We use two ad services, Google and Rubicon. Quantcast is a well-known usage tracking outfit. It doesn’t track you personally, it tracks overall site usage, which it uses to publish reports available to potential advertisers at quantcast.com. Not sure what Tumri and SoftLayer are - I put in what the tech guys tell me to put in - but I’m confident they’re associated with one of the above. These are all well -known services with many clients; none of them is specific to us. Our message board software, vBulletin, is also in common use. So far as we’re aware, we’re not doing anything that lots of other boards aren’t doing. I don’t claim the problems you’re seeing are all in your head; however, our observation has been that global problems usually generate a raft of complaints, whereas isolated complaints generally mean some undesirable interaction between our site, an ad server, and some program local to you. As you can appreciate, these are difficult to track down, although we do our best.
On the question of objectionable ads, our ad scheduler assures me we’re not supposed to be seeing ads with sound, malware, and the like. If you are, that suggests an advertiser has managed to sneak something past the broker’s filters. If you see or hear an objectionable ad, the simplest thing for PC users is to send us a screen shot (Alt-Print Screen) of the problematic SDMB page, if possible showing all three ads on the page. (Don’t hit the back button before doing this; you may get a different set of ads.) It’s much easier for us to follow up on objectionable ads if we can identify the advertiser.
I haven’t had problems with my IE8 back-button, but a malware attempted to run when I clicked the “It’s mine!” thread in Threadspotting. 7:20ish PM central US time. My browser closed and was replaced by a dialog stating that I should run some phony anti-malware program. The dialog had only an OK button. I closed it using task manager. So far AVG and Malwarebytes haven’t found anything.
I’ve seen at least 5 other reports of the VSCAN7 one hitting people here recently, a bunch of complaints about the back button being broken, and at least 2 others about the noisemaking ads.
This is the same as any real virus - if it infects and kills everyone, it can’t spread. So it evolves to only target some small percentage of the population.
As I said in my original post, this is the only site out of 20 or so other vBulletin sites I use regularly where this happens. And it happens regardless of what computer I’m on. Trust me - “it’s not me, it’s you”
As I was browsing the “Driving cross-country with a cat” thread in GQ, all browser windows closed and were replaced with the VSCAN7 popup: image
After nuking all IE processes and coming back to ATMB to report this, I saw a bump to a different post - “Anyone else getting fake anti-virus errors?” and was intending to post a link to this thread, when I got “Contratulations! You’re a winner!” blaring out of my speakers and a strobing ad box saying the same thing: image
Your ad brokers are either incompetent, lying to you, or both.
I got the fake anti-virus warning two days ago also. I didn’t bother reporting as it is the 3rd time in the last few months. My Norton always stops the threat and I am just begining to realize that the SDMB is simply one of those sites that you need to really use protection to visit.
I’m sorry Ed, but whoever is in charge of your IT security sucks at it. That is the plainest way I can put it.
I just now clicked on the main page link (“Straight Dope Message Board>Main”) link and the page had an ad for eHarmony.com at the bottom. Without meaning to, I moused over the ad. Sound started playing, a voice over about the eHarmony website.
For the record, the ad DOES specifically say “Mouse over for sound.” I don’t know if this is therefore acceptable or not; and please understand that I am not complaining about the site so much as I am informing Those With The Power about the experience I had.
It might also be helpful if people were to forward the output of a netstat command. With maybe 3 people reporting there might be enough info to locate the servers sending the bad ads and then figure out which irresponsible ad service is doing this.
Note that malware ad distributors can make sure that the ads don’t get served to the region the host site is located so that the admins don’t see the ads. So the SDMB admins not seeing the malware means nothing.
For Everyone’s information, the VSCAN thing isn’t malware. It’s a crappy form of pop-under advertising that tries to convince you that you have been infected with malware, so they can sell you their (almost certainly useless) anti-malware software. Complain about it as an ad, I would agree it sucks, but don’t call it malware. Incidently, the ad uses a “feature” of IE to do it’s shit. Firefox doesn’t ever show it. I can’t say about other browsers, because those are the only 2 I use.
I didn’t click Ok to see what this particular version does.
In the past, there have been similar things that download a “free scanner” when you click Ok which then holds your system hostage until you buy your way out or find a way around it. Article about this here.
Some particularly nasty variants encrypt your hard drive data. Article here.
I picked up the AV Security Suite “virus” here on Tuesday. Just like Terry Kennedy said, I was clicking back, the window popped up saying I was infected, and I Ctrl-Alt-Deleted out of my Explorer session, but it was too late. I didn’t report it because I’d seen it here before, but was lucky enough not to get infected. This time, not so much.
And I would call it malware, as it disables your browser by activating a proxy setting (IE, at least), disables .exe files from running, and will reinstall itself on start up if not completely scrubbed.
I live in Chattangooa, TN, run IE8, and this is the only board I frequent.
A program that closes my browser and replaces it with a phony virus scanner IS malware. If I have to use the task manager to close the dialog, else it will hijack IE8 and redirect all URLs to the site where I am supposed to pay the ransom to get my browser back, it IS malware.
An ad would be trying to sell me a service, not trying to destroy my computer so I can pay them to undo the damage.
Now I’m seeing the back-button issue that others have described. My IE7 back button history has been modified so that the most recent page is on www.tumri.net/… When I click on it, nothing changes on my screen.
Just got the AV Security Suite virus AGAIN at 5:48pm EST (ish) on my other laptop. Clicked the back button out of this thread, and noticed a Java splash screen launched. Before I get launch the task manager, AV Security Suite splash page popped up, and told me it’d detected a virus.
I’m scrubbing that machine now, but I thought I’d let you know.
NOTE TO SDMB ADMINS: Until this virus/malware thing is cleared up, I will no longer be visiting the SDMB. I can’t imagine I’m alone. Please realize this problem is costing you money.
Two minutes ago I got the AV Security Suite malware after clicking Reply on a thread.
Oh, but it’s not the SDMB’s fault! Even if it is their message board, they’ve contracted out to a third party and the third party promises they’d never serve malware or adware!
The lack of accountability by management is incredible. Until someone owns up to the problem it isn’t going to get fixed.
About one o’clock I bumped into Exploit Rogue Scanner type according to my AVG which blocked it. I tried to copy the info but then windows began opening up and I scooted. None of the addressess posted here looked like the one which was shown. Eekers.
Oh my gosh! I am concerned that I may have gotten ahold of some malware this afternoon. For anyone interested, please check my post #18 in the ATMB forum in the thread, “Is it permitted to call the President a bunch of evil names?”. I placed a link at the end of this post.
I made a spelling error wrt the name of the software in the post. The correct name is RegistryBooster.exe and it was offered to me to download after I received a warning that I was trying to open a “.php” file (that is a file used to create HTML files).
I’ve been having the back button issues for a week or more on my work computer, home computer, work laptop and personal notebook. I got the VSCAN7 message a bit after 3:00 am CST today. I’m in the Nashville area.
