08-06-2008, 08:55 PM
|
#71 (permalink)
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,534
Thanks: 4,082
Thanked 6,979 Times in 3,614 Posts
|
Thanks for the reports. skyl4rk and Tom, can you remember whether you were requesting a forum page or a blog page when it happened?
|
|
|
Today
|
|
|
Other popular topics in this forum...
|
|
|
08-06-2008, 11:59 PM
|
#72 (permalink)
|
Coasting Down the Peak
Join Date: Jun 2008
Location: M I C H I G A N
Posts: 514
Thanks: 27
Thanked 42 Times in 35 Posts
|
I came in through Recent Posts which is bookmarked.
|
|
|
08-07-2008, 02:27 AM
|
#73 (permalink)
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,534
Thanks: 4,082
Thanked 6,979 Times in 3,614 Posts
|
I experienced the redirect tonight after clicking an e-mail link that opened a forum thread. This is the 3rd time I've had it happen since this started last week.
Was able to capture a lot of relevant data by finding out how to view FireFox cache info. I know which ads were called before the redirect occurred, so we may have a smoking gun.
FYI, the actual redirect appears to be a sneaky thing - apparently it bounces across 3 different web sites - before ultimately landing at windows-defense.com.
Ben got the redirect as well this evening - in the forum also.
Anyway, tomorrow we'll see what the ad provider can do with the info I captured.
|
|
|
08-07-2008, 09:37 AM
|
#74 (permalink)
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,534
Thanks: 4,082
Thanked 6,979 Times in 3,614 Posts
|
New question for anyone who has experienced the redirect:
Two of the three times I've seen it, I was coming in "fresh" to the site, either typing the URL in (auto complete - I just hit "e" and it's my top entry), or coming in via an e-mail message (thread subscription notification). The other time was opening a PM - which spawned a new window.
I think this may be one reason why people who have been sitting on their "reload" buttons haven't been able to reproduce the problem. The exploit may be looking for a fresh "session" with no internal http referrer.
I know some of you have said you got it from clicking an EM link while already on the site, but at least syl4rk and Jamie also got it coming in to a new session from a bookmark or loading the site in a fresh browser.
|
|
|
08-07-2008, 09:47 AM
|
#75 (permalink)
|
EcoModding Apprentice
Join Date: Dec 2007
Location: mid michigan
Posts: 136
Thanks: 0
Thanked 1 Time in 1 Post
|
Yeah, all of mine happened with new sessions.
__________________
Best tank= 81.23 mpg on 07-01-2008
Longest range= 791 miles on 9.74 gallons
|
|
|
08-07-2008, 10:32 AM
|
#76 (permalink)
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,534
Thanks: 4,082
Thanked 6,979 Times in 3,614 Posts
|
Holy cow - I just noticed you got 81 mpg! Did I miss a thread? Post up in the "success stories" forum!
|
|
|
08-07-2008, 11:30 AM
|
#77 (permalink)
|
EcoModding Apprentice
Join Date: Apr 2008
Location: Marietta, GA
Posts: 139
Scoob - '05 Subaru Impreza Outback Sport SE 90 day: 25.28 mpg (US)
Thanks: 0
Thanked 0 Times in 0 Posts
|
Ok, fresh session (subscription link via email), and I got it again. I moved it around to see that the browser is minimized behind it and the popup won't let you at the browser until it's closed:
Of course, opening another browser window works around that. Right now I've got it sitting here and I haven't clicked on anything. I can leave my machine like this while I'm at work if someone can provide me with some way to run some logger or tracker to see what happens when I do click cancel. That is, if this will be helpful at all.
So yea, lmk if you need me to run anything while I have this up for tracking purposes. If no response by tonight, I'm taking my browser back.
|
|
|
08-07-2008, 11:47 AM
|
#78 (permalink)
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,534
Thanks: 4,082
Thanked 6,979 Times in 3,614 Posts
|
cmags, if you don't mind, can you go in your cache (launch a new browser session and type "about:cache") and identify the exact time you loaded the subscribed thread (search for the thread URL).
If it's still there, can you find any other downloads that occurred at the same time (or within a couple of seconds afterward)?
Specifically, do you have a cache entry with adoptserver.info in it? If you do, could you post the details? Also, could you post details of any entries with the string "nvero" in them?
thanks-
Darin
|
|
|
08-07-2008, 02:14 PM
|
#79 (permalink)
|
EcoModding Apprentice
Join Date: Apr 2008
Location: Marietta, GA
Posts: 139
Scoob - '05 Subaru Impreza Outback Sport SE 90 day: 25.28 mpg (US)
Thanks: 0
Thanked 0 Times in 0 Posts
|
Ok, here's the key I found for my link following:
Code:
Key: http://ecomodder.com/forum/showthread.php/iduino-mpguino-4215.html
Data size: 34388 bytes
Fetch count: 1
Last modified: 2008-08-07 10:23:40
Expires: 1969-12-31 19:00:00
Then here's the only entry for adoptserver.info:
Code:
Key: http://adoptserver.info/state_.gif?up=http://ads.doubleclick.net/ads/bid=12/nxtd/fr012/wi/ai&key=678910083V18003
Data size: 986 bytes
Fetch count: 1
Last modified: 2008-08-07 10:23:45
Expires: 1969-12-31 19:00:00
And there are a bunch of entries for nvero, but here's the one immediately following the above two entries:
Code:
Key: http://m1.2mdn.net/800562/wbk_mas_flick_v2_728x90.swf?clickTag=http%3A//ad.doubleclick.net/click%253Bh%3Dv8/3715/7/4e/%252a/h%253B206386908%253B0-0%253B0%253B28211234%253B3454-728/90%253B27653279/27671158/1%253B%253B%257Esscs%253D%253fhttp%3A//e.nvero.net/eas/cu%3D4574%3A%3Acamp%3D17810%3A%3Ano%3D29077%3A%3Akw%3Dlink1-29077%3A%3AEASLink%3Dhttp%3A//media.wachovia.com.edgesuite.net/sweepstakes/sweep/htmlVersion/
Data size: 29635 bytes
Fetch count: 1
Last modified: 2008-08-07 10:25:35
Expires: 2008-08-08 10:25:30
I'm attaching the whole Disk Cache for you too.
Hope it helps!
|
|
|
08-07-2008, 02:22 PM
|
#80 (permalink)
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,534
Thanks: 4,082
Thanked 6,979 Times in 3,614 Posts
|
That definitely helps. I believe we have our smoking gun. Thanks, cmags.
|
|
|
|