Thread Closed

Google Search PhysicsForums Virus Attack

 
Share Thread Thread Tools
Jun3-04, 04:27 PM   #1
(Q)
 

Google Search PhysicsForums Virus Attack

While searching a topic on Google, I ran across a link that lead to Physicsforums so I clicked the link.

The next thing I knew, my computer was under massive attack. Viruses were being delivered as anti-virus warning windows began popping up. Spybots and Malware were being delivered - found over 60 in one pass. Programs of some sort were being installed. My browser opening page was highjacked.

So, what happened? Why did a link leading to this forum get re-directed?
PhysOrg.com
PhysOrg		 science news on PhysOrg.com

>> King Richard III found in 'untidy lozenge-shaped grave'
>> Google Drive sports new view and scan enhancements
>> Researcher admits mistakes in stem cell study
Jun3-04, 04:37 PM   #2
 
Do you by any chance still have the original link from Google? I would email everything you have to chroot or Greg, just in case this is a problem with this site. I doubt it, though, and you can probably attribute what happened to spyware that was already installed on your computer.
Jun3-04, 05:03 PM   #3
 
that must have been scary
Jun3-04, 05:16 PM   #4
 

Google Search PhysicsForums Virus Attack

Quote by DarkAnt
that must have been scary
No, not scary at all, Web developers know well what problems they might be...
Jun3-04, 05:19 PM   #5
 
Quote by (Q)
While searching a topic on Google, I ran across a link that lead to Physicsforums so I clicked the link.

The next thing I knew, my computer was under massive attack. Viruses were being delivered as anti-virus warning windows began popping up. Spybots and Malware were being delivered - found over 60 in one pass. Programs of some sort were being installed. My browser opening page was highjacked.

So, what happened? Why did a link leading to this forum get re-directed?
Give me that link, I want to know how dangerous it really is..
Jun3-04, 06:21 PM   #6
 
Recognitions:
Retired Staff Staff Emeritus
Give me the link too. I'll believe it when I see it. The more likely senario being that you went to another, it openned a pop-under that you didn't see. Then you happened to go to click on a link to physicsforums when the pop-under initiated its attack against your computer.
Jun3-04, 06:24 PM   #7
(Q)
 
I went back in my history folder and found the link below:

www.physicsforums.com/archive/t-8466
Jun4-04, 07:12 AM   #8
 
Quote by (Q)
I went back in my history folder and found the link below:

www.physicsforums.com/archive/t-8466
Why didn't I see anything similar to what you said ??? (-.-)
I guess those viruses have found out other sources, so they have gone chase them, and left this thread alone, (there is also possibility that they are afraid of Pattielli--()) uhmm, it is internet though, there will never be anything so called statability, if viruses saw something strange/ irritative, they will choose other ways to run immediately, I addmit it is hard to catch them, and much harder if they are already well-trained (well-made) ones--again internet, it is internet ! yeah -- yeah --yeah!
Jun4-04, 08:34 AM   #9
 
Recognitions:
Retired Staff Staff Emeritus
You must have gotten it for somewhere else. Even though I'm in linux have popup blocking, I would have seen a little icon telling me it blocked something.
Jun4-04, 10:19 AM   #10
 
I'm with (Q) on this matter. Here's what I did;

1) Deleted all TIF files
2) Ran AdAware and removed all traces.
3) Clicked on that link provided by (Q).

Two popup windows and WMP opened.
Popup 1: Web Page Dialog for Westwood College Online.
Popup 2: Microsoft Internet Explorer for Gambling.com

So, I closed the player and killed the two popups, then hit the refresh button on my browser window;

Three popups, WMP, and an Install program dialog box appeared. Killed all instances and ran AdAware again. Seven instances were detected, all cookies. Here's the list;

@advertising[1].txt
@casalemedia[1].txt
@centrport[2].txt
@doubleclick[1].txt
@mediaplex[1].txt
@servedby.advertising[1].txt
@z1.adserver[1].txt

Also, in checking the TIF folder I found the following executables, two of which I'm fairly certain are adware related from having dealt with them in the past;

np1
np2
si1
si2
install026

In short, I have every reason to believe that link is buggy.
Jun4-04, 10:43 AM   #11
 
I used to visit codeguru where I got much more than these things, and whenever i run adware, i see them even in my registry.
By the way, after glancing at what you posted, I would highly recommend not to accept third-party cookies, then turn on the ad-block function available in your browser if that is not explorer. But if it is, you should google and download an ads-blocker for free, I am sorry i don't remember its URL but i am sure there are a lot!
If you like or as a careful person, you should check the internet options and check "ask before accepting cookies". If there is something that you shouldn't put your trust on, just click NO and everything would be fine !

Hope that can be of help!
Jun4-04, 10:51 AM   #12
 
Recognitions:
Retired Staff Staff Emeritus
It's a shame I never have to worry about these problems. I almost feel bad for you windows users.
Jun4-04, 10:53 AM   #13
 
Windows users too can be free from web browsing pains by using a better browser such as Mozilla Firefox:

http://www.mozilla.org/products/firefox/
Jun4-04, 10:59 AM   #14
 
Thanks all, but I'm not asking how to avoid such things, merely supporting what (Q) said as being accurate and alerting anyone who may be interested in looking into this matter (Greg?).
Thread Closed
Thread Tools


Similar Threads for: Google Search PhysicsForums Virus Attack
Thread Forum Replies
Can you google search PF blogs? Forum Feedback & Announcements 10
Google Desktop Search... Computing & Technology 9
Web site virus attack blunted Computing & Technology 0
Web site virus attack blunted--for now Computing & Technology 0