Redirected to "Getsoftfree"?

Just searched using the Advanced Search tool, and when I hit the “back” button, I was apparently directed to “Getsoftfree” .(something-or-other, didn’t look that closely) which was identified by my system as a “web forgery.”

Me too when I was using firefox, and would look at any page on the straight dope message board. Told me my video browser was out of date and I needed to download a new version. :dubious: I’m on Chrome now and not having a problem. Maybe the site is hacked?

No problems here using Firefox 26.0

I was also using 26.0, and am still having a problem when I enter any thread. Although now I’m getting the same “web forgery” message as Sailboat.

Just count yourself lucky you weren’t redirected to “Gethardfree”.

You probably have “AirAdInstaller”. It’s a nasty one to remove. If your current malware software can’t remove it, Google for help.

There have been reports of browser addons being bought out by malware deliverers who then post “updates” to the addon that install malware. You may not have even done anything if the browser to set to auto-update addons. Chrome has been hit hard, not sure about Firefox.


Why would what you describe only affect sailboat and I when we visit the dope and why would it just be starting for both of us now? In any case I’ll try running a full malware sweep just in case.
ETA: Hmmm, actually it seems to have stopped at least for now.

In my case it isn’t local malware, it’s ads on the SDMB forcing redirects through Flash scripting.

Here is an example from browsing just a few threads without my quadruple layer of adblock, secure hosts file, anti virus, anti malware, which is necessary to surf the dope safely. (server being hacked notwithstanding)

Fortunately even Chrome’s built-in security wouldn’t allow the redirect to a phishing site. If successfully redirected, I would have been encouraged to update my Flash player with a rogue, malware infected version.

Here’s a link to an article from several days ago in which this was discussed.

Adware vendors buy Chrome Extensions to send ad- and malware-filled updates by Ron Amadeo, arstechnica, Jan 17, 2014.


You can Google for many more articles on the subject, as this was much in the news lately.


Also, paid member, plus Adblock

So can’t tell if this is coming from an ad specifically or from your brower? Fiendish. Bastids.

Just the same, we have to try to look at things. If you see this, please try to look at what else is on the page – a screen shot would be helpful. Send that to me.

Thank you for the link, Senegoid – that is very useful, especially in view of what’s been happening lately. I have sent all this upstairs.

If you encounter any of these situations and you’re reporting them in this thread, please also list your operating system and browser, that may be helpful. Also screen shots are almost always helpful as well; if we can point to any one ad entity as a bad actor, we may be able to do something. Of course if it’s something more broad-based (like your browser), that’s more difficult. :frowning:

Well, it hasn’t happened today. Windows 7 Enterprise Edition, Mozilla Firefox 26.0.

IT staff may or may not have done things behind the scenes on my end.

Anecdote. Firefox suggested I “Reset” it if my startup was slow. It was and I did yesterday. When reinstalling addons, I chose the wrong version of IEView, which sent me to a scammy webpage in Firefox. No worries: I uninstalled it.

My point is that this problem afflicts Firefox as well.

No problems at this board though.

I really, really, really really wish it wasn’t Google bankrolling Firefox.

Just a suggestion, but it might help the administrators of the board see how common, frequent, and easy to reproduce these issues are if they just view the site with ads themselves. It is probably simple to make the administrator/mod groups subject to ads, and then you could be getting first-hand reports for the folks upstairs.

In my case, mentioned in post #8, this was definitely an ad. No add-on, extension, or other malware on my own system was involved. An ad displayed on the SDMB tried to redirect me to a phony Adobe website. I have no way of saying which ad because by that time I was at another website viewing a stern warning from Chrome not to proceed. By the time I returned to the SDMB page from where I began there would be an entirely different set of ads.

I’m not willing to keep reloading pages over and over with no adblocker hoping to encounter malware again, but as I said if the admins and mods regularly used the site with ads themselves it would be a short time before you had some first-hand cases to report.

Even without changing the administrator settings, you could get the same effect just by logging out.

I do this from time to time.

I have yet to see anything personally. Maybe I’m just lucky. :frowning:

One of the difficulties sites have in duplicating bad ads is that the secondary ad servers can send different ads to users based on IP addresses. So if someone with an IP address in the same range as the client server views a page, they might get innocuous, sound-free, ads.

The real solution is that the primary ad companies have to host all the ads on their own site, after running them thru safety scripts. Allowing ads to be hosted on any random site is a horrible idea. Sure this ups their bandwidth costs, but the bandwidth is being paid by someone, just move the cost to the primary site. The ad suppliers pay more for ad placement, but less for bandwidth.

Why the clients put up with this is beyond me.