seems some ad server has got maleware in it delivering it to the site, asking for a plug-in install containing trojans.
it's not the first time AT has had issues since they moved into VB,
yet they're aware of it and working to solve it,
good luck over there guys.
Last edited by onex; 03-27-2010 at 02:53 PM.
Ow...
I'm sure it will be sorted ASAP, though.
Just glad I've read their Fermi review earlier today, just in time before the crisis!
Donate to XS forumsOriginally Posted by jayhall0315
I love coincidental timing. This was the first place I went to the moment I also received a warning that Anand might upload a trojan to me to get my Fermi review fix
Went to anand via chrome and got message that its not safe, had the little WTF?! moment, then entered.
Figures
Member of XS WCG since 2006-11-25
So its your computer that sent me 250 viagra spam emails today?!Went to anand via chrome and got message that its not safe, had the little WTF?! moment, then entered.
Figures
Just kidding.
Donate to XS forums
Lol, had an unsafe warning as well, but I just entered regardless. I'm not that stupid to randomly install addons/plugins
Only 250? have to give the little critters access to bit more BW i guessSo its your computer that sent me 250 viagra spam emails today?!
Just kidding.
Member of XS WCG since 2006-11-25
Except that you don't even need to accept anything to get infected through certain types of vulnerabilities. Do you run noscript? If not, or if you have it whitelisted for that site, chances are you can get hit by an attack without even realizing it. It doesn't matter what IQ you have or how many AV softwares you run, it can and will still happen.Lol, had an unsafe warning as well, but I just entered regardless. I'm not that stupid to randomly install addons/plugins
Welcome to the internet.
Yeah I got the same message while trying to see the Fermi review again this morning. Good thing I had already read it last night.
I dunno... I think a DFI board is more like marriage... demanding, time consuming, and a PITA but rewarding in it's own twisted way.
3rd party ads got hacked actually, not Anandtech per say.
Anand speaketh.
http://forums.anandtech.com/showpost...4&postcount=51
Gigabyte X58A-UD3R | i7 930 @ 4 GHz | Corsair H50
G.Skill RipJaws 4x2 GB @ DDR3-1600 7-7-6-24-1N | HIS Radeon HD 5870
3x Intel X25-M 80 GB RAID-0; OCZ Agility 120 GB | Samsung SH-S243D
Corsair HX1000 | Dell 3007WFP & Samsung 204T | 7 Ultimate x64
Already ran a scan. Didn't get infected
Adblock plus blocked the infected ads. I love that addon
Last edited by Musho; 03-27-2010 at 11:04 AM.
Im clean, seems like adblock saved me aswell.
Member of XS WCG since 2006-11-25
This thread title is slightly misleading. I wouldn't really say that AnandTech got hacked, they were unknowingly serving evil ads. They're working to fix it though, if they haven't already fixed it.
"When in doubt, C-4!" -- Jamie Hyneman
Silverstone TJ-09 Case | Seasonic X-750 PSU | Intel Core i5 750 CPU | ASUS P7P55D PRO Mobo | OCZ 4GB DDR3 RAM | ATI Radeon 5850 GPU | Intel X-25M 80GB SSD | WD 2TB HDD | Windows 7 x64 | NEC EA23WMi 23" Monitor |Auzentech X-Fi Forte Soundcard | Creative T3 2.1 Speakers | AudioTechnica AD900 Headphone |
wow same here. last night reading fermi review clicked on 2nd page and got "not safe message". I didn't think anything about it at the time.Went to anand via chrome and got message that its not safe, had the little WTF?! moment, then entered.
Figures
yeah seen it,3rd party ads got hacked actually, not Anandtech per say.
Anand speaketh.
http://forums.anandtech.com/showpost...4&postcount=51
title would be changed.This thread title is slightly misleading. I wouldn't really say that AnandTech got hacked, they were unknowingly serving evil ads. They're working to fix it though, if they haven't already fixed it.
it sounds a bit like yellow gossip, it isn't the meaning.
![Send a message via AIM to [XC] Synthetickiller](images/misc/im_aim.gif)
![Send a message via Skype™ to [XC] Synthetickiller](images/misc/im_skype.gif)
So what exactly is the malware we have? I trusted the site & ads, although nothing popped up to install.
avg won't scan... hmmm... lol
You must [not] advance.
Current Rig: i7 4790k @ stock (**** TIM!) , Zotac GTX 1080 WC'd 2214mhz core / 5528mhz Mem, Asus z-97 Deluxe
Heatware
It attempts to install a spoof antivirus program called "antivirus soft" which is a trojan rehash of "antivirus live" auto installer. It blocks most run32dll executions with an error message and trys to get you to buy the software via pop-ups. It also will attempt a fake virus scan. If you really got something a "antivirus soft" virus scanner would pop up, and you would be unable to use most programs. IE would take you to their purchase page
[SIGPIC][/SIGPIC]Bring... bring the amber lamps.
I didn't see a thing when I visited them about two hours ago
Xtreme SUPERCOMPUTER
Nov 1 - Nov 8 Join Now!
Athlon64 3700+ KACAE 0605APAW @ 3455MHz 314x11 1.92v/Vapochill || Core 2 Duo E8500 Q807 @ 6060MHz 638x9.5 1.95v LN2 @ -120'c || Athlon64 FX-55 CABCE 0516WPMW @ 3916MHz 261x15 1.802v/LN2 @ -40c || DFI LP UT CFX3200-DR || DFI LP UT NF4 SLI-DR || DFI LP UT NF4 Ultra D || Sapphire X1950XT || 2x256MB Kingston HyperX BH-5 @ 290MHz 2-2-2-5 3.94v || 2x256MB G.Skill TCCD @ 350MHz 3-4-4-8 3.1v || 2x256MB Kingston HyperX BH-5 @ 294MHz 2-2-2-5 3.94v
So how does Google fit in this picture? You get the message even if you don't go through their search engine. How can Google control other sites?
Saw the warning earlier today, too. Hacked ad server really screwing with AT over there.
If you're going to use per se, spell it correctly at least.
It can't. Chrome actually always searches google, even if you enter the http address of the site.
Seems we made our greatest error when we named it at the start
for though we called it "Human Nature" - it was cancer of the heart
CPU: AMD X3 720BE@ 3,4Ghz
Cooler: Xigmatek S1283(Terrible mounting system for AM2/3)
Motherboard: Gigabyte 790FXT-UD5P(F4) RAM: 2x 2GB OCZ DDR3 1600Mhz Gold 8-8-8-24
GPU:HD5850 1GB
PSU: Seasonic M12D 750W Case: Coolermaster HAF932(aka Dusty
I have seen the exact same fake virus scan attempt while using IE on a couple of other sites, including trustedreviews.com and photographyblog.com. It is not there all the time, but pops up sometimes. I guess one of the tech ad-servers is infected.
It stops by ALF F4 if you are really fast, but one time I didn't see it and it could deliver a virus that MS security essential could catch and clean.
I'm not sure if anandtechis is compromised by the same virus, (and I don't want to go there to find out) , but it sounds similar.
Last edited by Sam_oslo; 03-27-2010 at 04:44 PM.
► ASUS P8P67 Deluxe (BIOS 1305)
► 2600K @4.5GHz 1.27v , 1 hour Prime
► Silver Arrow , push/pull
► 2x2GB Crucial 1066MHz CL7 ECC @1600MHz CL9 1.51v
► GTX560 GB OC @910/2400 0.987v
► Crucial C300 v006 64GB OS-disk + F3 1TB + 400MB RAMDisk
► CM Storm Scout + Corsair HX 1000W
+
► EVGA SR-2 , A50
► 2 x Xeon X5650 @3.86GHz(203x19) 1.20v
► Megahalem + Silver Arrow , push/pull
► 3x2GB Corsair XMS3 1600 CL7 + 3x4GB G.SKILL Trident 1600 CL7 = 18GB @1624 7-8-7-20 1.65v
► XFX GTX 295 @650/1200/1402
► Crucial C300 v006 64GB OS-disk + F3 1TB + 2GB RAMDisk
► SilverStone Fortress FT01 + Corsair AX 1200W
it's going through G servers when there is a request for the site.So how does Google fit in this picture? You get the message even if you don't go through their search engine. How can Google control other sites?
now have a look at what has happened during the last few hours.Of the 1101 pages we tested on the site over the past 90 days, 86 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-03-27, and the last time suspicious content was found on this site was on 2010-03-27.
after receiving suspicious information from the site, G analysis apparently emulate a series of test on different pages to get a view of the site's malicious behavior.
it probably goes over pages with background daemon searching for destructive code
E: sorry, missed earlier posts.
Last edited by onex; 03-27-2010 at 04:50 PM.
I use Firefox, but Ive seen screens like this when i follow links from a site.
Right click on Sanboxie -> Chrome -> Delete Contents.
I still don't know why everyone isn't using Sandboxie
Posting Permissions
Reply With Quote
Bookmarks