The SDMB is serving up malware again

About This Message Board
1

I’ve been tolerating the broken ad-serving code that prevents the browser “back” from working some of the time, but this is a much more serious problem.

On clicking “back” a second time (IE 8), the browser closed except for a single small menu box which said my computer was infected, and that I should run VSCAN7, with only an “Ok” button. Task Manager reported 2 instances of IE running and I killed them both.

The particular malware link that was being served was http://f2f183769.anti*-*Elementor Hosting | This site is private (link broken to protect the obtunded). If this is like the last few times, that is an ephemeral link that will vanish in a few hours.

Why does this problem keep happening here (and only here)? I am a frequent user and/or contributor to at least another 20 vBulletin-based boards, and have never had that problem anywhere but here.

“Advice” of the form “so, don’t do that”, like “purchase a subscription” or “switch to some-browser-nobody-ever-heard-of” isn’t going to be listened to, so please save the electrons.*

By the way, when I tried to reproduce the “back doesn’t work” problem to tell you what that URL is, I wasn’t able to duplicate it, but I did get some annoying audio ads. They just go “Ap!” or something like that and cut off, presumably because I navigated off the page they were infesting while they were still loading.

If the answer is “don’t let the door hit ya on the way out”, that’s fine - but The Management should be clear about that, and not do the “you’re the only one that ever reported that”, or “we had a problem but we fixed it”, or “provide some impossible information and we’ll look into it”. This is a big site, and while you get ad dollars from the ad-serving companies, they are getting more from the companies that are paying them. So a threat to switch to a different ad-serving company should induce them to look at it from their end.

  • For those that have access to post stats, you’ll see that I answer questions, not ask them. I doubt as a casual individual user I’m worth much to keep around, but I could go to one of the sites that pays people for their answers. For everyone who makes a stink about this problem, there are probably many more who don’t complain.

Edit: I just managed to get the “broken back button” problem to trigger. It is http://www.tumri*.*net/ads/mti/5658?ATL_C…

2

Noted and reported.

3

There’s also some issue with ads maybe timing out. I get it on almost every damn page. I click on a topic to open in a new tab and it near locks up while trying to serve up the ads. And don’t you dare click again or it’ll lock up my entire browser. I’m getting rather pissed.

4

Ah, so it is this site, and not my computer. Whew!

5

I just hit the back button and everything was fine, so it must be a problem on your end.

What kind of electricity are you using?

6

I’ve seen the “your computer is infected” “warning” but don’t know what caused it. It’s possible the SDMB didn’t have me logged in at the time.

7

I have this problem in almost every thread, but I’m a member and shouldn’t be getting ads anyway. I’ve complained in this forum already without any helpful response.

8

I’ve never had so much as a whisper of a problem from this site other than lag.

9

We’re trying to figure out where these ads are coming from. We’re not supposed to be getting this kind of stuff and haven’t been able to replicate it. Please indicate your location (city), perhaps this will give us some idea. We’d also appreciate hearing from others who are having this problem. Please provide as much info as you can - ad(s) seen, browser used, etc. Thanks.

10

If I have tracked someone here to a hacker group, should I let you know who that is, or does everyone belong to a hacker group and I’m just naive?

Zoe, P.I.

11

I believe policy is that what you do offsite is not of interest here. Just because someone is a hacker does not mean they have hacked the Dope. It also has been revealed to be against policy to give out identification information.

Come to think of it, though, we have had a large amount of Malware, and I wonder if it is being targeted directly at us. Surely Google’s adservice actually checks the source code before approving an ad.

12

Happened to me today right after reading this thread. I’m in the metro-Phoenix area, using Windows 7 and IE8. Didn’t notice the actual ads seen as there was just a sudden notice that I should run VSCAN7. I believe I said “Accckkk!” and hit ctrl-alt-del to shut down IE. Unfortunately it insisted on restoring itself so I went to shutdown.

13

I’m in New York City, but some software thinks I’m in Colorado (the netblock I’m in is delegated from there).

May I suggest that the problem is the ad broker you’re using? This comes around rather frequently, and apparently they apologize and say “we’ll never do that again”, but it comes back after a couple of months.

14

This site seems to use other ad services besides Google. On this page, there are ads being served by:

pagead2.googlesyndication.com (Google)
ad.doubleclick.net (Google)

edge.quantserve.com (Quantcast)
www.quantcast.com (Quantcast)
pixel.quantserve.com (one-pixel image to force a tracking cookie - nasty) (Quantcast)
http.cdnlayer.com (SoftLayer)
tumri.net (Tumri)
tap-cdn.rubiconproject.com (Rubicon Project)

The first 2 are Google. I don’t believe the others are.

With all of these different ad brokers stuffing ads into the pages with Javascript, it is no wonder that people are seeing various problems with pages. It also makes it very difficult to discover which ad broker is serving up the malware.

15

Having my back button disabled has happened to me on this site (only) for the last two weeks or so. I would say it happens about once out of five to ten page views. When it happens, I check the “Recent Pages” list next to the back button (because I can use that list to skip back past the offending entry), and without fail the most recent entry is “tumri.net”-related.

Chicago area, XP, IE8

16

I had actually started my own thread in ATMB about this (thanks, Terry Kennedy, for pointing me here). On my work comp, on which I’m forced to use IE6, I’m getting the no-back and when I check the recent pages list, there’s always (and I mean ALWAYS) for this site, at least 2 and usually 3 or 4 ad urls (mostly google.doubleclick) right at the top of the list, forcing me to constantly go “back” by bringing up the recent pages and clicking on the first real SD page.

Lancaster, PA here. Work computer just got upgraded to XP, IE6 (don’t let them convince you that state gov gets all the good toys!).

17

I’ve seen issues so far with specific click, content.yieldmanager.edgesuite.net, googleads.g.doubleclick.net and ad.doubleclick.net.
I don’t get any malware pop ups but I’m getting damn tired of my internet windows locking up on me. :mad:

18

I just got the VSCAN7 message. I did not hit back, I right clicked and opened a couple of threads. Either VSCAN7 took over one of those tabs, or opened it’s own tab.

When I checked that tab, there was a pop up box. I closed it, and it said it was scanning my computer. I shut the tab, and don’t see anything unusual running in my task manager.

I’m in Hot Springs, Arkansas. However, because of my searches, ad servers often think I’m in Dallas, Texas. I’m using IE7 and Vista.

19

I’m getting slowed way down by tap-cdn.rubiconproject.com .

I’m not supposed to be seeing ads; why should my performance be affected by things I’m not supposed to be loading in the first place?

20

I just got the VSCAN hijack at 3:12 eastern time. I’m in Southfield, MI though it may show me as being in Tampa, FL because of my work.