News   Nov 12, 2024
 575     0 
News   Nov 12, 2024
 499     0 
News   Nov 12, 2024
 569     0 

Malware warning

Still getting occasional warnings from McAfee saying that some unsafe content is being blocked - but none of the big scary full page red screened warnings i was getting before
 
Today (October 11th) I was getting automatically re-directed to a site about myIP address or something when the Urban Toronto main page loaded in Internet Explorer. This was not limited to one computer terminal.
 
Today (October 11th) I was getting automatically re-directed to a site about myIP address or something when the Urban Toronto main page loaded in Internet Explorer. This was not limited to one computer terminal.

I've been getting that too. Got it all day yesterday. When I do log into UT I am notified that my computer is blocking an attack. Anybody else?
 
This can't be good:

jewfu.png
 
I think the malware warnings may be related to flash advertisements passed down to the site from the ad networks. If there was a way to have static images and gifs instead of flash applets that might make the site stop getting flagged as malicious.
 
This is what I got tonight....

Safe Browsing
Diagnostic page for urbantoronto.ca

What is the current listing status for urbantoronto.ca?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 228 pages we tested on the site over the past 90 days, 11 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-27, and the last time suspicious content was found on this site was on 2012-12-27.
Malicious software includes 1 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 1 domain(s), including cracklebeatbox.org/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including journaldugeek.com/.

This site was hosted on 3 network(s) including AS46606 (BLUEHOST), AS33070 (RMH), AS15169 (Google Internet Backbone).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, urbantoronto.ca did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
 
I'm now seeing the warning now that I'm at home and using Chrome. Spacing and Torontoist are still showing similar messages.

000's theory seems like the best explanation so far.
 
I'm now also getting the warning today. Here's some thoughts for the UT admins.

I think the malware warnings may be related to flash advertisements passed down to the site from the ad networks. If there was a way to have static images and gifs instead of flash applets that might make the site stop getting flagged as malicious.
- I'd say that that 000's thought is a distinct possibility.
- I'm not 100% certain that Google also marks a website as potentially malicious based on linkbacks (to malicious sites) found within it. If they do, then spambots may be the culprit. If they do not, spambots cannot the culprit.
- Hackers (I hate using that term but it's the one most people know) may have exploited a vulnerability either within the forum source code or the hosting server's software or operating system.

My personal bet is either the 1st or 3rd as Google has mentioned that there has been malicious (trojan) injections that have come from UT which potentially infect people's computers. That can be done in a number of ways but the first and third are more likely than the 2nd with the third being more likely than the first. There are bots that seek out message boards (and other common frameworks) and run through a series of exploit attacks. All it takes is for one of the precanned know exploits to work and the dirty stuff can start. This can all be done automatically without any human needing to do anything at all.
 

Back
Top