Saverocity Virus?

[MarkD]

I don't want to "cry wolf" but I just had a virus pop up when browsing Saverocity. I thought it was important to get this out there quickly.

The Saverocity forums page turned to a upgrade Java page with a bogus link. DO NOT click the link! It could also be related to the Flash based ads running on the edge of the screen. Make sure your Flash version is up to date as well as there are numerous security issues to be exploited.

I'm currently running a full anti-virus scan on my PC and typing this from my iPhone. It definitely could be just my PC and nothing to do with Saverocity but just in case...

I will update this thread later after the scan completes.

 

[Matt]

I don't want to "cry wolf" but I just had a virus pop up when browsing Saverocity. I thought it was important to get this out there quickly.

The Saverocity forums page turned to a upgrade Java page with a bogus link. DO NOT click the link! It could also be related to the Flash based ads running on the edge of the screen. Make sure your Flash version is up to date as well as there are numerous security issues to be exploited.

I'm currently running a full anti-virus scan on my PC and typing this from my iPhone. It definitely could be just my PC and nothing to do with Saverocity but just in case...

I will update this thread later after the scan completes.

Thanks for pointing it out- I'll check on my side too.

This happened today?


I turned off my ad partner last night as I noticed they were autoplaying videos - a reader mentioned it and I cut the ads out after seeing it myself.

It's now adsense, which shouldn't be an issue.

I'm not sure if it's related to this Java issue but I'll have it looked into.

 

[MarkD]

Yes

Thanks for pointing it out- I'll check on my side too.

This happened today?

Just about 15 minutes ago

 

[Matt]

Looking into it. Anyone else see it?

 

[midnightinharlem]

I haven't seen anything abnormal. Mac running Google Chrome. MarkD, are you using any extensions? Which web browser?

 

[raenye]

I've had this too on other websites in the last couple of days.
Almost sure it's ad related (i.e., someone using an ad network to distribute this).
Other versions want to update your browser or your flash.

The domains involved were registered 30 Oct 2014
javaupdatesnow dot com
flashplayerupdates dot com
flashplayerdown dot com

 

[MarkD]

I'm using Chrome version 38.0.2125.111.

My anti-virus scan came back clean.

I agree with @raenye . I saw a reference to flashplayer very quickly before the Java update page took over.

 

[MarkD]

I haven't seen anything abnormal. Mac running Google Chrome. MarkD, are you using any extensions? Which web browser?

Chrome and the only extension I've enabled is AwardWallet.

I've got Kaspersky Anti-virus installed which added some extensions but I haven't enabled them.

 

[Matt]

I'm confused about where it could come from, I've got my sysadmin checking into it to see if it is from us.

The ads on previously were from a broader network than adsense which might be more susceptible to such exploits, but if it happened today and came through an ad it would be adsense which is strange indeed.

 

[MarkD]

I just clicked on the little arrow in the top right corner of an ad. This is what I see for a Lexus Sacramento ad:



How does AdSense determine what providers to use?

 

[Matt]

It's a bidding system, there will be third parties, but adsense has the tightest regulations of the servers I've seen.

 

[MarkD]

I googled the websites mentioned by @raenye above and one site that experienced this thinks they isolated the redirects to this provider below (reference URL here):

ads.intergi.com/addyn/3.0/5205/1260919/0/170/ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=\[group\];misc=1414791024574

If you contact AdSense that is who you should mention.

 

[MarkD]

Here is some information on Adobe Flash.

Check your version installed here: https://www.adobe.com/software/flash/about/

PlatformBrowserPlayer version
WindowsInternet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins)15.0.0.189
Internet Explorer (Windows 8)15.0.0.189
Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers)15.0.0.189
Chrome (Pepper-based Flash Player)15.0.0.189
Macintosh
OS XFirefox, Opera, Safari15.0.0.189
Chrome (Pepper-based Flash Player)15.0.0.189
LinuxMozilla, Firefox, SeaMonkey (Flash Player 11.2 is the last supported Flash Player version for Linux. Adobe will continue to provide security updates.)11.2.202.411
Chrome (Pepper-based Flash Player)15.0.0.189
SolarisFlash Player 11.2.202.223 is the last supported Flash Player version for Solaris.11.2.202.223