Just for my academic interest, how hard was this to work out? Was it something that any competent IT person could work out, or was it more specialised?
Thanks
I have no formal IT training, but have always been fairly competent/keen to learn when it comes to IT. I have had some spare time this week and spent a while on this case. I cannot stress how much Google is your friend though.
Anyone with basic website (HTML/java) knowledge could have worked it out, the key though was being able to replicate the problem with a logger tracking all the traffic (the redirect happens within a split second). I found a logger (HTML Analyzer) last night which does exactly that, but couldn't replicate the problem. However, it happened today and I was able look through the history (which is quite in depth) and work back from the redirect site with the malware back to the FT forums.
I think the key thing I missed was the fact that the redirects were intermittent. Initially I mistakenly thought there was an exploit in the forum software as there have been problems previously on other forums being exploited. But the intermittent nature shows it was coming from something on the site that rotates (i.e. a banner/advert).
I would be interested to know how the bogus site was able to operate a banner here. There appears to be no track record of the company/site and the domain name owners have a whois block service so you don't know where they are from.
Essentially yes ... There are some good online sites which you can use to check if a site is legitimate or infected:
Bravo, kudos & thanks to MoneyBagger for helping FT and rest of us - some of us knew something just isn't right ... Using Firefox on my own laptop now but when on the road, it isn't a matter of choice to avoid or not use IE 8 or 9.
When we had similar issues & popups randomly over at Cruisecritic dot com, it drove some of us nuts for weeks - and it was tracked down only a few weeks ago (the details & threads/links are mostly gone/deleted & no longer available to members) - my best recollection of the summary finding was that it was malware codes/scripts hidden in graphics/logos commonly used by CC members, and it got in & launched itself - very similiar MSE phony threat reports and offering to fix it (as we've saw them here on FT.)
Furthermore, the danger and risks pose is that, one's credit card/names & other personal info were exposed in the course of purchasing/authorizing/downloading the said "fixes" in solving the security problem - escalating and potential risking hundreds if not thousands in charges to one's CC account.
The practice goes back to the 1980's when we're surfing AOL and bragging about 56K modems - we've come a long way but the bad apples are still out there, and getting more sophisticated. My firewall, antivirus & spyware logs and reports all looked clean, deep & full scanning sweeps done showing no harm inflicted thus far, yet (fingers crossed )
Last edited by Letitride3c; Aug 2, 12 at 10:51 pm..
Good job. 
)
