OT: Weird Pop-Up Boxes On This Site

Ash · September 13, 2005, 04:55:24 AM

I don't know about you guys, but for the last couple of days I've been getting weird pop-up download boxes here on this site.

They don't pop up all the time. They show up after so many page views.
It's the familiar grey downlowd box that asks you if you want to either RUN a program, SAVE it or click CANCEL

It looks like this:

Here's what the file type says:

File name: bc_leaderboard.js
File type: JScript Scriptfile
From: content.zedge.no

I should also mention that the file name, file type and where it's from change each time one pops up.
I've had at least 6 or 7 of them in the last couple days.
I wrote a few of them down.
Here's another example:

File name: sona_729x90new.js
From: www.hi5.com

I Googled them and from what I can tell, they're Javascript files and they only show up here at Badmovies.org.
I don't get them at any other site.

I've also ran four different spyware and adware removal tools and they all found nothing on my p.c.

I keep thinking....didn't this problem happen a few years ago here?
I swear it did and Andrew had to fix it.

You guys also getting the same pop-up boxes here?

Post Edited (09-13-05 07:30)

Ash · September 13, 2005, 05:42:43 AM

Ah....
I found the old thread about spyware and such HERE

I ran that TrendMicro virus scanner again and it found nothing.
This download box is different from that achtungachtung box that constantly popped up on me last year.
These new boxes ONLY appear here at Badmovies.org.

What's the deal?

Post Edited (09-13-05 05:45)

odinn7 · September 13, 2005, 07:23:28 AM

I get nothing like that at all. It's spyware or some type of virus I'd bet. Try Spybot or Ad-aware if you haven't done them yet. If you can find out what they are, there should be some kind of removal tool for them.

Ash · September 13, 2005, 07:33:59 AM

odinn7 wrote:

> I get nothing like that at all. It's spyware or some type of
> virus I'd bet. Try Spybot or Ad-aware if you haven't done them
> yet. If you can find out what they are, there should be some
> kind of removal tool for them.
>

Spybot Search & Destroy and AdAware are two of the four tools I used to try to detect it with.
Both are up to date and found nothing.
(I'm almost religious when it comes to keeping my anti-spyware tools up to date...I check for updates everyday)

Now build me a nice countertop Odinn! LOL!

Post Edited (09-13-05 08:14)

odinn7 · September 13, 2005, 07:55:41 AM

ASHTHECAT wrote:

> Spybot Search & Destroy and AdAware are two of the four tools I
> used to try to detect it.
> Both are up to date and found nothing.
> (I'm almost religious when it comes to keeping my anti-spyware
> tools up to date...I check for updates everyday)
>
> Now build me a nice countertop Odinn! LOL!
>

>
> Post Edited (09-13-05 07:38)

Search your drive for files with those names or similar names. Other than that, I can't help you. Hopefully one of the computer geniuses will be along shortly.

Also, get it straight...I don't BUILD countertops. I run the CNC department and PROGRAM the machine to CUT the countertops. I'm the upper crust here...builders are below me...lol

Ash · September 13, 2005, 08:05:36 AM

lol....sorry odinn.
I pictured you using a tape measure and a saw to build countertops out of a piece of wood.

Mr. Hockstatter · September 13, 2005, 08:10:32 AM

I got several of those yesterday (pop-ups, not countertops). And of course, I just got one right now. It asks me if I want to download a file called sona_728.90new.js. All the ones I've gotten have been from a place called www.hi5.com, and I only get them here.

raj · September 13, 2005, 08:12:03 AM

I don't get any pop ups either.

Ash · September 13, 2005, 08:17:41 AM

So I'm not the only one!

Andrew...it appears your site has been compromised.

I just got another one as I was editing this post.

Post Edited (09-13-05 08:18)

Ash · September 13, 2005, 08:20:08 AM

I'll have to send Andrew an e-mail to let him know.
At least I ain't the only one here getting those annoying boxes.

Ash · September 13, 2005, 08:26:06 AM

I e-mailed Andrew about this problem.
Hopefully he's able to rectify it.

dean · September 13, 2005, 08:37:02 AM

No annoying boxes popping up here, though I think that I used to get pop-ups of some sort a while back, though this doesn't seem to be a problem nowadays.

I wonder, is it a conspiracy out to target a specific few?

Mr. Hockstatter · September 13, 2005, 09:06:14 AM

Now I just got one from celebritywonder.com.

ulthar · September 13, 2005, 09:15:07 AM

Switch browsers?

Firefox

Couple tech points:

1. Andrew's forum MIGHT be compromised, but it might not. There's many ways YOUR box could be infected and it be manifesting itself when you visit this site. For example, a spyware app could read your cookies for a site you visit often, and activate then.

2. Antivirus and antispyware tools in general are reactionary; they are only as good as your last update. This means that there will always be malware in the wild that you are not protected against. Your best solution, as usual, is PREVENTION rather than cure. First tip to prevention? DON'T USE WINDOWS. Your second tip? If you *MUST* use Windows, DON'T USE INTERNET EXPLORER. Period.

Windows has a very bad security model concerning how it interprets file type. Windows learns what kind a file something is from it's name; it is very, very easy to fool. Linux (and other Unix variants, such as OS X on the Mac) don't do this. They determine file type from the data within the file. For example, I can name a text file myfile.exe. Windows will think it is executable code (very bad), but Unix-like systems will 'know' it is a text file. MUCH, MUCH safer.

You mentioned scanning with Adaware and Spybot. Are the defs up-to-date? (Hint: I don't run ANY antivirus or spyware software, AT ALL, PERIOD. Guess which OS I'm not using).

3. Worm/spyware infection on your computer (if this is infection on your own box) generally happens due to something you've done. There are very few true self replicated viruses in the wild these days. A worm by definition REQUIRES user interaction to infect the host. This may mean that your PREVENTION efforts might require a self-examination of habits and practices.

Do you download a lot of free software, screensavers and other stuff?
Do you click a lot of banner ads?
Do you respond to ANY spam at all, even 'to remove from list'?
etc. The list goes on.

4. Are you running a popup blocker? If so, and this is still getting through, I'd say your box is p0wned and the popup blocker has been disabled. Firefox includes it's own (very effective) popup blocker, as well as mature javascript managment tools. (Internet Explorer never seems to really trust the security settings you request in Options, so it is not very secure even if you request it).

5. If the issue is infection of Andrew's forum, we need to understand WHY only two people of many are seeing the effect. I can guess why some of us are not seeing it, but we need data. This would help know if the problem is on the forum side or the client side.

Post Edited (09-13-05 09:24)

odinn7 · September 13, 2005, 09:16:27 AM

EEeeeeeeeeewwwwwww!!!!!! You guys are infected! Stay away from me.