InformAction Forums

...or not

I just had a redirect @ BTJunkie(I've got google-analytics blocked there)...

myBad wrote:...or not

I just had a redirect @ BTJunkie(I've got google-analytics blocked there)...

Assume we're referring to btjunkie.org? I just went there. Script allowed. No redirect. Tried clicking a random page. No redirect. If it was an internal page, please provide exact URL.

I should also mention that Adblock Original shows two blocked subdocument iFrames, both from bluelithium.com, an ad server. This was also true at a related post that I just marked "resolved". (Warning: @dult site.)

I like Adblock Original -- it blocks all that stuff by default, with no user action. I use it all the time. You might try it and see if it helps.

Tom T. wrote:

AlphaCentauri wrote:...I'd love to know who downloaded the malware in the first place and from where (shared work computer),

Why are you going to all those sites on the company's computer and time?

lol, I haven't seen anyone doing personal websurfing there, but since the computer is on a desk used by a part time employee and is the closest computer to the break room and the time clock, it's quite possible they were doing it on their breaks. There are so many innocent sites hacked, it wasn't necessarily anything more suspicious than checking to see when their kids have early dismissal from school to request time off.

But I sure would have liked to have seen the browser history!

Tom T. wrote: Assume we're referring to btjunkie.org? I just went there. Script allowed. No redirect. Tried clicking a random page. No redirect. If it was an internal page, please provide exact URL.

I should also mention that Adblock Original shows two blocked subdocument iFrames, both from bluelithium.com, an ad server. This was also true at a related post that I just marked "resolved". (Warning: @dult site.)

I like Adblock Original -- it blocks all that stuff by default, with no user action. I use it all the time. You might try it and see if it helps.

The btjunkie redirects occur shortly after performing a search. The query of the search has been irrelevant in my experiences.

I'll give AdBlock Original a try and let you know the results later.

myBad wrote:...The btjunkie redirects occur shortly after performing a search. The query of the search has been irrelevant in my experiences....

I allowed "everything" on the page in NS, disabled Adblock, disabled Fx pop-up blocker, did several searches, and still couldn't reproduce.

Only remaining possibilities that I can think of:
1) Fx Image blocking, but neither bluelithium nor adbrite were in that list;
2) It only happens in F3 (I run F2, earning permanent scorn from "certain other" team members, but ya'd be surprised how much stuff like this only runs in F3);
3) Malware.

Yet the issue was fixed at the other sites, correct? (block Meta redirect). So BT is doing something different. Will be interesting to see if the Adblock of the subdocument iFrames has any effect.

AlphaCentauri wrote:

Tom T. wrote: Why are you going to all those sites on the company's computer and time?

lol, I haven't seen anyone doing personal websurfing there, but since the computer is on a desk used by a part time employee and is the closest computer to the break room and the time clock, it's quite possible they were doing it on their breaks. There are so many innocent sites hacked, it wasn't necessarily anything more suspicious than checking to see when their kids have early dismissal from school to request time off.

But I sure would have liked to have seen the browser history!

Sounds like a Sysadmin Group Policy problem to me! (and don't all kids today have cell phones and text messaging anyway? lol)

I just got a redirect to the "Terminator Salvation Screensaver" again by trying to view a video on DailyMotion...and even a pop-up(?!) from visiting Yahoo(?!?!) for that same damn video hosted on Metacafe.

I'm unable to find Adblock Original. I guess Mozilla took it off of their site.

It's obvious malware. At this point, I think I'm just going to wipe the disk.

Yes, I understood your comment on JavaScript as relating to Adobe Acrobat.
Be aware, your Acrobat needs updating. Exploits exist against it.

And while you're at it, how about Flash & Java? Are they current - the most recent versions. If not, you're leaving yourself open there too.

myBad wrote:I'm unable to find Adblock Original. I guess Mozilla took it off of their site.

http://adblock.mozdev.org/

It's obvious malware. At this point, I think I'm just going to wipe the disk.

It's worth a try before wiping the disk. Or after. GL.