Malicious calls to powerpint.net on FT [Merged threads]

Reply Subscribe

Thread Tools

Search this Thread

Feb 6, 2012, 10:59 am

bmvaughn

Original Poster

Join Date: Aug 2007

Location: Near SEA

Programs: UA MM, AS MVPG75K, Marriott Lifetime Gold

Posts: 7,969

Malicious code in FT ad?

I've been getting a number of TrendMicro warnings about possible malicious code when visiting FT. Believe it's related to the MileagePlus Explorer card ads.

Error below:

Feb 6, 2012, 6:07 pm

bmvaughn

Original Poster

Join Date: Aug 2007

Location: Near SEA

Programs: UA MM, AS MVPG75K, Marriott Lifetime Gold

Posts: 7,969

Pretty much making browsing the site unusable. Happens on all Chase ads.

Feb 6, 2012, 6:14 pm

IBobi

No longer with Internet Brands

Join Date: Mar 2011

Location: Los Angeles, CA

Programs: DL DM 1.6MM, Marriott LT Plat

Posts: 5,343

Is it your virus warnings that are making browsing difficult, or is it the ads themselves? What exactly is happening?

Feb 6, 2012, 6:15 pm

bmvaughn

Original Poster

Join Date: Aug 2007

Location: Near SEA

Programs: UA MM, AS MVPG75K, Marriott Lifetime Gold

Posts: 7,969

Quote:

Originally Posted by IBobi

Is it your virus warnings that are making browsing difficult, or is it the ads themselves? What exactly is happening?

Virus warning that pops to be Always on Top whenever I browser any FT page that has a Chase ad.

Feb 6, 2012, 6:17 pm

IBobi

No longer with Internet Brands

Join Date: Mar 2011

Location: Los Angeles, CA

Programs: DL DM 1.6MM, Marriott LT Plat

Posts: 5,343

Hmm, well, not getting any other reports of this behavior. Not sure what to tell you at this point.

Feb 6, 2012, 6:22 pm

bmvaughn

Original Poster

Join Date: Aug 2007

Location: Near SEA

Programs: UA MM, AS MVPG75K, Marriott Lifetime Gold

Posts: 7,969

Quote:

Originally Posted by IBobi

Hmm, well, not getting any other reports of this behavior. Not sure what to tell you at this point.

I suggest having your ad reps look for redirects on the Chase ads to route via powerpint.net. Right now anyone browsing your site with Trend Micro would get this result.

You can check maliciousness here:
http://global.sitesafety.trendmicro.com/
using "powerpint.net/in.cgi?2" as the destination.

Feb 7, 2012, 3:33 am

RBH58

Join Date: Oct 2009

Location: Brisbane Australia

Programs: Singapore, Cathay, QANTAS, Delta, Velocity, Etihad

Posts: 429

Quote:

Originally Posted by bmvaughn

I can confirm that this is the case!

Feb 8, 2012, 11:05 am

bmvaughn

Original Poster

Join Date: Aug 2007

Location: Near SEA

Programs: UA MM, AS MVPG75K, Marriott Lifetime Gold

Posts: 7,969

Not sure if you still have the issue... I got tired of the warning so I changed my HOSTS file.

Feb 8, 2012, 11:12 am

IBobi

No longer with Internet Brands

Join Date: Mar 2011

Location: Los Angeles, CA

Programs: DL DM 1.6MM, Marriott LT Plat

Posts: 5,343

TrendMicro warning

Hi all,

Our internal malvertising team has rescanned the ads in question (Chase) and determined that the ads are safe. Also, Google's SafeBrowsing service did not flag any of the content.

Most likely the reason it was flagged is due to differences in classification of malicious content; the website VirusTotal shows that only 1 out of 17 security sites have listed the URL mentioned here as malicious. That one security site is TrendMicro (https://www.virustotal.com/url/bd943...5b3a/analysis/).

Please let me know if we can be of any further help on this!

Paul

Last edited by IBobi; Feb 9, 2012 at 1:04 pm

Feb 13, 2012, 5:13 pm

#10

wharvey

Flyertalk Evangelist and Moderator: Coupon Connection and Travel Products

Join Date: Jul 2000

Location: Milton, GA USA

Programs: Hilton Diamond, IHG Platinum Elite, Hyatt Discoverist, Radisson Elite

Posts: 19,040

Malicious calls to powerpint.net on FT [Merged threads]

I am having problems browsing Flyertalk.... I am having to double click on the "Back" button on my IE browser.Used to only have to click once... and I see at the bottom of the screen a web address that has powerpint.net in the name.

That is new to me... never noticed that before.

Last edited by wharvey; Feb 14, 2012 at 3:43 pm

Feb 13, 2012, 5:14 pm

#11

IBobi

No longer with Internet Brands

Join Date: Mar 2011

Location: Los Angeles, CA

Programs: DL DM 1.6MM, Marriott LT Plat

Posts: 5,343

Could be ad-related; I'll check it out.

Feb 14, 2012, 11:49 am

#12

IBobi

No longer with Internet Brands

Join Date: Mar 2011

Location: Los Angeles, CA

Programs: DL DM 1.6MM, Marriott LT Plat

Posts: 5,343

We're not seeing it as an ad; did you try clearing your cache?

Also is it possible it's local to your machine, i.e. a bad cookie or malware? Issue has not been reported by other users as yet.

Feb 14, 2012, 3:49 pm

#13

wharvey

Flyertalk Evangelist and Moderator: Coupon Connection and Travel Products

Join Date: Jul 2000

Location: Milton, GA USA

Programs: Hilton Diamond, IHG Platinum Elite, Hyatt Discoverist, Radisson Elite

Posts: 19,040

Looks like this is related to this issue I just saw in another thread:

http://www.flyertalk.com/forum/techn...ode-ft-ad.html

I tried clearing the cache... but still only getting the powerpint.net message at the bottom when on FT... and having to doble click the back button to get back to the previous page.