FALSE Virus alert [there is NO malware on your computer]
#242
Join Date: Aug 2010
Posts: 154
I have no formal IT training, but have always been fairly competent/keen to learn when it comes to IT. I have had some spare time this week and spent a while on this case. I cannot stress how much Google is your friend though.
Anyone with basic website (HTML/java) knowledge could have worked it out, the key though was being able to replicate the problem with a logger tracking all the traffic (the redirect happens within a split second). I found a logger (HTML Analyzer) last night which does exactly that, but couldn't replicate the problem. However, it happened today and I was able look through the history (which is quite in depth) and work back from the redirect site with the malware back to the FT forums.
I think the key thing I missed was the fact that the redirects were intermittent. Initially I mistakenly thought there was an exploit in the forum software as there have been problems previously on other forums being exploited. But the intermittent nature shows it was coming from something on the site that rotates (i.e. a banner/advert).
I would be interested to know how the bogus site was able to operate a banner here. There appears to be no track record of the company/site and the domain name owners have a whois block service so you don't know where they are from.
#244
Join Date: Aug 2010
Posts: 154
http://www.f-secure.com/weblog/archives/00002053.html
http://www.pcworld.com/businesscente...ssentials.html
http://blogs.technet.com/b/mmpc/arch...ake-innit.aspx
There are some good online sites which you can use to check if a site is legitimate or infected:
http://www.virustotal.com/ - Online virus scanner/site checker
http://urlquery.net/ - Site Scanner
http://www.unmaskparasites.com/ - Site Scanner
http://zulu.zscaler.com/ - Site scanner/inspector
http://www.avgthreatlabs.com/sitereports/ - Site scanner (part of AVG)
#245
Join Date: Aug 2010
Location: LGA - JFK
Programs: UA, AA, DL, B6, CX, KE, Latitude, VIFP, Crown & Anchor, etc.
Posts: 2,589
When we had similar issues & popups randomly over at Cruisecritic dot com, it drove some of us nuts for weeks - and it was tracked down only a few weeks ago (the details & threads/links are mostly gone/deleted & no longer available to members) - my best recollection of the summary finding was that it was malware codes/scripts hidden in graphics/logos commonly used by CC members, and it got in & launched itself - very similiar MSE phony threat reports and offering to fix it (as we've saw them here on FT.)
Furthermore, the danger and risks pose is that, one's credit card/names & other personal info were exposed in the course of purchasing/authorizing/downloading the said "fixes" in solving the security problem - escalating and potential risking hundreds if not thousands in charges to one's CC account.
The practice goes back to the 1980's when we're surfing AOL and bragging about 56K modems - we've come a long way but the bad apples are still out there, and getting more sophisticated. My firewall, antivirus & spyware logs and reports all looked clean, deep & full scanning sweeps done showing no harm inflicted thus far, yet (fingers crossed )
Last edited by Letitride3c; Aug 2, 2012 at 10:51 pm
#246
Join Date: May 2005
Posts: 3,944
Essentially yes. Here's how it works:
http://www.f-secure.com/weblog/archives/00002053.html
http://www.pcworld.com/businesscente...ssentials.html
http://blogs.technet.com/b/mmpc/arch...ake-innit.aspx
There are some good online sites which you can use to check if a site is legitimate or infected:
http://www.virustotal.com/ - Online virus scanner/site checker
http://urlquery.net/ - Site Scanner
http://www.unmaskparasites.com/ - Site Scanner
http://zulu.zscaler.com/ - Site scanner/inspector
http://www.avgthreatlabs.com/sitereports/ - Site scanner (part of AVG)
http://www.f-secure.com/weblog/archives/00002053.html
http://www.pcworld.com/businesscente...ssentials.html
http://blogs.technet.com/b/mmpc/arch...ake-innit.aspx
There are some good online sites which you can use to check if a site is legitimate or infected:
http://www.virustotal.com/ - Online virus scanner/site checker
http://urlquery.net/ - Site Scanner
http://www.unmaskparasites.com/ - Site Scanner
http://zulu.zscaler.com/ - Site scanner/inspector
http://www.avgthreatlabs.com/sitereports/ - Site scanner (part of AVG)
This whole matter did get me to download the real MSE yesterday. A quick scan shows no problem. Also, Malwarebytes' Anti-Malware shows no problem.
#252
No longer with Internet Brands
Join Date: Mar 2011
Location: Los Angeles, CA
Programs: DL DM 1.6MM, Marriott LT Plat
Posts: 5,343
#253
Join Date: Jun 2012
Location: England
Programs: Executive Club Silver
Posts: 711
The warning hasn't appeared so far so it looks like Money has solved the mystery.
If it weren't for you I doubt this issue would have ever been resolved. I hope too many people weren't put off visiting the site because of it.
If it weren't for you I doubt this issue would have ever been resolved. I hope too many people weren't put off visiting the site because of it.