Malware warning? 7/14/10

[Turtle]

Chrome just put up a malware warning for this site when I first visited today. Would this have anything to do with the update, ads, or should I be worried?

[EngineNo9]

I just got the same thing.  Here's the test for the warning from Chrome:

Warning: Visiting this site may harm your computer!
The website at www.gamingtrend.com contains elements from the site 194.8.250.221, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for 194.8.250.221.
Learn more about how to protect yourself from harmful software online.

[jersoc]

I got the same and gaming trend kept redirecting back to my homepage. I had to clear all the browsers data first.

Nothing came up in my scanner or in spybot

[Caine]

Got the same in chrome.

[Teggy]

OK, then I'm not crazy. I am getting the redirect to my homepage when using Safari for Mac, which is webkit, like Chrome. It doesn't happen on firefox.

[Destructor]

It's happening in Firefox for me. I'm getting a redirect warning via NoScript 90% of the time.

Current fix in Firefox - download the User Agent Switcher addon and change it to iPhone 3.0. Yeah, it's a poor man's fix (and it'll drop you to mobile versions of sites once you leave GT), but it works. Just flip it back to default whenever you intend to leave.

FYI - my virus/malware scanner isn't lighting up (avast!), so it's not that. Personally, I'm guessing it's how TapATalk interacts with the forum or something (sadly, for those who use it).

[Knightshade Dragon]

I've disabled TapaTalk.   Are you getting the same behavior now? 

[LoneStarSpur]

Kapersky popped this message this morning:

detected: virus HEUR:Exploit.Script.Generic   file: http://194.8.250.221/bomj///194.8.250

Also, the 'go to last post' button now goes to the bottom and then right back to the top.

Haven't seen the Kapersky message this early this morning.

using the latest dev build of Chrome.

[Mithridates]

Norton flipped out this morning about the site too.  Then it later removed a virus.  I would think the two are related although I guess it could be a coincidence. 

[Knightshade Dragon]

Any new reports?  My Symantec at work hasn't hit at all...

[Teggy]

Safari is still having the redirect issue and I see the "new" button issue on firefox (since I can't actually browse the site using Safari).

[gellar]

Ron,

There's definitely something on the site that's causing some hits from that IP, which after doing some research on definitely has some bad stuff going on with it.  It's based in Moldova, registered to a gmail address, and has shown malware at multiple locations on the IP.  It is bad news.

The reason your SEP at work isn't picking it up is it's looking for the actual payload rather than the IP reputation.  You haven't been redirected to the specific malware so you aren't getting lit up.  The endpoint browsers are just throwing warnings based on blacklisted IPs.

Something has been compromised if you don't have any relationship with that IP.

EDIT: Drop me a line if you want some to discuss further.

[Knightshade Dragon]

Ron,

There's definitely something on the site that's causing some hits from that IP, which after doing some research on definitely has some bad stuff going on with it.  It's based in Moldova, registered to a gmail address, and has shown malware at multiple locations on the IP.  It is bad news.

The reason your SEP at work isn't picking it up is it's looking for the actual payload rather than the IP reputation.  You haven't been redirected to the specific malware so you aren't getting lit up.  The endpoint browsers are just throwing warnings based on blacklisted IPs.

Something has been compromised if you don't have any relationship with that IP.

EDIT: Drop me a line if you want some to discuss further.

Nope, no relation to that IP.  I'm gonna get to work blocking it at the site level and then we'll see if I can't find the culprit.  I needed this right after the failures this weekend.  Sigh.

[Knightshade Dragon]

I've suspended all ads but it takes time to take effect.  It takes time to take effect, but let's hope it's as simple as that.

[Knightshade Dragon]

Ok.   Are you seeing any sort of malware / post strangeness now?

[gellar]

The site functional oddities seem to have gone away after you disabled ads.

[Knightshade Dragon]

The site functional oddities seem to have gone away after you disabled ads.

Yea, we were getting code injection from, of all places, GOOGLE.  I'm somewhat less than happy. 

[Teggy]

I'm no longer having either problem in Safari for Mac.

[leo8877]

I'm no longer having either problem in Safari for Mac.

Same, it's been fixed for me after whatever you did.

[CeeKay]

NUKE MOLDAVA!

[Huw the Poo]

I was never getting malware alerts, but since you disabled the ads the #new function is working again.  Hurrah!  A working forum and no ads! \o/

[Knightshade Dragon]

I was never getting malware alerts, but since you disabled the ads the #new function is working again.  Hurrah!  A working forum and no ads! \o/

We are going to be doing some updates and you'll see the GoG and GoGamer ads return, but Google has flat pissed me off at this point.

[Arkon]

I actually got hit hard by it this morning at 7:40 AM.  When I navigated to the front page of GT, Firefox popped up that a plugin was missing and Java tried to run.  I hadn't clicked on anything as I was a bit surprised, and immediately a window popped up with antivir trying to scan my system "claiming" it was infected with numerous threats.  I was unable to launch any exe's, had to power off and then back on into safe mode.  Something had been put into my startup and had numerous registry entries.  Managed to get it all cleaned up, but it almost kept me from being able to deliver training for work as this was on my work laptop.  For some reason I did not have NoScript running which would have likely blocked this.

[YellowKing]

I got hit too. "Antivir Pro" malware that killed my Microsoft Security Essentials, set up a fake proxy so internet wouldn't work, etc. Luckily Malwarebytes was able to clean it in safe mode.

[Knightshade Dragon]

Damn guys...I'm really sorry.    I feel like a prick. 

[Arkon]

I got hit too. "Antivir Pro" malware that killed my Microsoft Security Essentials, set up a fake proxy so internet wouldn't work, etc. Luckily Malwarebytes was able to clean it in safe mode.

I am going to need to get Malwarebytes, I am still dealing with proxy oddities.  Sadly the internet at my hotel sucks ass.

[gellar]

Damn guys...I'm really sorry.    I feel like a prick. 

Not much you could have done about it, KD.  Short of running an entirely closed site that has extremely good security procedures, it's not really a matter of if, but when a site gets compromised.

[jersoc]

Nah, google is apparently less than stellar in their ads, which is quite bad since that's how they make so much mountains of money. I read Qt3 sometimes and a month or so ago they got hit with an ad like this too. From what I read google is pretty slow at doing anything about it and short if turning off ads not much you can do.

I didn't get anything just visiting now.

[belfong]

I'm generally very careful about websites I go. I'm using IE8 Win7. Two days ago, out of a sudden, MS Security Essentials reported malware, virus and removed it. I blamed my wife as she was using the PC to surf for recipe. Now that I read about this, I'm relieved in that it could be my fault! I discovered GT two days ago too (I'm not blaming GT, btw). At least I know what happened compared to guessing which program or sites is giving problems.

Since MS Security Essentials removed the virus, it should be no issue right?

[Knightshade Dragon]

Correct.  The virus should be toast.  I've also removed the ads and I'm going to have a very terse conversation with the folks at GoG and GoGamer to fix their damned ads....

[YellowKing]

No worries, KD. I deal with viruses/malware all day long at work; one more at home didn't kill me.