For those that want to be protected, just run the things I do:
FireFox
AdBlock Plus
Zone Alarm
Avast
URLSanitizer
ImageMalwareDoctor
PDFScrubber
ProcessDenier
X86OpcodeTransformer
ScriptGrabageCan
ScriptGarbageCanForOffice
CodeDelayAndRedirect
MemoryTranslationMapWithSecureKey
TCPIPPacketDropper
DroppedPacketRerouter
ReroutedPacketRetransmitter
Blurg V2.7
InstantKernelRefresh
ParameterSniffer (Integer mode only! there’s an exploit in Floating Point mode)
GraphicsMemoryProjector
WebcamOpcodeProxy
This setup works pretty well, although the only thing that gets through from the internet are vowels and the letter “T”.
I’m surfing as a limited user on a linux box. No windows malware for me!
How do I set up XP and Vista computers in order not to be in Administrator mode? Thanks/
Help articleat Microsoft for XP.
Should be similar for Vista.
IIRC, Vista is already setup by default to not run as a true administrator.
As for XP, there has already been one suggestion upthread. Though I have no experience with that method, here is a recent post of mine in another thread with what I use: (highly recommended for XP if you log on as an administrator)
http://boards.straightdope.com/sdmb/showpost.php?p=13868801&postcount=44
A few hours ago, based on this thread, I changed my wife’s and my accounts to standard, and added a separate Admin account. In addition, I run a full Malwarebytes scan and, I think it’s spywarebot SSD scan weekly. That and common sense. I can’t make myself be too paranoid…
Joe
Now it’s my turn to say “You’re joking, right?” I make good living cleaning infected computers, and I can guarantee few if any of them visit this board.
Jerry has pointed out in the past that some malware/virus attacks are set up to trigger through advertising calls in web pages. So you can have picked up the bug somewhere else and it doesn’t activate until you’re on another page on a completely different site with the advertising links embedded, as in our case.
In the past we have had advertisers that had rogue ads/malware on their servers – they were victims as much as we were. Legitimate advertisers strive to keep that kind of thing from happening, it’s terrible for busiiness. But they also deal with many ad brokers and many ads and it’s difficult to find the bad apples in the barrel.
If you are in fact getting a virus/trojan/malware from this site, take it as proof positive that your system is simply not secure enough. Yes, as tough as it might be to hear, it’s more your fault than it is this site’s fault. 99%+ of any infections you can get from an ad depend on vulnerabilities that have long been patched, and prey on those who don’t have the latest Windows/Flash/Java/browser updates.
If you don’t take the (unfortunately numerous) proper steps to secure your system, you will undoubtedly continue to fall victim, whether it’s through this site or others. There are plenty of threads with security recommendations here and elsewhere, but if someone wants more specifics, I’d be happy to help.
I agree with you engineer_comp_geek that it’s not a DNS cache poisoning. That’d be a much, much larger problem affecting a greater number of people, and you’d probably see an article or two about it. Still, it’s not a server (SDMB or broker) causing the problem at all; instead, it’s an ad with malicious code. If it were an actual server down the line, you’d see many more infected ads. Fortunately, it’s just a small number when compared to the tens of thousands of legitimate ads out there. And as diligent as the ad brokers claim to be, sometimes infected ads get by; it’s a game of cat-and-mouse between the malware writers and, well, everyone else.
What do you suggest they do? (And I mean that with absolutely zero snark.) They could drop ads altogether, but it’s been made clear that’s not going to happen; the ads provide much needed revenue. They could switch away from Rubicon and to another ad broker like Google, Microsoft, or Yahoo!, but that wouldn’t do any good because those brokers are having the exact same problem Rubicon is.
In addition, despite a number of people saying “it only happens here!” they’re demonstrably wrong. The New York Times has been hit, and The Drudge Report and TechCrunch have followed along. You know they aren’t going to be dropping ads, either.
Plus, even larger message boards like Gaia Online and IGN (Gaia being the largest in the world, according to Big-Boards.com) are still suffering from infected ads. So, okay, what’s Gaia’s plan to tackle the problem?
Which is what the SDMB is doing.
In this case I’m pretty sure you didn’t pick it up from the SDMB. You don’t get served ads due to your membership, you had AdBlock installed, and you don’t recall seeing any ads, anyway. The chances of it coming from this site are pretty slim.
That said, I know it’s frustrating. I’ve removed malware from numerous client machines, Macs and PCs alike, so I know the process and length of time needed to clean and verify one machine, even if the malware is one of the simpler, less nasty kinds. It’s a tiresome dance that I know is going to be repeated with a new person just a day later.
So, other than dropping ads altogether, if you can think of anything the SDMB could do to help eliminate the malicious ads that slip through the brokers, I’d be really interested (truly) in hearing what that is.
I wish I knew where my daughter’s laptop got infected. She has a limited account, uses Firefox with AdBlockPlus, and has up-to-date Avast. She spends most of her time on Facebook and YouTube.
NM.
There’s lots of crap on Facebook – fake sites that can infect your computer and take it over. Most any time you see a “quiz” or “John Doe just wrote his five favorite things about you” or you see a posting for “girl committing suicide” or “sexy girl” … it’s a come-on to something malicious.
Here’s an example I got just this afternoon – I know it’s fake, the person that supposedly sent it to me would never do anything like this:
=====
Laurie voted for Jennifer in the “Best Looking” contest.
Click to see where you rank among your friends.
I rarely click on anything from my Facebook contacts.
Update firefox.
I don’t know. I’m not a network admin or a system admin. My main reason for posting here was not to fix my own system (I can handle that all on my own) but to alert the powers that be here and alert other users as well about what had happened. My post seems to have at least accomplished that much.
This is their board, not mine, so I’m certainly not going to tell the admins (is there more than just Jerry?) how to run their site. As a user, though, I hope they do more than just shrug it off as something that could have been caused by some other site (possible, but not likely, I think). A lot of users around here have had problems with malware from this site, and I’m not quite convinced they’ve gotten to the roots of all of it yet.
I had updated firefox earlier on that machine, but had to fall back to the older version due to problems.
Yes, malware has hit this site. And countless other respectable sites out there as well. But it’s not true that every time an SDMB user picks up malware that it came from this site. In your case, there’s a 99.9% chance that you didn’t pick it up here since the ad was never loaded on your machine (Charter Member status); or, had you been browsing anonymously, AdBlock would have taken care of it. Add both of those to what you said earlier about not even seeing an ad, and I’m not sure why you still think it came from here. Everything you’ve said indicates the malware’s origin was somewhere else.
So, I suppose I’m still confused about what you expect them to do about malware that wasn’t (likely) served up here. Or, without any evidence or hints (screenshot, name of ad, etc…), how can they narrow down which ad is the villain?
I know you say you’re not a systems admin, but I am a systems engineer, and I know that the SDMB is reliant upon the broker to properly scan and catch ads with malicious code before they’re served out. The SDMB can jump ship to another known broker, but who? They’re all having the same problem with malware ads being slipped in. Google appears to be doing somewhat better these days, but if an Internet juggernaut with seemingly unlimited funds can’t eliminate the problem, what can a message board financially reliant on ads do differently and still survive?
Again, no snark intended with my questions. It just reads as if you expect the board to fix a problem that is plaguing the industry and has been for the past few years. I understand that desire, but I do think it’s an unfair expectation.
Update firefox.
Your failure to secure your machine is not this site’s problem. Malware doesn’t necessarily manifest itself immediately. You are naive and your browsing is clearly not secure because you’re running an outdated version of firefox.
While I don’t use Firefox, and I’m barely computer literate, I notice in the real world that many, many people are unhappy with the latest version of Firefox, with many problems.
I’m not convinced an ad was the villain this time. There was no ad being displayed (a screenshot wouldn’t have helped even if I had been able to get one).
I’m fairly sure it didn’t come from the SDMB server itself or a lot of other people here would be unhappy. The best explanation I’ve been able to come up with is that it came from one of the many off-site scripts that executes even when charter members view this site. My second best theory is basically what Jerry said (or at least what TubaDiva said Jerry said upthread), which is that I picked it up somewhere else and it had a delay before it decided to rear its ugly head. That’s possible, I suppose, but most malware of this type does whatever it’s going to do right away. I don’t think this is what happened, but I do admit it’s possible.
As for what I expect them to do, I don’t expect or demand that they do anything. It’s not my place to tell them how to run their system here. I’ve given them my opinion and some suggestions. The admins here are free to do what they want with that. Personally I think it would be a good idea if they took a look at all of the off-site scripts that execute even for charter members. Beyond that, I don’t have much to suggest. I wasn’t able to capture any useful data, so at this point there’s not much to go on. I wish I had more data to give them, but I don’t.
As I said twice before, the latest firefox didn’t work on that machine.
I suppose if you can’t use your browser to surf the web then you can’t catch malware from the web. So I guess it would work to stop malware. 
Seriously, that wasn’t a very helpful comment.
Your choices, if you truly are as web-savvy and safe as you claim to be, are 1) install a secure browser, 2) stop browsing or 3) fail to be surprised when your outdated browser with outdated antiviral defenses contracts a virus.
I use firefox myself, and I too have been displeased with many of the changes they made in v4. I didn’t roll back to a previous version though, because I value my computer’s security higher than convenience. Unfortunately, that’s the trade-off you made when you decided to go back, and I don’t see why you’re blaming the SDMB for it. Especially without ANY evidence that your infection originated here.