 1993.

  • FrankVLucasFrankVLucas CopenhagenMember Posts: 32 Uncommon
    Haven't seen this. Running chrome with adblock+ without a problem.
  • piquetpiquet OdenseMember Posts: 202 Uncommon
    Originally posted by Meddle
    Are the folks running adblock seeing this issue at all or not?

    I can confirm that this does not happen with AdBlock turned on. I get it as soon as I turn it off again, so it's definitely caused by one of the ads.

  • JacxolopeJacxolope Jackson, MIMember Posts: 1,140 Uncommon

    -Also confirming.

    Adblock Plus on chrome is stopping the problem. Turning it off and.... Its back.

  • maplestonemaplestone Ottawa, ONMember Posts: 3,099 Uncommon
    Originally posted by Meddle
    It looks to be completely random.  All of our servers look clean.  If anyone get's the redirect on a specific link every single time they visit it please post the link.  At this time we're looking at a malicious ad being served from one of our 3rd party ad servers.

    I was consistently getting it when trying to check this thread earlier today if that helps.

  • AdminAdmin Santa Fe, NMAdministrator Posts: 5,165 Uncommon

    Hello all,

    Thank you for the reports.  We think we narrowed it down to the 200x200 ad on the left side of the forums that pretty much only ran through a network - meaning we don't have direct control of the ads.  We have removed the ad entirely.

     

    If you see this redirect anymore please let us know ASAP - feel free to email  me directly at admin(at)mmorpg.com

    Thank you,

    - MMORPG.COM Staff -

    The dead know only one thing: it is better to be alive.

  • GruntyGrunty TexasMember Posts: 7,702 Uncommon
    The automatic redirect to PCKeeper only happened to me once so far 2 days ago. I'm using an up-to-date Chrome version without any blocking applets.
  • Sunnyguy46Sunnyguy46 Santa Rosa, CAMember Posts: 91 Uncommon
    Please give the lovable staff a raise! /hug
  • GruntyGrunty TexasMember Posts: 7,702 Uncommon

    Since you turned those ads off this site is as fast as Speedy Gonzalez when downloading/updating.

     

     

2»
Sign In or Register to comment.