True, but since there’s a chance that it did come from here, I figured it was potentially useful information so I forwarded it along. As a single event, it’s probably not actionable, but if we get more reports in short order then it helps establish a pattern, right?
I’ve heard people saying this, but I don’t understand it. Millions use security software (myself included) without any ill effects, so either you’re using the wrong software, or there’s some conflict.
The big commercial vendors (or at least 1 of them in particular) have shitty software, they’ve been screwing up people’s computers for a long time.
The companies like Avast and AVG, etc. tend to do a good job.
Argh, thought we’d gotten a handle on this. Thanks for letting us know. If anyone else has malware problems while visiting the SDMB, pls let us know ASAP and provide as many details as you can, including screen shots if possible. (For PC users unfamiliar with such things, press Alt-Print Screen, open Paint, press Ctrl-V to paste in the page, then save the result as a JPEG.) Our apologies to anyone who experiences problems like this on our site.
Alot of people are also running recent version software on 5-6 year old PC’s that were low spec discount models 5-6 years ago. The end result is often the AV programs pulling large amounts of available system memory on a system like an XP box that is still running 256MB of ram that has been a slug since service pack 3 came onboard.
If thats who I think it is on our beloved dope, please drop her an email I can probably help her via phone/remote.
I just had this happen to me on the Great Debates forum. I have sent a PM to Ed Zotti about it, and reported this post to the staff so they’ll be aware if he isn’t online now. I’ll just cut and paste my PM here:
Well, I guess that confirms we didn’t solve the problem. I’ll get on it. Meanwhile, if others are seeing this, pls advise.
ETA: I’ve been in contact with one of our ad providers, and they say they’re going to load some software that emulates what users do - in essence it’ll click repetitively on SDMB pages waiting for the fake malware ad to show up. Since we’re getting reports at long intervals, it’s likely the bad ad is coming from a network in a low-frequency rotation, meaning this is a needle in a haystack proposition. However, they tell me if the ad turns up, the software will spot it.
Potentially related, not sure.
This happened yesterday, but I couldn’t reproduce it. Then it happened twice today, and I managed to stay on the page.
It’s the GQ forum (not sure that matters), and the top banner ad and the one just under the thread list say “Ads by Pulse360”. The bottom ad is for Buick Regal.
The behavior is that on pageload, the my computer downloads a file called “bct” (it’s always “bct”), which is empty, reporting itself as plain text and zero KB.
I’m on a Mac, using Safari 5.0.3 with no ad blockers or anything.
I’ll leave the tab open in case there are any other questions this afternoon.
Thank you for the update.
1.) Why didn’t they use that tool as soon as the first malware reports started popping up over a year ago?
2.) Will they keep the tool in use after this particular outbreak is theoretically dealt with?
3.) Do you consider this to be the new “cost of doing business” (i.e., no matter how many future outbreaks there are, you will never consider moving away from using Rubicon), or is there some cutoff point at which you’d cut your losses and dump them so as to avoid losing all ad revenue as visitors to the board stop trusting that you’re able to provide a safe posting environment?
Got it again, this time on Page 2 of "The Usual Suspects " thread, where the ads are HP Direct on top, Sprint after the first post, and then a sketchy three-white-boxes with IP-targeted ads in them (LED TVs, Acai Berry and work at home) at the bottom.
I will try to capture a Fiddler log of this when I get home from work tonight which unfortunately will be pretty late.
Questions:
-
How do you know “bct” is downloading? Is there some indication of this at the bottom of the browser, as on PCs?
-
Is “bct” stored on your hard drive? Where, in the root directory?
-
Is this the only behavior? You don’t see an fake virus screen or anything like that?
Thanks for the info. Sorry if you’re having problems.
-
The download history window of Safari pops up, just as if I’d intentionally clicked a link to download something.
-
Yes, it’s saved, it goes to my default downloads folder.
-
That’s it, no popups or anything (and I don’t think they’re blocked, unless Safari does that automatically – it isn’t my default browser). If Safari didn’t pop up the “Hey, you’re downloading something” window, I wouldn’t even notice it (until I happened to look in my downloads folder).
I haven’t noticed it causing any problems on the computer – it’s just weird and I thought it might be related to these problems. The downloaded files seem to be empty, though I suppose it’s possible they’re telling the Mac to report them as Zero KB even if they aren’t.
FWIW, I’ve used Safari to access the boards for many months from that computer, and that behavior only started happening within the last few days.
I just spent an hour reloading the SDMB with Fiddler running looking for malware but none was served to me. 90% of the ads were for Toyota so there wasn’t a lot of opportunity for the bad ads to get through. This time it does seem like looking for a needle in a haystack. Last time the malware was served very frequently.