foxnews.com infected? - Security | DSLReports Forums (Page 4)

Author	All Replies
CajunTek Insane Cajun Premium,MVM join:2003-08-08 Arlington, TX	reply to buttoni Re: foxnews.com infected? said by buttoni: So now that you guys have proven something's up with Foxnews.com who's gonna contact Foxnews.com so their tech folks can clean it up? I did, and I also reported it to stopbadware.org as well... Hopefully it'll be cleaned up by now. -- da Cajun Darn I hate Malware
	to forum · permalink · 2009-04-17 23:38:03 ·
Cometcom1 join:2009-04-18 denmark 1 edit	I can confirm there is an infection of the site. The site is infected through ads and it is these that cause the problem. There can be numerous ads involved, but I have singled out one for sure.
	to forum · permalink · 2009-04-18 06:27:41 ·
fatness subtle Janitor join:2000-11-17 fishing kudos:14 Host: Bright House Netwo.. TekSavvy Forum Feature Requ.. Need Site Help Rants, Raves, and ..	reply to CajunTek said by CajunTek: said by buttoni: So now that you guys have proven something's up with Foxnews.com who's gonna contact Foxnews.com so their tech folks can clean it up? I did, and I also reported it to stopbadware.org as well... Hopefully it'll be cleaned up by now. Thank you. -- goodbye dad
	to forum · permalink · 2009-04-18 08:30:36 ·
buttoni Premium join:2005-08-16 Temple, TX	reply to moonpuppy Great, CajunTek. Glad someone took care of that little matter. Thanks.
	to forum · permalink · 2009-04-18 12:44:14 ·

Cometcom1 join:2009-04-18 denmark	With the deepest respect for dslreports.com. I've got no problems with not telling who I am, or what connection I have with the reporting. - I work with and am connected with stopbadware.org/www.consumerwebwatch.org - through one of their mutual sites. - We're not here to steal your users, but rather to offer our help when need be. dslreports has always been one of the best resources of the web, and I hope it stays that way. That said - I'm working to get to the bottom of this, and have identified the possible advertising partner involved. However, I have not received any response from foxnews.com about the issue. I will be investigating this a little more in depth later and give you all a full disclosure of what has been found. dslreports.com is the cause for the stopbadware community becoming interested in this issue. Cometcom1
	to forum · permalink · 2009-04-18 14:53:57 ·
Robotics See You On The Dark Side Premium join:2003-10-23 Louisa, VA	I'm sure we all have our fingers crossed this can be corrected/caught in good time. Thanks for your all's help, and nice to met you
	to forum · permalink · 2009-04-18 16:32:36 ·
Cometcom1 join:2009-04-18 denmark	reply to moonpuppy I have now managed to obtain a proxy log and a tcp dump of the infection taking place. This should enable us to say what exactly is happening. I still haven't heard from foxnews.com, if any of you have them on the line, please let them know that I have some of the information required to fix the issue. Cometcom1
	to forum · permalink · 2009-04-18 17:38:33 ·
fatness subtle Janitor join:2000-11-17 fishing kudos:14	reply to moonpuppy »badwarebusters.org/main/itemview/2772
	to forum · permalink · 2009-04-18 18:00:54 ·
moonpuppy join:2000-08-21 Glen Burnie, MD	reply to moonpuppy All this fuss over my laptop almost getting infected.
	to forum · permalink · 2009-04-18 18:03:00 ·
Cometcom1 join:2009-04-18 denmark	reply to moonpuppy It seems that the infection emanating from foxnews.com has stopped. I haven't been able to verify any malware from the site today. If anyone is still experiencing this, please let us know either here at dslreports or through the link fatness provided. (thanks fatness) I still haven't heard from foxnews but perhaps they can enlighten us later with their response. Cometcom1
	to forum · permalink · 2009-04-19 13:56:39 ·
foxinfected @bellsouth.net	reply to moonpuppy Still infecting... I was just hit.. Its been going on for several days.
	to forum · permalink · 2009-04-19 14:04:09 ·
Its a Secret Please speak into the microphone Premium join:2008-02-23 Da wet coast kudos:3	reply to Cometcom1 said by Cometcom1: I still haven't heard from foxnews but perhaps they can enlighten us later with their response. I can't imagine Fox will admit any cupability in this. The odds are too great that they'd be sued. -- "In the future, that which is not mandatory will be illegal" "Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous
	to forum · permalink · 2009-04-19 14:04:27 ·
NetFixer From my cold dead hands Premium join:2004-06-24 The Boro Reviews: ·Comcast Business.. ·Vonage ·Cingular Wireless ·Comcast	said by Its a Secret: said by Cometcom1: I still haven't heard from foxnews but perhaps they can enlighten us later with their response. I can't imagine Fox will admit any cupability in this. The odds are too great that they'd be sued. The most that will be said (if anything) is the standard corporate response: "We did not do it. It is possible that a subcontractor may have done something, but we are not aware of any wrongdoing and we are not responsible for any actions taken by a subcontractor". -- A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed. »portscan.dcs-net.net »nature-pics.com
	to forum · permalink · 2009-04-19 14:10:49 ·
Cometcom1 join:2009-04-18 denmark	reply to moonpuppy Durn (Excuse my french). I had hoped they'd done something to fix it. Question. Is there any ads that fail to show up for any of you. On my view, I have two ads (denoted by ADVERTISING) on the right vertical bar. Often these are totally blank - If you don't experience these blank spots, then I have a hunch the malware is originating from that location. There's obviously some intelligence involved in the distribution.
	to forum · permalink · 2009-04-19 14:15:27 ·
Doctor Four My other vehicle is a TARDIS Premium join:2000-09-05 Dallas, TX	reply to MGD I'm not surprised in the least to see DIRECTI's involvement in this. They have been implicated in a huge number of rogue security software scams. They continually allow the cybercriminals behind these fraudware sites to register new domains, all the while claiming they are taking action against them by shutting down existing ones. -- "The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
	to forum · permalink · 2009-04-19 14:50:53 ·
MGD Premium,MVM join:2002-07-31 kudos:9	reply to Cometcom1 said by Cometcom1: It seems that the infection emanating from foxnews.com has stopped. I haven't been able to verify any malware from the site today. ... .. Be advised that there is a high probability that the advertiser serving up this malware may be rotating geographic regional adds, either based on the visitors IP, or existing cookies. The exposure may rotate by region depending on the add criteria, and not everyone will "see" the same rotation. I saw earlier reports from several days prior to my original post listing the infection, that pronounced foxnews "clean". I would be hesitant to assume from the absence of the malware over any time period that the issue has been resolved, without some confirmation from the offending advertiser. I suspect that this is a well organized infection vector that is designed for variable regional exposure, in order to preserve the operation and obfuscate the origin. While I understand your reluctance to publish your analysis data and identify the advertising source, I am interested in a relevant issue. Have you determined if the source is a direct add link, or if it appears to be a "legit" add link compromised by some form of injection?. The reason I ask, is that it is already known and verified that some of the criminals that are pumping this malware are using paid sponsor adds to promote the infection. A previous fake antivirus thread identified a small time operative and affiliate recruiter residing in Moscow, Russia with the alias "Cactus" was using paid sponsor adds on Yahoo and others to promote the malware to consumers in this thread: »[Scam] Real-av.org - Antivirus2009 malware takeover and this specific post. »Re: [Scam] Real-av.org - Antivirus2009 malware takeover An unacceptable weak link in the internet advertising industry, which has been discussed on numerous occasions in that forum, is the lack of vetting during the submission process. While advertisers may review keywords and relevant links for acceptability, they routinely do not take simple steps to validate the submitter against the form of payment used. I have recorded and documented cyber criminals using stolen card data to successfully open and use Google adsense accounts. The success was dependent on an approval of the charge submitted against the stolen card. I hope that you will publish the reference data for review even if no response is forthcoming. Even if the data is inconclusive and lacks confirmation from the source, it should be published for others to evaluate. This vector is not a one time event, neither do I believe that foxnews.com is the only site that is subject to this issue. Two of the many entities that are responsible for this malware becoming an epidemic, are the support services repeatedly obtained from the global financial card processing and banking system, and the services of the internet advertising industry. Nether one, but especially the banking system are doing reasonable due diligence wit respect to this criminal activity. MGD
	to forum · permalink · 2009-04-19 15:21:11 ·
Cometcom1 join:2009-04-18 denmark	I concur with your assessment MGD. I've seen this happen here in my country on a local scale as well. "Our" local infection was hosted in China, but spread out on all Danish news sites. This community has continued to report this infection even after I thought it was over. Foxnews is still infected - unfortunately.
	to forum · permalink · 2009-04-19 15:33:56 ·
grifty join:2005-08-27	reply to moonpuppy I went to foxnews.com today and the browser shut down automatically. I then got a message saying my computer was infected. I closed the dialog box and it brought me to a website designed to look like a virus scan was running on my computer. I closed down the browser. Eset nod32 did not detect anything but it's probably because I did not allow anything to be downloaded to my system.
	to forum · permalink · 2009-04-19 16:08:28 ·
La Luna Survived Ashraful Premium join:2001-07-12 Warwick, NY kudos:3	said by grifty: I went to foxnews.com today and the browser shut down automatically. I then got a message saying my computer was infected. I closed the dialog box and it brought me to a website designed to look like a virus scan was running on my computer. I closed down the browser. Eset nod32 did not detect anything but it's probably because I did not allow anything to be downloaded to my system. You might want to run some tools to make sure: »Re: foxnews.com infected? -- 1/20/09 The Beginning of the End 13,063 DEADLY TERROR ATTACKS SINCE 9/11
	to forum · permalink · 2009-04-19 19:15:30 ·
caryuser join:2006-12-17 Cary, IL	reply to moonpuppy Hi, I have been on foxnews.com twice this weekend, and both times I saw suspicious behavior. One time Firefox blocked access to a site called antimalware-scannerv2.com. However today Firefox did not block access to a site called onlinevirusbusterv2.com. After I started reading an article on foxnews.com for a few seconds, my browser was redirected to a fake av site that "performed" a bogus virus scan on my machine. I fear most people fall for this stuff and end up installing the trojan. At this point, I feel it is unsafe to go to foxnews.com.
	to forum · permalink · 2009-04-19 21:29:21 ·

Broadband Tech > Security > Security > foxnews.com infected?

Re: foxnews.com infected?