Re: trackandfieldnews.com | malware issue [fixed]


Main message board: for the discussion of topical track & field items only.

Re: trackandfieldnews.com | malware issue [fixed]

Postby bushop » Fri Dec 28, 2012 7:54 pm

Getting this message when I go to discussion threads:

The Website Ahead Contains Malware!
Google Chrome has blocked access to http://www.trackandfieldnews.com for now.


Anyone else getting this?
Last edited by bushop on Sun Feb 10, 2013 11:47 am, edited 4 times in total.
bushop
 
Posts: 1868
Joined: Sat Oct 08, 2005 4:32 am
Location: near the toys and tape measures

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby guru » Fri Dec 28, 2012 8:03 pm

I'm running Chrome and I'm not getting the warning.
guru
 
Posts: 10266
Joined: Sat Oct 08, 2005 4:32 am
Location: Strava, racking KOMs https://tinyurl.com/qf2ntch

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby bushop » Fri Dec 28, 2012 8:07 pm

guru wrote:I'm running Chrome and I'm not getting the warning.

I'm also on Chrome.
bushop
 
Posts: 1868
Joined: Sat Oct 08, 2005 4:32 am
Location: near the toys and tape measures

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby guru » Fri Dec 28, 2012 8:27 pm

Ok, now I'm getting it
guru
 
Posts: 10266
Joined: Sat Oct 08, 2005 4:32 am
Location: Strava, racking KOMs https://tinyurl.com/qf2ntch

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby jhc68 » Fri Dec 28, 2012 9:39 pm

Yeah my VGS jumped on a malware item when I opened TFN this afternoon... IDP.something or other.
jhc68
 
Posts: 3291
Joined: Sat Oct 08, 2005 4:31 am

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby Tuariki » Fri Dec 28, 2012 10:39 pm

Same here on Firefox

Reported Attack Page
blah blah blah
Tuariki
 
Posts: 1300
Joined: Tue Dec 14, 2010 9:39 pm
Location: Rohe o Te Whanau a Apanui

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby guru » Sat Dec 29, 2012 12:44 am

Worth noting the T&FN search result on google now contains a warning.

While I'm not finding anything being deposited on my computer, this does appear to be a serious issue, probably related to phishing passwords, or worse, credit card info from the subscription page. I strongly recommend T&FN get their IT guy on it pronto.
guru
 
Posts: 10266
Joined: Sat Oct 08, 2005 4:32 am
Location: Strava, racking KOMs https://tinyurl.com/qf2ntch

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby mcgato » Sat Dec 29, 2012 3:08 am

Just got it this morning using Firefox.

Some of the text when I asked for details:
What is the current listing status for trackandfieldnews.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 17 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-28, and the last time suspicious content was found on this site was on 2012-12-28.

Malicious software includes 3 trojan(s).

Malicious software is hosted on 1 domain(s), including rtffeatureand.org/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including journaldugeek.com/.

This site was hosted on 1 network(s) including AS21840 (SAGONET).
mcgato
 
Posts: 1605
Joined: Sat Oct 08, 2005 4:32 am
Location: Hoboken

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby tandfman » Sat Dec 29, 2012 5:39 am

I've got Internet Explorer with McAfee anti-virus software (which screens out quite a bit), and I got here without a warning.

Just tried my other computer, with Internet Explorer and TrendMicro anti-virus software. Again, no problems getting in to the message board site.
tandfman
 
Posts: 15043
Joined: Sat Oct 08, 2005 4:31 am

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby guru » Sat Dec 29, 2012 5:57 am

tandfman wrote:I've got Internet Explorer with McAfee anti-virus software (which screens out quite a bit), and I got here without a warning.



Do a Google search for "track and field news". You should see the warning there.
guru
 
Posts: 10266
Joined: Sat Oct 08, 2005 4:32 am
Location: Strava, racking KOMs https://tinyurl.com/qf2ntch

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby tandfman » Sat Dec 29, 2012 6:53 am

You're right, guru. I just did that and got the warning. What's odd is that I've had no problems getting into the site directly. Maybe that's because my browser opens to the T&FN home page. Or maybe not. I haven't a clue what's going on.
tandfman
 
Posts: 15043
Joined: Sat Oct 08, 2005 4:31 am

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby tandfman » Sat Dec 29, 2012 7:23 am

I now see that the warning is not coming from my anti-virus programs; it's coming from Google. That could explain why Chrome is blocking the site. But it doesn't explain why that message is appearing, when there doesn't otherwise seem to be any problem with accessing the site. Is it a glitch with Google, or do they know something others don't know?

Stay tuned, I guess.
tandfman
 
Posts: 15043
Joined: Sat Oct 08, 2005 4:31 am

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby Flumpy » Sat Dec 29, 2012 7:47 am

I'm getting it on Firefox at home but not on Firefox at the office :?
Flumpy
 
Posts: 3900
Joined: Sat Oct 08, 2005 4:32 am

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby lonewolf » Sat Dec 29, 2012 7:51 am

I use IE. Got the warning when I Googled track and field news but I do not normally access t&fn through Google..
I have in the past picked up virus warnings and viruses while logged on only to T&Fnews but unable to trace the source.
lonewolf
 
Posts: 8815
Joined: Sat Oct 08, 2005 4:32 am
Location: Indian Territory

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby Conor Dary » Sat Dec 29, 2012 8:22 am

Wow, what a coincidence. 7Sided/Preston gets the boot and this happens.

Anyways, I haven't seen any warning.
Conor Dary
 
Posts: 6297
Joined: Sat Oct 08, 2005 4:32 am
Location: कनोर दारी in Ronald MacDonald's Home Town, and once a Duck always a Duck.

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby tandfman » Sat Dec 29, 2012 9:53 am

This just came in on Twitter:

Track and Field News‏@tandfn

Sorry... the T&FN site is currently under attack. We apologize for what we hope will be brief inaccesibility

But doesn't the fact that I'm in the site and posting this message mean that the site is accessible? Or maybe they just fixed it.
tandfman
 
Posts: 15043
Joined: Sat Oct 08, 2005 4:31 am

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby Conor Dary » Sat Dec 29, 2012 11:02 am

I am getting the warning now on Firefox. Not good.

PS. Warning gone. Ceasefire has been announced.
Conor Dary
 
Posts: 6297
Joined: Sat Oct 08, 2005 4:32 am
Location: कनोर दारी in Ronald MacDonald's Home Town, and once a Duck always a Duck.

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby pjmorse » Sat Dec 29, 2012 11:36 am

guru wrote:I strongly recommend T&FN get their IT guy on it pronto.


We're looking in to it. We've had secondhand reports of this sort of issue before (i.e. months ago) and were unable to substantiate them, but thanks to your various reports here we've got a lot of leads to pursue now.

Google has a history of "pre-emptive" listings (that is, they will frequently flag sites which aren't actually infected, but have characteristics in common with infected sites) so it's possible this doesn't actually amount to anything. However, until we can follow up, I do recommend folks (a) not use Internet Explorer to visit this site - actually, I recommend you don't use Internet Explorer if you can possibly avoid it - and (b) say "no" to any queries from this domain asking to run e.g. Java applets or other embedded content.

We will follow up here if we find anything, uh, "interesting." (Although one wonders how many people here would really be interested in what we found...)
pjmorse
 
Posts: 43
Joined: Tue Jan 31, 2012 10:03 am

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby polevaultpower » Sat Dec 29, 2012 1:25 pm

I would be interested if you found anything.

I know the spambots have been increasing lately on the message board, but I think the worst they can do is embed links, and I can't imagine that a googlebot coming across a simple link would freak out so bad.
polevaultpower
 
Posts: 4533
Joined: Sat Oct 08, 2005 4:32 am
Location: A Temperate Island

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby guru » Sat Dec 29, 2012 2:53 pm

Just did a sweep with my Microsoft Safety Scanner and this is the only thing it found. It had to come from here.

http://www.microsoft.com/security/porta ... fStykxEk.A

I STRONGLY recommend everyone with a Windows OS do a safety sweep. It's free. Here's the link(may take several hours)

http://www.microsoft.com/security/scann ... fault.aspx

Unfortunately, until this problem is rectified I am going to avoid this site, Hopefully the info I've provided here helps. Good luck.
guru
 
Posts: 10266
Joined: Sat Oct 08, 2005 4:32 am
Location: Strava, racking KOMs https://tinyurl.com/qf2ntch

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby gh » Sat Dec 29, 2012 4:09 pm

I'm finally able to get back on here after almost a total day way. Needless to say, our IT people are sweating madly trying to get the problem fixed.
gh
 
Posts: 46333
Joined: Sat Oct 08, 2005 4:31 am
Location: firmly at Arya's side!

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby pjmorse » Sat Dec 29, 2012 4:22 pm

If you'd like to follow along at home, current attention in on an ad server, ours or an advertiser's.

This is Google's Safe Browsing report on this site: http://google.com/safebrowsing/diagnost ... ldnews.com

Note the reference to "journaldugeek.com". I'm not sure what the link between that site and T&FN would be, but here's their Safe Browsing report: http://google.com/safebrowsing/diagnost ... ugeek.com/

T&FN is listed as "suspicious" with this report: "Malicious software includes 3 trojan(s)." The other site is "not suspicious" but "Malicious software includes 1328 trojan(s), 85 exploit(s)..." and "Over the past 90 days, journaldugeek.com appeared to function as an intermediary for the infection of 2435 site(s)..." Yeah, that's not suspicious.
pjmorse
 
Posts: 43
Joined: Tue Jan 31, 2012 10:03 am

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby pjmorse » Sat Dec 29, 2012 4:59 pm

Google confirms that the issue is due to an ad tag. They're not more specific than that at this point, but my best guess is that an advertiser's content was compromised (i.e. a flash file served by an advertiser through our ad server) and that led to the flagging. I've requested review from Google, the next reasonable step.
pjmorse
 
Posts: 43
Joined: Tue Jan 31, 2012 10:03 am

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby tandfman » Sat Dec 29, 2012 6:29 pm

Does that mean that the site is safe if we don't click on any of the advertising?
tandfman
 
Posts: 15043
Joined: Sat Oct 08, 2005 4:31 am

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby guru » Sat Dec 29, 2012 6:52 pm

tandfman wrote:Does that mean that the site is safe if we don't click on any of the advertising?


No. You will likely pick up the same malware I did(noted above-Exploit:JS/StykxEk.A ), though you probably have it already. Seems to be a forum issue, as the exact thing hit this one -

http://www.google.com/search?q=Exploit% ... e&ie=UTF-8


PJ - note that this other forum's diagnostic page looks exactly the same as yours.
guru
 
Posts: 10266
Joined: Sat Oct 08, 2005 4:32 am
Location: Strava, racking KOMs https://tinyurl.com/qf2ntch

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby bushop » Sat Dec 29, 2012 7:12 pm

guru wrote:Unfortunately, until this problem is rectified I am going to avoid this site,.

Not me... I'm addicted.
bushop
 
Posts: 1868
Joined: Sat Oct 08, 2005 4:32 am
Location: near the toys and tape measures

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby guru » Sat Dec 29, 2012 7:15 pm

bushop wrote:
guru wrote:Unfortunately, until this problem is rectified I am going to avoid this site,.

Not me... I'm addicted.



Lol, yeah I came back too. But I definitely recommend doing a sweep with the Safety Scanner once PJ solves the problem. And make sure it's the full sweep - the quick one doesn't find it. Until then I don't plan to do any internet transactions, as I assume it's back on my computer.
guru
 
Posts: 10266
Joined: Sat Oct 08, 2005 4:32 am
Location: Strava, racking KOMs https://tinyurl.com/qf2ntch

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby bushop » Sat Dec 29, 2012 7:34 pm

guru wrote:
bushop wrote:
guru wrote:Unfortunately, until this problem is rectified I am going to avoid this site,.
Not me... I'm addicted.
I recommend doing a sweep with the Safety Scanner once PJ solves the problem. And make sure it's the full sweep - the quick one doesn't find it. Until then I don't plan to do any internet transactions, as I assume it's back on my computer.

Does the OS matter? I'm on a Mac.
bushop
 
Posts: 1868
Joined: Sat Oct 08, 2005 4:32 am
Location: near the toys and tape measures

Re: The Website [trackandfieldnews.com] Ahead Contains Malwa

Postby guru » Sat Dec 29, 2012 7:57 pm

bushop wrote:Does the OS matter? I'm on a Mac.



Not sure about the malware, but the scanner is for Windows systems
guru
 
Posts: 10266
Joined: Sat Oct 08, 2005 4:32 am
Location: Strava, racking KOMs https://tinyurl.com/qf2ntch

Re: trackandfieldnews.com | malware issue

Postby jhc68 » Sat Dec 29, 2012 10:24 pm

From my iphone:
When I go to TFN on my computer using either IE or Chrome my VGS antivirus shield blocks entry and says I need to expinge two malware files :
Trojan horse Generic30.BZJL
IDP.GenericN.5D5293F3
jhc68
 
Posts: 3291
Joined: Sat Oct 08, 2005 4:31 am

Re: trackandfieldnews.com | malware issue

Postby Tuariki » Sun Dec 30, 2012 10:20 pm

My windows based laptop seems OK. got a full clearance from Microsoft essentials and MacAfee. I still get that scary message though warning me to keep away from this site.

Interestingly my iPad does not have the warning. Goes to this site as before with no warnings.
Tuariki
 
Posts: 1300
Joined: Tue Dec 14, 2010 9:39 pm
Location: Rohe o Te Whanau a Apanui

Re: trackandfieldnews.com | malware issue

Postby guru » Sun Dec 30, 2012 10:57 pm

The google warning has been removed.
guru
 
Posts: 10266
Joined: Sat Oct 08, 2005 4:32 am
Location: Strava, racking KOMs https://tinyurl.com/qf2ntch

Re: trackandfieldnews.com | malware issue

Postby pinoyathletics.com » Mon Dec 31, 2012 1:30 am

guru wrote:The google warning has been removed.


It is still present. I had to log in through yahoo.com to login.
pinoyathletics.com
 
Posts: 17
Joined: Mon Dec 31, 2012 1:28 am
Location: Manila, Philippines

Re: trackandfieldnews.com | malware issue

Postby guru » Mon Dec 31, 2012 1:59 am

pinoyathletics.com wrote:
guru wrote:The google warning has been removed.


It is still present. I had to log in through yahoo.com to login.


I do not receive the warning page on google chrome when using my bookmarked link(but do see the google search result still has it - probably just a time lag) .
guru
 
Posts: 10266
Joined: Sat Oct 08, 2005 4:32 am
Location: Strava, racking KOMs https://tinyurl.com/qf2ntch

Re: trackandfieldnews.com | malware issue

Postby pinoyathletics.com » Mon Dec 31, 2012 2:03 am

guru wrote:
pinoyathletics.com wrote:
guru wrote:The google warning has been removed.


It is still present. I had to log in through yahoo.com to login.


I do not receive the warning page on google chrome when using my bookmarked link(but do see the google search result still has it - probably just a time lag) .


Correct its on the search engine of google still. :mrgreen:
pinoyathletics.com
 
Posts: 17
Joined: Mon Dec 31, 2012 1:28 am
Location: Manila, Philippines

Re: trackandfieldnews.com | malware issue

Postby guru » Mon Dec 31, 2012 4:04 am

Interesting note on the Inside The Games facebook page - apparently having the same issue.

http://www.facebook.com/insidethegames/ ... 7514029232

The Google malware notice on ITG is part of bigger problem affecting several sites. We're totally clean and it is totally safe to visit ITG. We're working with Google to rectify the problem and hope everything will be back to normal soon. ITG works normally on internet explorer.
guru
 
Posts: 10266
Joined: Sat Oct 08, 2005 4:32 am
Location: Strava, racking KOMs https://tinyurl.com/qf2ntch

Re: trackandfieldnews.com | malware issue

Postby ATK » Mon Dec 31, 2012 4:41 am

Issue still occurs for me on: Chrome and FireFox. IE works fine, as well as my cell phone.
ATK
 
Posts: 3808
Joined: Fri Jun 26, 2009 6:00 pm

Re: trackandfieldnews.com | malware issue

Postby pinoyathletics.com » Mon Dec 31, 2012 3:13 pm

It still happens in firefox when i type it in. I get a red box giving me a warning.
pinoyathletics.com
 
Posts: 17
Joined: Mon Dec 31, 2012 1:28 am
Location: Manila, Philippines

Re: trackandfieldnews.com | malware issue

Postby tandfman » Mon Dec 31, 2012 3:21 pm

I got a tweet from yet another site that seemed to be having the same problem The tweet indicated that they had identified an ad that was causing the problem.

Meanwhile, I've had no trouble getting into the site for the past two days--no warnings, no blockage, unless I try to access it through Google. My browser is IE.
tandfman
 
Posts: 15043
Joined: Sat Oct 08, 2005 4:31 am

Re: trackandfieldnews.com | malware issue

Postby Pego » Wed Jan 02, 2013 6:42 am

I am still getting the malware warning with Chrome on both of my computers. I have repeatedly scanned them thoroughly with Security Essentials and Malwarebytes with negative results. I even emptied the cache of temporary internet files/cookies. Why is the browser still reporting malware on T&FN website if everything seems to be in the clear?
Pego
 
Posts: 10202
Joined: Sat Oct 08, 2005 4:32 am
Location: beyond help

Next

Who is online

Users browsing this forum: Bing [Bot] and 10 guests