Smidge204
Posts: 940
Joined: Wed Nov 24, 2010 1:42 pm

Re: malicious software on this site

Tue Jan 15, 2013 1:01 pm

garsh wrote:
Smidge204 wrote:I've had this happen to me before, so what I'd like to recommend is that whomever has FTP access to the files for the site check them over carefully...
The Google site report states that the malicious code is coming from adsbyisocket.com. Google did not detect infected files actually hosted on this website.
As I said, the same thing happened to me (though it wasn't adsbyisocket.com). The code embeded in my site was itself not malicious, but loaded malicious content from other sites to expose my visitors to it.

The question is really if MNL knowingly and deliberately loads content from adsbyisocket.com. If not then there is a lot of cleanup to do, if so then stop loading that content until it's cleaned up (and check the local files just in case!)
=Smidge=

TEG
Posts: 1388
Joined: Thu Jun 10, 2010 8:43 pm

Re: malicious software on this site

Tue Jan 15, 2013 1:39 pm

Still happening...
Image

TEG
Posts: 1388
Joined: Thu Jun 10, 2010 8:43 pm

Re: malicious software on this site

Tue Jan 15, 2013 1:41 pm

http://thenextweb.com/google/2013/01/15 ... ac-others/" onclick="window.open(this.href);return false;

adric22
Posts: 2488
Joined: Fri Apr 23, 2010 2:40 pm
Delivery Date: 05 Apr 2011
Leaf Number: 000768
Location: Fort Worth, TX

Re: malicious software on this site

Tue Jan 15, 2013 1:47 pm

Yep.. Chrome was blocking me too. Had to hit "advanced" and "proceed at your own risk"

I have all of my flash, java, and PDF disabled.. so I should be safe.
2013 Blue Nissan Leaf SV
2012 Summit White Chevy Volt

User avatar
vrwl
Forum Supporter
Posts: 846
Joined: Tue May 15, 2012 2:16 pm
Delivery Date: 26 Jun 2012
Leaf Number: 8597
Location: Northeastern PA/Poconos

Re: malicious software on this site

Tue Jan 15, 2013 2:17 pm

Related question: If we are supporters and we don't see the "ads" being served on the pages, are we safe? Or should we still stay away until Google revises it's information about this site?
Vicki
2011 Silver SL-Mfg 8/11-Purch 6/12
34000 miles

GaslessInSeattle
Posts: 1566
Joined: Fri May 06, 2011 2:15 pm
Delivery Date: 29 Apr 2011
Leaf Number: 850

Re: malicious software on this site

Tue Jan 15, 2013 3:58 pm

me too!
TomT wrote:I'm still getting the warning from Firefox...
mirko wrote:Google Chrome is now warning me that there is malicious software on this site. below is the diagnostics from Chrome.
Gasless: Silver 2012 SL, traded in for Lease on 1/13
Tesla S P85, Gray, pano, carbon fiber, took delivery: 2-9-13... LOVE this car!
9.8 kW PV Solar installed 9/12, http://www.westseattlenaturalenergy.com" onclick="window.open(this.href);return false;

User avatar
wxxyz
Posts: 452
Joined: Mon Aug 03, 2009 10:08 pm

Re: malicious software on this site

Tue Jan 15, 2013 4:03 pm

Smidge204 wrote:The question is really if MNL knowingly and deliberately loads content from adsbyisocket.com. If not then there is a lot of cleanup to do, if so then stop loading that content until it's cleaned up (and check the local files just in case!)
=Smidge=

Yes we do deliberately load content from adsbyisocket.

The ad code has been disabled and we have requested the site be reviewed by google. That can take up to 24-48 hours. In the words of the CEO of iSocket from an article linked in a different post in this thread:
"So far we have zero indications of malware actually being distributed by our ad server, and zero traces of any breaches to our industry-standard security," isocket Founder & CEO John Ramey told TNW in a statement. "We are vigorously investigating what the issue may have been and trying to get our publishers back online. It’d be nice if Google was as quick to fix a false positive as they were to cripple good businesses."

User avatar
vrwl
Forum Supporter
Posts: 846
Joined: Tue May 15, 2012 2:16 pm
Delivery Date: 26 Jun 2012
Leaf Number: 8597
Location: Northeastern PA/Poconos

Re: malicious software on this site

Tue Jan 15, 2013 5:33 pm

My computer did catch a malware file at 3:15pm CST this afternoon when I bypassed the warnings and went ahead and came onto the site. It was a Java file, but I didn't write down the name of it before I had the quarantined file removed.
Vicki
2011 Silver SL-Mfg 8/11-Purch 6/12
34000 miles

Joeviocoe
Posts: 74
Joined: Wed Jun 23, 2010 6:27 pm
Contact: Website

Re: Early Capacity Losses-Was(Lost a bar...down to 11)

Tue Jan 15, 2013 5:41 pm

WARNING!!!

My Win7 Google Chrome and my ChromeOS Chromium both are detecting malicious code on this site. This is not a spam message, I've commented several times on this thread regarding the battery problems with the Leaf, and have made the google spreadsheet with the map. Anyway, I am commenting via a Virtual Machine running ChromeOS to be safe. But the webmasters must be made aware. Sooooo... if your browser hasn't blocked this site page... then update to the latest version please. Thanks.

UPDATE.... all is well again
Last edited by Joeviocoe on Tue Jan 15, 2013 8:23 pm, edited 1 time in total.

mirko
Posts: 131
Joined: Thu Apr 19, 2012 6:26 pm
Delivery Date: 22 Apr 2012
Leaf Number: 18088
Location: Jupiter, FL

Re: malicious software on this site

Tue Jan 15, 2013 6:02 pm

vrwl wrote:My computer did catch a malware file at 3:15pm CST this afternoon when I bypassed the warnings and went ahead and came onto the site. It was a Java file, but I didn't write down the name of it before I had the quarantined file removed.
Since it looks like it may have been Java, I wonder if it has to do with this Tech Alert from Homeland Security...

http://www.us-cert.gov/cas/techalerts/TA13-010A.html
Alert (TA13-010A)
Oracle Java 7 Security Manager Bypass Vulnerability

Overview
A vulnerability in the way Java 7 restricts the permissions of Java applets could allow an attacker to execute arbitrary commands on a vulnerable system.

Description
A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack).
Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors.
Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available.
Further technical details are available in Vulnerability Note VU#625617.

Solution
Update Java
Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11 (7u11) addresses this (CVE-2013-0422) and a different but equally severe vulnerability (CVE-2012-3174).
Java 7 Update 11 sets the default Java security settings to "High" so that users will be prompted before running unsigned or self-signed Java applets.
-=mirko=-
2012 Nissan LEAF SL Glacier Pearl

Return to “Website/Forum Discussions”