WARNING - Is it F150online unwittingly distributing a VIRUS?????
#1
WARNING - Is it F150online unwittingly distributing a VIRUS?????
What the hell is the deal with an AD (MyCloudMagic.com) at the TOP of the homepage - and sometimes Forum pages that MAY CONTAIN A TROJAN OR TRY YOU TO DOWNLOAD A VIRUS???? When you click on "ANYWHERE on it" you get a warning about "Internet Security Damaged....
Trying to sucker someone into falling for a screen that says "YOU HAVE 1 MESSAGE"???? And when clicked on pops up a dialogue box that requests your login and password!!! It looks just exactly like Windows Login dialogue box!!!! It's unconscionable - and the ADD SHOULD BE REMOVED!!!!! IMMEDIATELY
Trying to sucker someone into falling for a screen that says "YOU HAVE 1 MESSAGE"???? And when clicked on pops up a dialogue box that requests your login and password!!! It looks just exactly like Windows Login dialogue box!!!! It's unconscionable - and the ADD SHOULD BE REMOVED!!!!! IMMEDIATELY
Last edited by F150Torqued; 07-27-2016 at 08:10 PM. Reason: Spelling to better express my disdane
#3
HTML code is HTML code - whether its run under Firefox / Chrome / Mozilla / MAC or Internet Explorer.
If you looked at the first screen grab you can tell I just browsed to https://www.f150online.com/forums/V8-Engines-24. The server at that address sent my browser a default page that contained an advertisement (MyCloudMagic.com) formatted within the first Page Ad space, just below the site heading. That Ad, in HTML code, java script, function or any number of other methods of formatting text and graphics on the browser's screen, INTICES the reader to 'click' on it to find out what the message is all about. Thus opening a session with the "NON F150online" site - which itself can be malicious. //Classic method of defeating firewalls and security measures - no matter what browser you are using./// In this case, it worked on me and I clicked on it to see what "the message" was about. (That's what I'm WARNING others about).
I run good security software (Eset Smart Security - which caught it) and a robust hardware Firewall appliance in front of a Windows 2008 R-2 server sitting in the DMZ. And I intentionally use LOW privilege settings personal workstation logons (for this very reason). It was the Windows System that presented a Pop-up dialogue box requesting an administrative logon & password for Privileges to "Write" to the system hard disk.
THAT'S what prompted me to immediately press "Ctl/Alt/Del", reboot, logon and go back and try it again - taking the screen pictures with my Cel phone and posting them to WARN OTHERS - who might be just as 'fooled' but less vigilant than I.
I'm not blaming F150online. So long as they (Or YOU if your a Moderator) vet ALL of the rotating Ads to make sure they are not themselves infected or point users to a malicious site.
And thanks for the Scan suggestion. Of course, I did that too.
If you looked at the first screen grab you can tell I just browsed to https://www.f150online.com/forums/V8-Engines-24. The server at that address sent my browser a default page that contained an advertisement (MyCloudMagic.com) formatted within the first Page Ad space, just below the site heading. That Ad, in HTML code, java script, function or any number of other methods of formatting text and graphics on the browser's screen, INTICES the reader to 'click' on it to find out what the message is all about. Thus opening a session with the "NON F150online" site - which itself can be malicious. //Classic method of defeating firewalls and security measures - no matter what browser you are using./// In this case, it worked on me and I clicked on it to see what "the message" was about. (That's what I'm WARNING others about).
I run good security software (Eset Smart Security - which caught it) and a robust hardware Firewall appliance in front of a Windows 2008 R-2 server sitting in the DMZ. And I intentionally use LOW privilege settings personal workstation logons (for this very reason). It was the Windows System that presented a Pop-up dialogue box requesting an administrative logon & password for Privileges to "Write" to the system hard disk.
THAT'S what prompted me to immediately press "Ctl/Alt/Del", reboot, logon and go back and try it again - taking the screen pictures with my Cel phone and posting them to WARN OTHERS - who might be just as 'fooled' but less vigilant than I.
I'm not blaming F150online. So long as they (Or YOU if your a Moderator) vet ALL of the rotating Ads to make sure they are not themselves infected or point users to a malicious site.
And thanks for the Scan suggestion. Of course, I did that too.
#4
Not to argue with you but to try to help you figure this out. I went to the page you have linked. I got nothing but the correct page. You do understand that MyCloudMagic is an email app? I quickly looked over the code for the page and find nothing like that on it. Might look over the program list on your PC, I assume, and see if it is there or do a search in the program directory. If you are accessing this website via IPhone or similar, that's probably the issue.
#5
THIS! And liberal use of the Windows "hosts" file to prevent your browser from connecting to known spam sites.
Tip: you MUST run your editor in Administrator mode in order to make changes to the hosts file otherwise it won't actually save your changes to the file.
#6
You mean like this?
0.0.0.0 www.F150online.com (just joking of course), and thanks for all the suggestions.
Yes I do. And I have been directly to their site several times (with an Ethereal log running!).
Red McCombs Hyundai
NITTO Ridge Grappler tire ad
RAM Lonestar Crew Cab ad
As can be seen from the first thumbnail in the OP, the ad is neatly formatted right where this mornings rotating ads are. That is pretty darned hard for a local virus to accomplish, although just about anything is possible with computers. Everything on the Ad was a live link. And although it hasn't happened again - it happened twice with a complete reboot between the two identical incidents of something in that sequence of events that attempted to write to the hard disk on my workstation - which is running on a LAN, sitting behind a sophisticated firewall. ??? I've checked for DNS hijacking and cache corruption, and several other things to no avail. Wish I knew more. But I thought the warning was appropriate at the time.
#7
You mean like this?
0.0.0.0 www.F150online.com (just joking of course), and thanks for all the suggestions..
0.0.0.0 www.F150online.com (just joking of course), and thanks for all the suggestions..
Something else that you might want to look into is Grease Monkey. You can add scripts that it uses to block ads on G-mail and other sites.
Trending Topics
#9
OK GUYS - HERE YOU GO - It happened again. Something may be going on locally - but I'm still trying to figure it out. It is repeatable.
First --- I would like to thank Global Moderator @Patman.
Just spotted it again. I browsed to multiple forums here on a different network workstation and it seems like about every four to six ad rotations, the one displayed in the first attachment shows up.
Another very interesting fact. The SAME identical ad appears in the rotation at www.F150Forum.com
When I click on the add, I get the Second attached screen. If that won't take your breath away - you ain't normal.
The front popup dialogue boxes can't be closed - so I moved them to a second display attached to that workstation and got a screen grab of the underlying screens. I got snapshots of 'view source' for both the base page - and the ad block. But that is too 'geek zone' to attach here. It has something to do with google adservices redirects and some url like "www.com-expand-com" ///(@Joe51 , there is one for me to define IP address of 0.0.0.0 for in the hosts file)///
Again, Wish I knew more - but hoping this helps someone.
First --- I would like to thank Global Moderator @Patman.
Just spotted it again. I browsed to multiple forums here on a different network workstation and it seems like about every four to six ad rotations, the one displayed in the first attachment shows up.
Another very interesting fact. The SAME identical ad appears in the rotation at www.F150Forum.com
When I click on the add, I get the Second attached screen. If that won't take your breath away - you ain't normal.
The front popup dialogue boxes can't be closed - so I moved them to a second display attached to that workstation and got a screen grab of the underlying screens. I got snapshots of 'view source' for both the base page - and the ad block. But that is too 'geek zone' to attach here. It has something to do with google adservices redirects and some url like "www.com-expand-com" ///(@Joe51 , there is one for me to define IP address of 0.0.0.0 for in the hosts file)///
Again, Wish I knew more - but hoping this helps someone.
#10
I got one tonight and it's a know bad ad. Battery virus...this is a copy of the text. Comes right up on Google.
Your battery is severely damaged by (4) viruses!
We have detected that your Android battery is running at (28.1%) capacity due to harmful viruses from recently visited adult sites. These viruses will damage your SIM card and corrupt your contacts, photos, data, applications, etc. on your phone.
Your battery is severely damaged by (4) viruses!
We have detected that your Android battery is running at (28.1%) capacity due to harmful viruses from recently visited adult sites. These viruses will damage your SIM card and corrupt your contacts, photos, data, applications, etc. on your phone.
#11
The SAME identical ad appears in the rotation at www.F150Forum.com
Bears repeating - install Adblock Plus. Then you won't see ANY ads up top.