"Required update" malware redirection
July 13th, 2014, 08:41 AM
#1
Telecom Guru
Thread Starter
Join Date: Aug 2009
Location: Oklahoma City, OK
Posts: 172
"Required update" malware redirection
When I loaded CO just a minute ago, I was redirected to a page saying "Update Required" and telling me "Java is required to view this page".
THIS IS AN ATTEMPT TO PUSH MALWARE!!! YOU NEED TO DO SOMETHING ABOUT IT IMMEDIATELY.
Anyone who sees this page should click Back and then click Leave This Page. DO NOT install anything as prompted by this page! It will be disguised to look like a Google Chrome or Java update site, but is is NOT. We checked this at work in our InfoSec sandbox and confirmed it installs a trojan.
If you have accepted any updates from this site, run a malware scan immediately!
THIS IS AN ATTEMPT TO PUSH MALWARE!!! YOU NEED TO DO SOMETHING ABOUT IT IMMEDIATELY.
Anyone who sees this page should click Back and then click Leave This Page. DO NOT install anything as prompted by this page! It will be disguised to look like a Google Chrome or Java update site, but is is NOT. We checked this at work in our InfoSec sandbox and confirmed it installs a trojan.
If you have accepted any updates from this site, run a malware scan immediately!
July 13th, 2014, 09:18 AM
#2
Registered User
Join Date: Feb 2008
Location: Plano, TX
Posts: 11,798
Sorry to hear - this sounds 99.9999% like a bad ad to me. I never got any forced update requests here, but I am running firefox with adblock.
Are you running any ad blockers?
Yes, the admins should look into this, as ads are probably not well screened before they are allowed here.
I have seen other ads that trick people into doing things they shouldn't, or even just taking control of their system. Sad indeed...
Are you running any ad blockers?
Yes, the admins should look into this, as ads are probably not well screened before they are allowed here.
I have seen other ads that trick people into doing things they shouldn't, or even just taking control of their system. Sad indeed...
July 13th, 2014, 11:22 AM
#3
Telecom Guru
Thread Starter
Join Date: Aug 2009
Location: Oklahoma City, OK
Posts: 172
Yes, you are correct. And no, I don't run an ad blocker. The problem with this one is it tells the user they have to accept an "update" in order to view the web site. Less savvy users will think they have to do it if they want to get to CO.
July 13th, 2014, 02:37 PM
#4
Administrator
Join Date: Oct 2009
Location: Poteau, Ok
Posts: 40,524
This site does a pretty decent job of policing for malware, however your correct and people need to be educated on what not to click on. It seems more and more malware is being transferred by ads saying something is not up to date, I see a lot of random ads that are suggesting a media player update is required on other sites.
July 15th, 2014, 02:48 PM
#5
IB Staff
Join Date: Dec 2013
Location: The Interweb
Posts: 78
Hi folks.
For right now it seems to be isolated to a few users, and some of the links seem to be malware infections on the user-end.
http://malwaretips.com/blogs/lpmxp2-com-virus/
If the links forcing redirects contain "lpmxp" in the URL, please click the above link and do a quick read.
It'll also help to run a virus/malware scan on your computer.
Our tech & advertising guys are investigating this issue (as we're getting reports from multiple sites), but on our end nothing has been compromised--which points to either small glitches in our advertising or malware/adware issues on the users.
Any additional information (specific pages where this is occurring, frequency, screenshots) would be helpful!
For right now it seems to be isolated to a few users, and some of the links seem to be malware infections on the user-end.
http://malwaretips.com/blogs/lpmxp2-com-virus/
If the links forcing redirects contain "lpmxp" in the URL, please click the above link and do a quick read.
It'll also help to run a virus/malware scan on your computer.
Our tech & advertising guys are investigating this issue (as we're getting reports from multiple sites), but on our end nothing has been compromised--which points to either small glitches in our advertising or malware/adware issues on the users.
Any additional information (specific pages where this is occurring, frequency, screenshots) would be helpful!
July 23rd, 2014, 08:41 AM
#7
Registered User
Join Date: Nov 2010
Location: Milwaukee, Wisconsin
Posts: 305
Just happened to me again......when trying to view the homepage. Sorry no screenshot though!! Also it'll happen for me on my home pc and on the laptop at work. Seems to be totally random what your looking at too.
July 24th, 2014, 06:38 AM
#9
Olds Fever
Join Date: May 2011
Location: New York (Upstate)
Posts: 4,441
This happens to me as well a lot.... BUT only on the CO site.... I just simply close those windows and then continue, and if the window won't close I will either back out or end task and then continue..........
July 29th, 2014, 01:18 PM
#10
Telecom Guru
Thread Starter
Join Date: Aug 2009
Location: Oklahoma City, OK
Posts: 172
IB Jose I can assure you it is not a malware infection on my end, but way to try and deflect responsibility. The exact same thing happens on the Third Gen Camaro forum and a couple other IB sites that escape my memory.
I just got a Java one this time. It redirects to a completely different page that for all the world looks like the real Java web site. It states "This site requires Java. We recommend you install it."
Funny thing about that - I have Java installed. It's integral to the contact center software I support. I hope your engineers really are following up on it because SOMETHING is hijacking your sites and sending some percentage of users to these fake software download pages. Another one looks like a Google-owned site.
My great concern is that uninitiated people, like my 89 year old father who does indeed surf the 'net, won't know any better and will download this stuff. Do not try to transfer the responsibility to the user. You have an obligation to determine why this is happening and stop it.
I'll do your job for you and try to reproduce the issue and post screens.
I just got a Java one this time. It redirects to a completely different page that for all the world looks like the real Java web site. It states "This site requires Java. We recommend you install it."
Funny thing about that - I have Java installed. It's integral to the contact center software I support. I hope your engineers really are following up on it because SOMETHING is hijacking your sites and sending some percentage of users to these fake software download pages. Another one looks like a Google-owned site.
My great concern is that uninitiated people, like my 89 year old father who does indeed surf the 'net, won't know any better and will download this stuff. Do not try to transfer the responsibility to the user. You have an obligation to determine why this is happening and stop it.
I'll do your job for you and try to reproduce the issue and post screens.
July 31st, 2014, 09:54 AM
#13
IB Staff
Join Date: Dec 2013
Location: The Interweb
Posts: 78
IB Jose I can assure you it is not a malware infection on my end, but way to try and deflect responsibility. The exact same thing happens on the Third Gen Camaro forum and a couple other IB sites that escape my memory.
I just got a Java one this time. It redirects to a completely different page that for all the world looks like the real Java web site. It states "This site requires Java. We recommend you install it."
Funny thing about that - I have Java installed. It's integral to the contact center software I support. I hope your engineers really are following up on it because SOMETHING is hijacking your sites and sending some percentage of users to these fake software download pages. Another one looks like a Google-owned site.
My great concern is that uninitiated people, like my 89 year old father who does indeed surf the 'net, won't know any better and will download this stuff. Do not try to transfer the responsibility to the user. You have an obligation to determine why this is happening and stop it.
I'll do your job for you and try to reproduce the issue and post screens.
I just got a Java one this time. It redirects to a completely different page that for all the world looks like the real Java web site. It states "This site requires Java. We recommend you install it."
Funny thing about that - I have Java installed. It's integral to the contact center software I support. I hope your engineers really are following up on it because SOMETHING is hijacking your sites and sending some percentage of users to these fake software download pages. Another one looks like a Google-owned site.
My great concern is that uninitiated people, like my 89 year old father who does indeed surf the 'net, won't know any better and will download this stuff. Do not try to transfer the responsibility to the user. You have an obligation to determine why this is happening and stop it.
I'll do your job for you and try to reproduce the issue and post screens.
I didn't intend to come off as skirting responsibility, and I do apologize if it did. I offered the URL as one viable solution as one of the redirects that a some users were experiencing was based off a hosts file line item. We're fully aware of the issue (and so are our engineers), and we are working to gather all the information to solve the problem.
It's been a slow process as we do have to ask users to grab the offending originating code by digging through the source code and/or inspecting ad elements, as the malware is served sporadically. We are making some headway on other sites with gathering information, so I hope our engineers can rig up a solution.
It is very worrisome and frustrating for us, and despite appearances (since they're still happening) we are reporting the issues to our tech and advertising teams and coordinating with our moderators and admins on all sites to clamp it down as soon as we can.
August 20th, 2014, 10:13 AM
#14
Registered User
Join Date: Mar 2012
Location: Dallas, Texas
Posts: 486
Don't click on java update!!
So what's being done about this problem? It happened to me yesterday and again today, always saying Required Java update.
It really has me worried about coming to this site much anymore. I can see a new member hitting the update button, not knowing and ruining their computer. This really should be fixed.
It really has me worried about coming to this site much anymore. I can see a new member hitting the update button, not knowing and ruining their computer. This really should be fixed.
August 20th, 2014, 05:46 PM
#15
Registered User
Join Date: Feb 2008
Location: Plano, TX
Posts: 11,798
This particular ad and domain should really be removed or at least suspended until it can be checked out by IB.
I have learned that just because someone purchases adspace here, it does not mean that the ad will not be free from bad intention.
Last week I had my credit card charged with 800 bucks worth of airpush mobile phone ads and I had used the card at one of the big retailers that were hacked. So those ads bought with stolen cards will most likely be used for bad intentions.
Luckily I had the charge dropped and card reissued asap.
Use adblock whenever possible to eliminate ads cause you cannot tell the legit from malware these days.
I have learned that just because someone purchases adspace here, it does not mean that the ad will not be free from bad intention.
Last week I had my credit card charged with 800 bucks worth of airpush mobile phone ads and I had used the card at one of the big retailers that were hacked. So those ads bought with stolen cards will most likely be used for bad intentions.
Luckily I had the charge dropped and card reissued asap.
Use adblock whenever possible to eliminate ads cause you cannot tell the legit from malware these days.
Thread
Thread Starter
Forum
Replies
Last Post
81 regency
Parts For Sale
0
April 21st, 2011 06:18 PM
