snopes.com  

Go Back   snopes.com > About This Site > Technical Questions

Reply
 
Thread Tools Display Modes
  #1  
Old 25 May 2014, 09:55 AM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 25,075
Default Dodgy fake Firefox redirect with video update warning (from an advert?)

I've had this redirect several times over the course of a week or so - most recently when clicking the "shooting rampage" thread, but it's not always the same thread and it's not consistently redirecting from any given thread.

I am using Firefox, and it's pretending to be Firefox, but clearly isn't:



Possibly some dodgy script sneaking in on an advert?
Reply With Quote
  #2  
Old 27 May 2014, 08:28 PM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 25,075
Default

Here's another one - also from the "shooting rampage" thread, but a different URL and claiming to be something to do with Java:



I'm getting these fairly frequently on two different machines... am I the only person who's seen them? It looks a fairly serious security issue to me...
Reply With Quote
  #3  
Old 27 May 2014, 08:35 PM
jimmy101_again jimmy101_again is offline
 
Join Date: 29 December 2005
Location: Greenwood, IN
Posts: 6,472
Default

I've not seen either of those here on snopes. Perhaps you picked up a virus and it is throwing those pages at random?
Reply With Quote
  #4  
Old 27 May 2014, 08:42 PM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 25,075
Default

No - two different machines, and it only happens on links to threads on this board. My virus software is up-to-date and no reported problems. (I'm running a full scan now to make sure).
Reply With Quote
  #5  
Old 27 May 2014, 09:08 PM
jimmy101_again jimmy101_again is offline
 
Join Date: 29 December 2005
Location: Greenwood, IN
Posts: 6,472
Default

Figure 99% chance it is your computer(s) and 1% chance it is actually snopes.

Might be time to clear your cache, cookies and autofill for messages.snopes.com. Also check your plugins list for ones you don't recognize.


hijack-- (of the thread, not your browser )
Anyone else notice that since Google redid their search algorithms last summer the quality of the results has significantly decreased? Searching for things like "outdated java plugin hijack" in google now returns almost nothing but crappy web sites like ask.com or anvisoft.com. Often those pages are auto-generated pages that don't really contain any useful information. Or, they want you to download software (of dubious reliability).
Reply With Quote
  #6  
Old 27 May 2014, 09:39 PM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 25,075
Default

Personally I'd say the reverse, since it's rather unlikely that exactly the same issue, which only manifests itself as a redirect when clicking threads on the board (what would "autofill suggest" have to do with that? I'm not typing the links by hand), would manifest itself at the same time on two unrelated computers, both of which have good independent virus protection (different systems), and neither of which has shown any other symptoms or problems, but still... that's why I posted here to see whether others had seen it.
Reply With Quote
  #7  
Old 28 May 2014, 08:47 PM
jimmy101_again jimmy101_again is offline
 
Join Date: 29 December 2005
Location: Greenwood, IN
Posts: 6,472
Default

Still though, the common thing between your two reports is you, and others are not, apparently, seeing those pages.

Maybe the virus is in you and not your computers.
Reply With Quote
  #8  
Old 28 May 2014, 09:55 PM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 25,075
Default

Maybe, especially as nobody else has apparently seen it!

But I did a full virus scan, cleared all the caches on both machines and I'm still seeing it - mostly only on the one thread, as well (Shooting rampage that killed 7 near UCSB planned, authorities say)... I said in my first post that I'd seen it on other threads, but I'm not sure about that now. Since I posted that, the shooting rampage thread is the only one I've seen trigger it. Not every time I look at the thread, but each time it's happened, it's when I've been trying to open, reply to or change pages on that thread.
Reply With Quote
  #9  
Old 28 May 2014, 10:09 PM
ganzfeld's Avatar
ganzfeld ganzfeld is offline
 
Join Date: 05 September 2005
Location: Kyoto, Japan
Posts: 22,861
Default

I tried to replicate but couldn't. I don't think it's 99% your end. I think probably more like 5% yours 95% the boards since this has happened with ads many times before and if you had that particular adware/malware you'd probably know it in other ways in addition to catching it on the scan. Problem is, though, the ads are becoming more and more targeted (I get ads for Japan) so it's going to be hard to find out by which route it's coming. If I were you, I would consider running with JavaScript off at least for the time being just so you don't inadvertently click one of those.
Reply With Quote
  #10  
Old 29 May 2014, 06:01 PM
jimmy101_again jimmy101_again is offline
 
Join Date: 29 December 2005
Location: Greenwood, IN
Posts: 6,472
Default

You cleared your cache but you also might try clearing your browser's cookies and history.
Reply With Quote
  #11  
Old 29 May 2014, 06:29 PM
overyonder overyonder is offline
 
Join Date: 03 March 2010
Location: Charlotte, NC
Posts: 2,003
Default

Based upon the website it wants you to go to, and the error messages, it appears that you have the "lpcloudbox329.com" virus.

The manual removal method from this website appears safe to me. No guarantees on my part though.

OY
Reply With Quote
  #12  
Old 29 May 2014, 06:57 PM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 25,075
Default

Quote:
Originally Posted by jimmy101_again View Post
You cleared your cache but you also might try clearing your browser's cookies and history.
I did...

I'm fairly sure I've not got a virus. I ran a full virus scan a couple of days ago, and this has affected apparently only a single thread on this board and no other sites, on two different machines at the same time - both of which have current (but different) virus protection, and neither of which have shown any other symptoms.

But I just checked the Firefox add-ins and there's no sign of the cloudbox add-in, or anything else that I wouldn't expect to be there. I can't see any dodgy-looking processes running in Task Manager either - although it's always hard to tell these days...
Reply With Quote
  #13  
Old 30 May 2014, 12:46 AM
ganzfeld's Avatar
ganzfeld ganzfeld is offline
 
Join Date: 05 September 2005
Location: Kyoto, Japan
Posts: 22,861
Icon05

Why would the virus be prompting you to click to update anyway? That's how the virus gets in. Once it's in there's no reason for it to hijack ads. I didn't see where you said you clicked on one of the dodgy ads so I'm a bit confused as to why people think you have a virus.
Reply With Quote
  #14  
Old 30 May 2014, 01:03 AM
GaryM's Avatar
GaryM GaryM is offline
 
Join Date: 08 July 2011
Location: Dundee, UK
Posts: 752
Default

I used to see that Java one quite often, and on a few different websites. Did all the usual virus scans, browser clearing etc. but I kept seeing it. Recently though, my anti-virus (Avast!) has started popping up a message saying that it has blocked a malicious file, and I no longer see those dodgy Java pages.
Reply With Quote
  #15  
Old 30 May 2014, 05:41 AM
Dancer's Avatar
Dancer Dancer is offline
 
Join Date: 18 September 2005
Location: Ontario
Posts: 689
Default

I have had the same things pop up. I use Chrome and the security settings in Chrome blocked the attempted download to my computer. I also had the Java screen pop up the same as shown in this thread. While I may not have been on the shooting page, it was open and in the background (on a different tab in Chrome.)

Nothing since my last reboot about five hours or so ago. I was actively engaged in a different message board on a MLB team's web site. Snopes message board and facebook were both open in different tabs when these screens popped up.

I am not sure if this helps but at least you are not alone in this Richard.
Reply With Quote
  #16  
Old 30 May 2014, 07:38 AM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 25,075
Default

Thanks, I knew I couldn't have been the only person to see it!

I'm not sure exactly what can be done about it (other than turn off javascript on our end, as ganzfeld suggests) since it's probably a scripting thing in an advert, and I guess there's not much control on snopes's end over how those are displayed... besides, as long as nobody is fooled by it and clicks, it's only a minor annoyance.

I've not seen any attack warnings or malicious file download warnings associated with it.
Reply With Quote
  #17  
Old 30 May 2014, 04:40 PM
GaryM's Avatar
GaryM GaryM is offline
 
Join Date: 08 July 2011
Location: Dundee, UK
Posts: 752
Default

Was just browsing the Snopes board and my anti-virus reported that it had blocked a suspicious file from hxxp://91.218.115.42/ukgbb.php?inh=8412
Reply With Quote
  #18  
Old 30 May 2014, 07:53 PM
jimmy101_again jimmy101_again is offline
 
Join Date: 29 December 2005
Location: Greenwood, IN
Posts: 6,472
Default

Quote:
Originally Posted by ganzfeld View Post
Why would the virus be prompting you to click to update anyway? That's how the virus gets in. Once it's in there's no reason for it to hijack ads. I didn't see where you said you clicked on one of the dodgy ads so I'm a bit confused as to why people think you have a virus.
In order for a popup to overlay the main screen requires some dodgy coding. Often that coding is in a virus. So you can have a virus, and it is the virus that allows that particular popup's behavior. Similar to browser hijacks in which suddenly you can't get to Google, or to virus/malware removal sites. They can be pretty hard to get rid of and they are not always detected by good antivirus/antimalware programs.
Reply With Quote
  #19  
Old 30 May 2014, 08:04 PM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 25,075
Default

No, often that code is in a piece of script that's been injected into the web page somewhere. (In this case, most likely in an advert). To me, "a virus" implies something that's installed and running as an independent process on my machine - not something that's on the web page and running in the browser as long as I look at that page.

Maybe we mean different things by "a virus", but you did say that you thought my machine might have a virus, whereas in my terms it's the web page that has "a virus" (and it's not a virus).
Reply With Quote
  #20  
Old 30 May 2014, 08:21 PM
jimmy101_again jimmy101_again is offline
 
Join Date: 29 December 2005
Location: Greenwood, IN
Posts: 6,472
Default

Sometime the two things (web page with code and a resident virus or hijack) are working together. You can close the web page but the hijack/virus/malware is still present and will show up again.

Or, a browser hijack will redirect to a web page that attempts to install a virus or other malware.

A browser hijack looks like it is coming from outside but is actually 100% resident on your computer. Antimalware software often doesn't detect browser hijacks.

Edit: But I think you are probably right, this particular thing is some dodgy web page code that has slipped into some companies add stream and is being propagated to snopes.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
"Think About This" safety video (warning: depictions of workplace injuries) Jenn Fauxtography 15 20 March 2011 07:31 PM
Fake Michael Jackson video Ulkomaalainen Fauxtography 4 31 August 2009 07:38 PM
Bin Laden video fake? 0b1knob Fauxtography 15 11 September 2007 12:56 PM
Fake flat tire pullover crooks warning snopes Inboxer Rebellion 11 03 June 2007 09:20 PM


All times are GMT. The time now is 06:25 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.