I noticed a slowdown this morning in my browsing. Opening Task Manager showed Google Chrome using vast amounts of RAM and CPU. Opening Chrome’s Task Manager pinpointed it to the Straight Dope tab and process. I closed the Straight Dope tab and restarted it and the high CPU and RAM usage came back. Checks of installed Extensions and Programs & Features showed nothing unusual or unwanted installed but running Malwarebytes showed that EasyPDFcombine / Mindspark was running and capturing everything I did. The log showed that it in my browser cache. Malwarebytes removed the malware and now all is well.
I therefore conclude that the malware came from the Dope and was in Chrome’s cache for the Dope and was restarted when I restarted the Dope.
I’m a paid-up member, so I shouldn’t be receiving ads - the usual vector - so how did it get here? I don’t run a proxy server any more so I have no logs to check.
Loach already reported this to our admins, but some additional info might be helpful.
Did you visit the Straight Dope main page? If I recall correctly, that page serves up one ad per day regardless of whether you are a paying member or not.
Are you using any sort of ad blocker or script blocker?
Not specially, no. I’m using Chrome’s default blocking capabilities and Microsoft’s anti-virus. I also periodically run Malwarebytes but don’t use their real-time protection.
The extensions I have enabled are Google Arts & Culture, Google Docs Offline, Lastpass, Docs (Google’s WP), Sheets (Google’s online spreadsheet), and Slides (Google’s online Powerpoint).
The usual vector for this type of stuff is advertising. I was hoping we could narrow it down to a malicious ad from the main page, but since you didn’t visit that you shouldn’t have received any advertising.
If you recall any ads that popped up at any time while you were here, or if you had any ads popped under that you found afterwards, please let us know. If you received any ad and you happen to remember what the ad was, that would be even more helpful.
If anyone else is having issues, please let us know.
I usually go in from the main page.
Tonight, on my iPad the malware was so bad it made the site literally unusable. The browser was hijacked with a “win a free iPad because you are an Amazon customer “ ad.
It seems to happen consistently after two clicks, so I couldn’t navigate to anything.
Then I tried accessing the boards without going through through the main page and it seems fine so far.
Thanks for the report. As a guest you should see ads, but they should never hijack your browser like that. I’ve reported the offending ad to our admins so hopefully the ad folks can track it down and kill it.
Thanks for posting details, too. That is very helpful in tracking down the malicious ad.
I’ve gotten a few hijacks since I started bypassing the main page but they were infrequent - annoying but still infrequent. And I haven’t been able to pin down the commonality but going back into a post to edit it might have been a trigger - or coincidence.
And I actually don’t mind well-targeted ads as long as the format isn’t too intrusive. I understand that nothing is really free and there have been times when I was actually glad to see a well-targeted ad - they sometimes alert me that items I purchase regularly are on sale.
Malware on the SDMB from unidentified source: this doesn’t give us much to go on. If anyone else is experiencing this problem, pls advise.
Hijacks by ads: we’ve had several reports on the SDMB, and a similar problem turned up last week on one of our company’s other sites. We’re getting varying descriptions of what the bad ads say: free iPad, Amazon, etc., leading us to wonder if we’ve got one problem or several. If you experience hijacking, pls provide a screenshot if possible or give us as much detail as you can.