• Follow us on Twitter @buckeyeplanet and @bp_recruiting, like us on Facebook! Enjoy a post or article, recommend it to others! BP is only as strong as its community, and we only promote by word of mouth, so share away!
  • Consider registering! Fewer and higher quality ads, no emails you don't want, access to all the forums, download game torrents, private messages, polls, Sportsbook, etc. Even if you just want to lurk, there are a lot of good reasons to register!

Nasty Popup in IE9

Jump to latest Follow Reply
Sort by date Sort by votes
colobuck79

colobuck79

tilter of wind*ills
Site Supporter: VIP
While browing the forums a popup opened in a new window and tried to get me to click on a button to download Flash "to be able to view content on this website". Like a dummy I didn't write down the URL. If it happens again I will do that. Pretty sure it was malicious, and I have no idea where it came from. Finally was able to close with task manager. Weird.
 
Internet_0383cf_1108481.jpg
 
Upvote 0
colobuck79;2337259; said:
While browing the forums a popup opened in a new window and tried to get me to click on a button to download Flash "to be able to view content on this website". Like a dummy I didn't write down the URL. If it happens again I will do that. Pretty sure it was malicious, and I have no idea where it came from. Finally was able to close with task manager. Weird.
Click to expand...

Sounds like a bad ad somewhere. I'll go through and do my normal checks, but please, if you (or anyone else) sees it again, please let me know right away. The URL it takes you to would be helpful. What page you're on (what ad positions loaded -- top leaderboard banner, one of the right side skyscrapers, or one of the admonkey box ads in threads), what position may have provoked it, a screenshot of the provocateur, etc., all bonus points.

The site itself is clean, and I've gone looking for a bad ad and haven't yet found it. These things generally (and intentionally) have a low run rate to make them hard to catch. The ad networks we limit ourselves to have a very good record when it comes to preventing actual malicious stuff hitting the airwaves, but that doesn't mean the site you were sent to was a good one. You were smart to just close the browser and not interact with it.

Sorry about the headache. Will squash it ASAP, more data will just make that faster/easier. Thanks, all.
 
Upvote 0
colobuck79;2337400; said:
Yeah, sorry I didn't do that. After I got it closed I smacked by forehead for not writing down the url. Doh!
Click to expand...

Oh don't worry about that, the first priority is getting your browser off of the bad site. I may be able to chase it down anyway, I've got the site on a 2 minute reload loop, that will expose it eventually.
 
Upvote 0
I found it (not through reloading, just by scouring and blanket emailing all ad partners) and have contacted the provider. They found it (they believe) and think they've completely purged it from the system. These changes sometimes take a couple hours to propagate, so let's say that if anyone sees a new browser window pop for mediaplayer-download888.net (does that look right, colo?) after 3pm ET, please let me know here ASAP. Sounds like it was set (by the slimebags responsible for it) to show to a VERY small portion of the population, and very rarely at that. So I hope and expect it won't be a problem between now and when it's gone (and it's possible it's gone already).

The good news is this appears to have been a headache rather than a threat. That domain pings clean at Sucuri, Google, Norton, and SiteAdvisor. Doesn't mean it wasn't trying to do something bad, just means that if it was then it likely would have taken more than just visiting it.

Thanks for the report!
 
Upvote 0
This *may* have shifted to another domain. I've contacted the relevant parties to get it taken care of just in case that's what has happened. I'm simply not sure. If any of you see a window pop up for concern8.info, please simply close the window and do not interact with its dialog. That site too scans clean at a variety of check points, but whatever it's trying to do, we don't want it.

Ideally no one even sees this and it's not an issue. Were I not still scouring to make sure all was well, I wouldn't have even noticed it.
 
Upvote 0
colobuck79;2338008; said:
That is it, it just happened to me again. "concern8.info/flvupdate.php?campaign". I was in the GIF thread when it happened.
Click to expand...

Thanks, confirmed then. The good news is I already have an email off to Lijit. The bad news is because it's Saturday they may not see it and act until Monday. The somewhere-in-between news is that it still seems to load extremely infrequently. I hope you won't see it again at all.
 
Upvote 0
Clarity;2338022; said:
Thanks, confirmed then. The good news is I already have an email off to Lijit. The bad news is because it's Saturday they may not see it and act until Monday. The somewhere-in-between news is that it still seems to load extremely infrequently. I hope you won't see it again at all.
Click to expand...

This appears to have been blocked for us (thanks, Lijit!), barring another shift we should be done with it (again).
 
Upvote 0
This is back as turning8.info. Now it's coming in through a different ad partner. I've contacted that partner, it should be gone shortly.

--edit--
This seems to have been resolved, and now we also know where it's coming from. So hopefully that's the true end to it.
 
Last edited:
Upvote 0
You must log in or register to reply here.
Back
Top