dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10503
share rss forum feed

Just Bob
Premium
join:2000-08-13
Spring Hill, FL
reply to Just Bob

Re: Another WinFixer infiltration...this time on www.wfaa.com

said by Just Bob:

BTW, Sandi has seen this thread. Keep an eye on her blog.
»msmvps.com/blogs/spywaresucks/default.aspx
Sandi has blogged. She found that ultimately these infected ads come from Real Media and Valueclick.

»msmvps.com/blogs/spywaresucks/default.aspx


Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
reply to Doctor Four

This is likely happening on all Belo owned websites,
considering that the vector for the malicious redirects
is their own ad company, belointeractive (via RealMedia).

Which means that the website for the Dallas Morning News,
dallasnews.com, may also have the same problem. Though here
it could hit them in the bottom line as they will likely
lose quite a few subscriptions from people who have gone to
the site and gotten infected.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
We are the Hacker Collective: Resistance Is Futile - All Your AACS Keys Will Be Assimilated.


Just Bob
Premium
join:2000-08-13
Spring Hill, FL
reply to Doctor Four

I'm not very encouraged.

Perhaps if a large number of people were to file a complainant...

Dear Bob,

Thank you for your e-mail.

Everyone here at WFAA.com strives everyday to provide the most personally relevant news and information for our customers. And, it is through customer feedback that we are best able to meet customer needs, preferences and wishes.
We appreciate your feedback.

Thank you again for your e-mail. We encourage you to e-mail us again with any other comments, questions, concerns or complaints you may have.

Best Regards,

LaTonya S.

--------Original Message-------------
From: Bob
To: null
Date: 26-JUN-2007 11:21AM

It seems your site is serving ads for malware via Real Media and Valueclick:
»msmvps.com/blogs/spywaresucks/default.aspx



jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR

Looks like a canned response. I bet if you sent a message to the competing stations in the area this issue would be fixed much faster. Can you imagine the other stations reporting this about WFAA?



Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
reply to Doctor Four

I'm beginning to wonder if Belo doesn't care that their
websites are serving up malware, and that the only way
to get them to take notice is to tell their competition
about it (here in DFW that would be myfoxdfw.com, nbc5i.com,
and cbs11tv.com).

A few years ago, wfaa.com was asking rather intrusive
personal questions you had to answer in order to visit
much of their site; so much so that whenever I wanted to
visit a local network's website, it was never theirs.

My mom's PC now has the MVPS hosts file on it, and I was
able to get it to install on one machine at work that is
not part of the network controlled by the company's IT
department - it is part of our lab LAN, and we can install
pretty much anything, short of copying files to or modifying
files on the network drives. I also put Firefox on it,
which is less susceptible to this kind of hostile
redirect.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
We are the Hacker Collective: Resistance Is Futile - All Your AACS Keys Will Be Assimilated.



amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9

1 recommendation

reply to Just Bob

Contact with wfaa -

Original Message:
-----------------
From: xxxxxxxx.belointeractive@abc.com
Date: Mon, 25 Jun 2007 10:51:37 -0500 (CDT)
To: amysheehan================dslr.net
Subject: Customer Service Inquiry - www.wfaa.com

Dear Amy-

We have received your comment and will get back with you shortly.

***************** Your feedback *****************
Please have a look at this topic posted at dslreports re your website and
winfixer ads being served on Sunday
»Another WinFixer infiltration...this time on www.wfaa.com
time-on-wwwwfaacom

I can't replicate the problem today but I think you need to have a look at
recent advertising changes that may have caused this problem.

I am registered as amysheehan @ dslreports and I am an executive online news producer
in Los Angeles for a network O/O station at xxxxx
My work email address isxxxxxxx@#####.com and you may reach me directly @ 818mmmmmmmm.
I have shared this info with our IT director for website operations who asked that I relay his offer of assistance for your online service issues.

Sincerely
Amy Sheehan
Huntington Beach, CA

Please feel free to contact me at my work email address or phone number if you would like specifics or background
info re this problem.
-amy-

--
DSLR Phishtracker

Just Bob
Premium
join:2000-08-13
Spring Hill, FL

2 edits

Gee, ya don't think they did a take down on msmvps.com, do ya?

EDIT: I should have added a smiley...or maybe not.
There are reports in the Dallas area of up to 18" of rain, record flooding, tens of thousands without power, and at least one fatality.



amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9

This problem has been escalated ----

Original Message:
-----------------
From: xxxxxxxxxxxxxxxxxxxxxx
Date: Tue, 26 Jun 2007 11:38:45 -0500 (CDT)
To: amysheehan dslr.net
Subject: CASE-1136394c277.93.88.fa.72.2-CASE - www.wfaa.com

Dear Amy,

Thank you so much for taking the time to write us.

Your question has been forwarded to the appropriate department at WFAA.com.

We appreciate your feedback.

Thank you for your continued support.

Best Regards,
Mike
--
DSLR Phishtracker



Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
reply to Just Bob

Re: Contact with wfaa -

said by Just Bob:

Gee, ya don't think they did a take down on msmvps.com, do ya?

EDIT: I should have added a smiley...or maybe not.
There are reports in the Dallas are of up to 18" of rain, record flooding, tens of thousands without power, and at least one fatality.
3rd wettest June on record, and there is more rain yet to
come. Forecasters are saying it could continue through the
middle of next week.

Back on topic, a traceroute to msmvps.com seems to crap out
at COLO4-DALLA.car2.Dallas1.Level3.net. Considering how
much trouble there has been with their routers, it could
be related (the more conspiracy minded would think it was
a DDoS courtesy of the Winfixer gang, angry at being outed
by Sandi yet again.)
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
We are the Hacker Collective: Resistance Is Futile - All Your AACS Keys Will Be Assimilated.


amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9

Dallas routing:

Related info: »Re: Is msmvps.com down?