Bad Movie Logo
"A website to the detriment of good film"
Custom Search
HOMEB-MOVIE REVIEWSREADER REVIEWSFORUMINTERVIEWSUPDATESABOUT
Welcome, Guest. Please login or register.
Did you miss your activation email?
April 16, 2014, 11:38:31 PM
522420 Posts in 39355 Topics by 4869 Members
Latest Member: ilikeithot
Badmovies.org Forum  |  Trouble Tickets  |  Trouble Tickets  |  Automatic redirect to a spamware site « previous next »
Pages: [1]
Author Topic: Automatic redirect to a spamware site  (Read 3434 times)
GoHawks
Bad Movie Lover
***

Karma: 16
Posts: 132


Happiness is a dancing beagle.


« on: September 19, 2009, 01:34:08 AM »

I was perusing the forum just now and I saw a message from a new user "NowhereMan" in the Bad Movies board here.  I suspected this new user may be a troll, based upon the (lack of) content of that thread, plus my experience on certain other forums with a troll named "NowhereMan".  So, I clicked on his handle to see his profile to look at his other posts.  Just as the profile page came up, another application I was running in the background assumed the focus to alert me it was done doing what I told it to do.  As I was about to click on this other program's confirmation dialog, another dialog popped up and said:

"Warning!  Your PC is at risk of virus and malware attack.

Your system requires immediate check!
System Security will perform a quick and free scan of your PC for
viruses and malicious programs.
"

(I do have a screen capture of this message which I could send to you, if you like.)  I've seen this particular message before and know it is bogus.  When I went back to my browser window, it had redirected itself to:  "http://rootscan.info/25/24-051wL0IzLGBzL==" and was trying to download a file.  Sorry, I didn't catch the name of the file before killing the process.

After verifying everything was closed, I retried the exact sequence of events (except for the other program interrupting, of course) with nothing unusual happening.  I do not know what flash advertisements may have been showing on that first particular page view as the other program I was running immediately brought itself to the front.  I have encountered this exact same error message before while browsing this forum over the past year or so, and only while browsing this forum.

This machine is running Microsoft Windows Vista Home Premium 32-Bit Version 6.0 (Build 6000) (NOTE: I have NOT yet installed SP1), Internet Explorer 7.0.6000.16890 with no toolbars or other crap and standard security settings and Adobe Flash Player 10 version 10.0.32.18.  (I do not have much software on this machine, as I only use it for video-editing and web-browsing of a handful of 'safe' sites.)

P.S.  I am not accusing "NowhereMan" of having anything do with this, I'm just trying to give as much and as precise information as possible.
Logged

"Please do not offer my god a peanut."  -  Apu
Andrew
Administrator
Frightening Fanatic of Horrible Cinema
****

Karma: 0
Posts: 8362


I know where my towel is.


WWW
« Reply #1 on: September 19, 2009, 09:46:55 AM »

This appears to be related to the trouble ticket that Ash created about "Download file."  Venomx posted a domain, and that domain has been associated with the same sort of ad behavior.  I just made changes, and hopefully you will not see this happen again.

Here's the other thread:

http://www.badmovies.org/forum/index.php/topic,126583.0.html

NowhereMan's IP address has been used to create quite a few accounts, and that post you noticed also made me decide to keep an eye on his posts.  He had nothing to do with the redirect you encountered.
Logged

Andrew Borntreger
Badmovies.org
Rev. Powell
Global Moderator
B-Movie Kraken
****

Karma: 1714
Posts: 13822


Click on that globe for 366 Weird Movies


WWW
« Reply #2 on: September 19, 2009, 05:07:44 PM »

I have encountered that redirect on this site (and many others) in another context.

I am not sure how the people who run that scam do it, but they seem to be able to infect many different sites.  They also move the sites they infect around (perhaps to avoid detection). 
Logged

"The best parts are watching Sly go through the full range of emotions: deadpan, deadpan with raised eyebrow, deadpan with quivering lip. There's also a great sequence where Sly drives his VW Beetle down the interstate for about 20 minutes, staring dramatically through the windshield.."-Joe Bob on A MAN CALLED RAMBO
Andrew
Administrator
Frightening Fanatic of Horrible Cinema
****

Karma: 0
Posts: 8362


I know where my towel is.


WWW
« Reply #3 on: September 19, 2009, 06:03:04 PM »

I have encountered that redirect on this site (and many others) in another context.

I am not sure how the people who run that scam do it, but they seem to be able to infect many different sites.  They also move the sites they infect around (perhaps to avoid detection). 

The same redirect recently hit the New York Times site.  What happens most often does not involve the site being infected.  This is what they do:

Spammer buys an advertisement on the site
Advertisement is served through a 3rd party ad server
The banner ad is benign, and all looks kosher
After the advertisement runs for a few days, the spammer replaces the first ad with the misbehaving ad
Site tries to determine which ad is causing the redirect

The New York Times had an advertisement purchased for Vonage that was served from a 3rd party ad server.  The banner was legit and delivered clicks to a page on Vonage's site.  After a few days, the spammer replaced the Vonage banner with the redirect banner that attempted to trick people into downloading the fake antivirus.

Please let me know if you run into this redirect again.  I am doing my best to track it down.
Logged

Andrew Borntreger
Badmovies.org
Monster Jungle X-Ray
Bad Movie Lover
***

Karma: 40
Posts: 335


Just Another Pretty Face


« Reply #4 on: September 19, 2009, 06:50:52 PM »

The redirect tried to hit me twice in the last day when opening some posts in the forum Andrew, but everything seems to be working just fine now.
Logged

" Society doesn't accept us because of what we are, so we're an enemy of society. " - Pa Mooney, THE RATS ARE COMING! THE WEREWOLVES ARE HERE!
Andrew
Administrator
Frightening Fanatic of Horrible Cinema
****

Karma: 0
Posts: 8362


I know where my towel is.


WWW
« Reply #5 on: September 19, 2009, 06:56:46 PM »

I am pretty sure that I've determined which ad network was delivering this (another website had identified the same as the source).  Until they solve their issue, that network is halted.  However, because of how caching works via the company that does ad serving, it might take until 8:30 - 9 pm EST for the changes I made to all take place. 

It's also possible that the network found the rogue ad and stopped it on their end.  Myself and another webmaster reported it to them.
Logged

Andrew Borntreger
Badmovies.org
Andrew
Administrator
Frightening Fanatic of Horrible Cinema
****

Karma: 0
Posts: 8362


I know where my towel is.


WWW
« Reply #6 on: September 26, 2009, 11:57:32 AM »

I have kept the suspect network offline since this malware ad appeared last week, since they were never able to locate it - and numerous webmasters identified that network as the source.  Today, webmasters are again complaining that the malware ad is running again.  I logged into that network to send them a ticket, and noticed that somehow the forum skyscrapers were on for that network (I had turned them off).  That was likely a glitch in the ad serving software.  I turned them back off, and that has a delay in taking effect (up to 1 hour, but it should be much faster).

If you encounter the redirecting ad, I apologize, and please let me know.  Since nobody has mentioned it, I am guessing that none have appeared.  That means that the bad ad is not a skyscraper format (the tall ads on the right), but rather a leaderboard (the wide ads at the top and bottom).

Another webmaster made a good suggestion:  the ad is normal all week.  Once the weekend comes, when the ad network's support staff is mostly off, and many webmasters are not monitoring their sites as often, the bad ad is turned on.
Logged

Andrew Borntreger
Badmovies.org
Pages: [1]
Badmovies.org Forum  |  Trouble Tickets  |  Trouble Tickets  |  Automatic redirect to a spamware site « previous next »
    Jump to:  


    RSS Feed Subscribe Subscribe by RSS
    Email Subscribe Subscribe by Email


    Popular Articles
    How To Find A Bad Movie

    The Champions of Justice

    Plan 9 from Outer Space

    Manos, The Hands of Fate

    Podcast: Todd the Convenience Store Clerk

    Faster, Pussycat! Kill! Kill!

    Dragonball: The Magic Begins

    Cool As Ice

    The Educational Archives: Driver's Ed

    Godzilla vs. Monster Zero

    Do you have a zombie plan?

    FROM THE BADMOVIES.ORG ARCHIVES
    ImageThe Giant Claw - Slime drop

    Earth is visited by a GIANT ANTIMATTER SPACE BUZZARD! Gawk at the amazingly bad bird puppet, or chuckle over the silly dialog. This is one of the greatest b-movies ever made.

    Lesson Learned:
    • Osmosis: os·mo·sis (oz-mo'sis, os-) n., 1. When a bird eats something.

    Subscribe to Badmovies.org and get updates by email:

    HOME B-Movie Reviews Reader Reviews Forum Interviews TV Shows Advertising Information Sideshows Links Contact

    Badmovies.org is owned and operated by Andrew Borntreger. All original content is © 1998 - 2014 by its respective author(s). Image, video, and audio files are used in accordance with the Fair Use Law, and are property of the film copyright holders. You may freely link to any page (.html or .php) on this website, but reproduction in any other form must be authorized by the copyright holder.