08-05-2008, 11:23 PM
|
#61 (permalink)
|
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,530
Thanks: 4,078
Thanked 6,978 Times in 3,613 Posts
|
Thanks for the report jivany.
|
|
|
|
 Today
|
|
|
|
Other popular topics in this forum...
|
|
|
|
|
08-06-2008, 09:12 AM
|
#62 (permalink)
|
|
EcoModding Apprentice
Join Date: Dec 2007
Location: mid michigan
Posts: 136
Thanks: 0
Thanked 1 Time in 1 Post
|
i had another norton intrusion attempt warning yesterday at 10:15 am when i tried opening ecomodder.
This computer is running win xp and internet explorer.
__________________
Best tank= 81.23 mpg on 07-01-2008
Longest range= 791 miles on 9.74 gallons
|
|
|
|
|
08-06-2008, 10:07 AM
|
#63 (permalink)
|
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,530
Thanks: 4,078
Thanked 6,978 Times in 3,613 Posts
|
Jamie: was that in the blog or the forum? Do you still have the details of the warning?
|
|
|
|
|
08-06-2008, 11:02 AM
|
#64 (permalink)
|
|
EcoModding Apprentice
Join Date: Dec 2007
Location: mid michigan
Posts: 136
Thanks: 0
Thanked 1 Time in 1 Post
|
When it happens it always happens when I open right into the forum like this, Fuel Economy, Hypermiling, EcoModding News and Forum - Ecomodder.com Fuel Economy Forum
Pretty much the same details as the rest.
Norton details are, risk name "http fake scan webpage", risk level "high", attacking computer "84.16.252.73,80"
__________________
Best tank= 81.23 mpg on 07-01-2008
Longest range= 791 miles on 9.74 gallons
|
|
|
|
|
08-06-2008, 12:43 PM
|
#65 (permalink)
|
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,530
Thanks: 4,078
Thanked 6,978 Times in 3,613 Posts
|
FYI, in the forum I just swapped out the Google Ads for ads from the other provider. Please keep reports coming. Thanks.
|
|
|
|
|
08-06-2008, 02:41 PM
|
#66 (permalink)
|
|
Legend in my own mind
Join Date: Apr 2008
Location: Homestead, Fl.
Posts: 927
Thanks: 2
Thanked 14 Times in 13 Posts
|
Just got the antivirus pop up, as stated from others, it was when I entered on the main page and clicked on Forums ...
__________________
Thx NoCO2; "The biggest FE mod you can make is to adjust the nut behind the wheel"
I am a precisional instrument of speed and aeromatics
If your knees bent in the opposite direction......what would a chair look like???
|
|
|
|
|
08-06-2008, 04:30 PM
|
#67 (permalink)
|
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,530
Thanks: 4,078
Thanked 6,978 Times in 3,613 Posts
|
Thanks for the report, trik.
|
|
|
|
|
08-06-2008, 05:42 PM
|
#68 (permalink)
|
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,530
Thanks: 4,078
Thanked 6,978 Times in 3,613 Posts
|
Update...
Here's what I think is happening, and why we're having difficulty solving the problem thus far.
I believe the offending javascript containing the redirect to the windows-defense website (which causes the popup alert) is included with the js code being sent to dynamically display ads.
Our non-Google ad provider acts as a "distributor" for javascript ad code from trusted 3rd parties. They've received a few other reports of this redirect problem from other partner sites, but haven't been able to identify a source. So we can't track down which party might have been compromised.
The biggest problem is the random & very infrequent nature of the redirect. I've only seen it 2x myself after probably thousands of pageviews. (I think it's likely programmed to be random.) On top of random ad rotation from randomly selected 3rd parties, you can see how vanishingly small the redirect occurs for an individual user, relative to the number of EM pages viewed.
In addition, on my machine, I saw windows-defense.com set a cookie when I experienced the redirect. It could potentially be using the cookie to determine whether or not the redirect occurs (I deleted mine).
We like the ads (they help pay bills!). We want to keep our ad provider. But we need to sort this out. Obviously it's not acceptable to just ignore it. At best it's an irritation to EM users (myself included); at worst, someone might be tricked into installing the malware Antivirus 2009 program.
A potential solution for us would be to actually capture/log the offending javascript. It may contain identifying information that might point to a 3rd party advertiser that has been compromised.
I'll admit I don't know how to do that.
Can anybody suggest how?
|
|
|
|
|
08-06-2008, 06:56 PM
|
#69 (permalink)
|
|
Coasting Down the Peak
Join Date: Jun 2008
Location: M I C H I G A N
Posts: 514
Thanks: 27
Thanked 42 Times in 35 Posts
|
just got hit with the antivirus 9000 script again, it created a popup box, when I hit cancel it took me to the AV 9000 website.
|
|
|
|
|
08-06-2008, 07:56 PM
|
#70 (permalink)
|
|
Ford Escort 2.0
Join Date: Feb 2008
Location: Alameda, CA
Posts: 240
Thanks: 6
Thanked 27 Times in 24 Posts
|
Got it again today. The script goes by rather fast, but it didn't appear to be a google syndication thing (was looking up an ad server, then was looking up something like e-scripts.com)
__________________
|
|
|
|
|
