Announcement

Collapse
No announcement yet.

Virus heads up

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Virus heads up

    Twice, so far, quakeone has tried to give me a firefox update virus. I'm sure it is not really quakeone doing this but, it is happening. It happens randomly on a page refresh. The page will refresh but then redirect to a page that tries to give me a virus via a firefox update.

    I haven't experienced this problem on any site but this one and I can't reproduce it at will. It happened once a few days ago and again just a minute ago.

    Has anyone else had this issue? Something tells me the page refresh is coincidental and it actually has to do with which ad is loaded into the upper right box. I will be paying a lot more attention to that box on page loads.

    this is the base url for the redirect. I put it in a code box so you WONT click it.

    Code:
    https://thitueasyexport.net/
    the redirects in whole are more like this

    Code:
    https://thitueasyexport.net/dc17cef412e2dba8b9835cdcc81dab2f.html#
    Going back to either of those addresses reveals a blank page with no source code. So apparently, pages are served on the fly and immediately expire. I'll get the source if it happens to me again.
    Last edited by MadGypsy; 12-20-2015, 09:40 PM.
    http://www.nextgenquake.com

  • #2
    So I'm not going to pretend that I know more about this stuff than I do, and I don't know very much. What I do know is that if it seems to be a particular ad that is causing the trouble, then you could download AdBlock Puls. I would like to make it clear that I have ADBlock DISABLED on this website, as it is how this is funded However, you can block particular ads I think, so that might be something to look into.

    Also, I have heard more stories of people having fake 'updates' with firefox than any other browser, so you may want to check out their support page (https://support.mozilla.org/en-US/products/firefox), or use another browser.

    Hope this gets resolved soon, and Happy Quaking!

    Comment


    • #3
      That's a really good response, Sgt-PieFace. I don't want to block the ads here either. I'm thinking that maybe it can be suppressed at the source. Something starting with:

      Code:
      <script>
      window.addEventListener("beforeunload", function(event) {
      	if(!(event.someProperty  === a physical click or back))
      		return false;	// stay/leave? prompt
      
      	//else do nothing
      });	
      </script>
      http://www.nextgenquake.com

      Comment


      • #4
        This code will stop anything on the page from redirecting without being clicked. You can add any tag to the allowed array and that frees that element up for page redirection when clicked. Iframes do not fire click event's (except on the border) so we handle allowing iframe clicks by simply determining if we have moused over it and haven't yet moused out. I should note that you could add something like these ("#someElemID", ".someElemClass", "input[type=submit]") to allowed and it will give all elements with that id/class/pointer click allowance for page redirection. The allowed array has nothing to do with elements inside the iframe.

        Code:
        <script>
        	var isFirefox = typeof InstallTrigger !== 'undefined';
        	if(isFirefox)
        	{	var proceed = false;
        		var allowed = ["input","a"];
        		$(document).ready(function(){
        			$("#adFrameID").mouseover(function(){proceed = true})
        				       .mouseout(function(){proceed = false});
        			$.each(allowed, function(index){
        				$(allowed[index]).click(function(){proceed = true})
        						 .mouseout(function(){proceed = false});
        			});
        		});
        	
        		window.addEventListener("beforeunload", function(event) {
        			if (!proceed) event.returnValue = false;
        		});	
        	}
        </script>
        my test source
        Last edited by MadGypsy; 12-21-2015, 05:04 PM.
        http://www.nextgenquake.com

        Comment


        • #5
          Alright, I promise this is my last version (lol);

          This version will not throw a stay/leave? prompt except under the one condition that the page tries to redirect you automatically. I even programmed in an exception for every relative keyboard shortcut. Every single condition that I could think of that is not the page auto redirecting has been allowed and does not throw a prompt.

          Instead of my allowance array assigning a bunch of listeners to everything on the page I decided to simply listen for clicks on the document.

          Actually, every bit of allowance/forbiddance is based on the current mouse state and specific keys states in the document .

          Code:
          <script>
          	var isFirefox=typeof InstallTrigger !== 'undefined';
          	if(isFirefox)
          	{	var keyCombo={};
          		var proceed=false;
          		var sckeys = [116, 16, 17, 18, 8];/* most essential keys [f5, shift, control, alt, backspace] */
          	
          		function set_true (event){proceed=true };
          		function set_false(event){proceed=false};
          		
          		function key_press(key_evt)
          		{	if(proceed)return;
          		
          			var c = key_evt.keyCode || key_evt.which;
          			if($.inArray(c,sckeys) > -1)
          				proceed = keyCombo[c] = true;
          		}
          		
          		function key_release(key_evt)
          		{	if(!proceed)return;
          		
          			var c = key_evt.keyCode || key_evt.which;
          			if(keyCombo.hasOwnProperty(c))delete keyCombo[c];
          			proceed = !($.isEmptyObject(keyCombo));
          		}
          		
          		$(document)
          			.ready(function(){
          				$("iframe").mouseover(set_true ) /* if the user is hovering the ad frame allow redirection */
          					   .mouseout (set_false);/* if the user leaves the ad frame restrict redirection   */
          			})
          			.click		(set_true )/* the whole point, allow redirect by interaction only			*/
          			.mouseup	(set_false)/* maybe the user didn't click anything that navigates			*/
          			.mouseleave	(set_true )/* no stay/leave? prompt while using browser controls			*/
          			.mouseenter	(set_false)/* we're back in the document, turn off redirect til user action */
          			.keypress	(key_press)/* handle all related keyboard shortcuts, all of them			*/
          			.keydown	(key_press)/* handle all related keyboard shortcuts, all of them			*/
          			.keyup		(key_release);/* handle all related keyboard shortcuts, all of them			*/
          			
          		
          		window.addEventListener("beforeunload", function(event) {
          			if (!proceed)event.returnValue=false;
          		});	
          	}
          </script>
          my test src with more tests and indications
          Last edited by MadGypsy; 12-22-2015, 02:08 AM.
          http://www.nextgenquake.com

          Comment


          • #6
            I turned the whole thing into a jquery plugin and fixed 1 minor issue. I also made a minimized version and a verbose version to add to the regular version. I then uploaded all of it to my site so it can be tested by anybody interested.

            NO AUTO-REDIRECT
            http://www.nextgenquake.com

            Comment


            • #7
              I don't doubt that you may have spotted a virus, but the ads run on here are through Google. Google generally doesn't serve ads that contain virii... I have not received any alerts myself. If you can narrow down a specific ad, I can let Google know so they can look at it and address it. Otherwise I can't really implement any code that alters Google ads, as that is a violation of their terms.

              Comment


              • #8
                I don't think my script qualifies as "altering googles ads"... just saying. Alter means change and my script does nothing to change the ads. It simply stops anything and everything from auto redirecting the page. Now if I would have taken the ad javascript and attempted to write a script that overrides it, then you would have a real good point, but my script doesn't do that.

                If I can catch the malicious ad again I'll get all the info I can and pass it along.
                http://www.nextgenquake.com

                Comment


                • #9
                  I was getting redirected to phony security warnings/malware downloads from my home page (Refdesk), which is a perfectly legitimate website except for the occasional malvertisement. At first I assumed it was a local malware infection, but myself and others have wasted much time and electricity scanning for the nonexistent infection. This issue affects IE as well as Firefox. I do not use Google's spyware-browser; but if the malvertising is indeed being served by Google, then it wouldn't surprise me if Chrome is immune.

                  As Sgt-PieFace correctly guessed, ad-blocking browser add-ons completely stop the redirects, which pretty much rules out the local infection theory - even if one was prepared to believe that virtually all security products are ineffective against this latest menace. Of course if a majority of people used ad blockers, then the internet as we know it would come to an end - which is why malvertising is an important issue. It would be difficult to identify the specific ad(s) because redirects occur within seconds of the page loading and do not require a mouse click. I hope that MadGypsy will continue to study this problem.

                  Comment


                  • #10
                    @continue to study this problem - I am learning yet another language so I can write a firefox plugin that does basically the same thing as my jquery plugin. I know ad blockers exist that stop auto-redirects but, I don't want to block ads or worry about allow lists. I want simple... no auto-redirects period. Working outside of the website I should even be able to alert a user exactly where the redirect is trying to go.

                    When I get it in my thick skull that hell or high water I'm going to stop something, I stop it. I'll admit that I find it disconcerting that sole would rather leave the site open for bad actors than at least ask google if my script goes against the TOS or even write a script of his own that complies, but I'm not going to let that stop me.

                    Anyone is welcome to use my jquery plugin if they believe it will add a level of protection for their users. I am also available to address any problems you may experience. I'm pretty damn sure it should work fine but, It has never been tested on a real site serving real ads.
                    Last edited by MadGypsy; 12-24-2015, 12:25 PM.
                    http://www.nextgenquake.com

                    Comment


                    • #11
                      MadGypsy, before you devote tremendous effort to writing a plugin, I just googled "firefox block auto redirect" and learned that Firefox already has a setting in Options > Advanced > General under Accessibility heading, "Warn me when websites try to redirect or reload the page," which is obviously not selected by default. I will disable Adblock Plus and test that setting in the days ahead. For IE, setting a custom security level and disabling "Allow META REFRESH" might be the closest equivalent.

                      Comment


                      • #12
                        Hmmm, interesting. I might still write the plugin just so I can go from a to z on a firefox plugin. The actual script for writing the plugin should be very simple. It will give me a taste of jpm and how to go about digitally signing a plugin.

                        Your post is a good find. Thank you for joining the effort. Imma +rep you when I get on my laptop. My ghetto phone browser doesn't like the rep box pop up but, I like my ghetto phone browser. Sometimes crap is better.


                        To be specific for others: It is actually tools>options>advanced>general. If you don't have the menu bar visible, make sure the window (ie not the document) has mouse focus and press alt+t.
                        Last edited by MadGypsy; 12-27-2015, 02:46 PM.
                        http://www.nextgenquake.com

                        Comment


                        • #13
                          @Abzyx - may I ask you: What led you here?

                          If I had to make an educated guess, I would assume that you ended up here due to my post on slickdeals.com regarding this subject. I wouldn't bet even one shiny penny on it though considering there isn't a shred of evidence to determine anything one way or another.
                          http://www.nextgenquake.com

                          Comment


                          • #14
                            Your guess is right on the money, and I was in turn led to the slickdeals discussion by google searches re Firefox security warnings and phony patches. You might say I'm an anti-malvertising activist. I'm not here to impugn QuakeOne - in fact I have not been redirected from this website - but I'm certain that I could be redirected if Google placed just the right ad in my face and I was taking no precautions.

                            As mentioned in post #9, I encountered the fake security warning when redirected from refdesk.com. I am somewhat disappointed with the Firefox setting because refdesk.com cannot even present a banner ad when blocked from reloading the page. (The ads were often targeted for my geographical location, so they must check your IP address before deciding what ad to present.) I had hoped to be able to identify the specific malvertising ads when warned about a redirect. If you do write a Firefox plugin, I wish it could block redirects without blocking reloads, if that is possible.

                            Comment


                            • #15
                              allow reload without allowing redirect...

                              hmmmm

                              summin like
                              Code:
                              If(newLocation !== currentLocation) suppressRedirect();
                              //else is reload
                              The thing is, only a plugin could do that (if anything can) and that sucks cause I would like to have my jquery plugin mirror my ff one. Unfortunately window.location.href can only tell you where you are, not where you are going. Give me some time to think about this. I don't doubt I could write a FF plugin to do what you want (even though I don't know how to write a FF plugin yet...lol) but, I want my jquery plugin to match. That's gonna be hella tricky, maybe impossible. Also the reloads may contain extra data in the url that wasn't there before reload. Meaning, currentLoc will never equal newLoc even if the base page is the exact same. However I could probably strip newLoc of everything from the first ? on and then compare. What if we just play quake and forget about this passing fad they call the internet? lol!

                              Can you program, at all?

                              edit: here's a dumb idea. Make a simple html document on your desktop that only has an iframe and some javascript. When the page in the iframe has re(loaded/directed) you check it's current loc against the last one. If the base url isn't the same it hit's the back button for ya. The idea is so ridiculous I almost want to make it just to see if I can bang it out in 10 minutes or less. It would be like a dumb browser inside your smart one.

                              edit2: Ya know it's not that the page can't reload, it's that the iframe can't and that is a big problem with my plugin, one I didn't consider. What if this was approached differently. Instead of trying to suppress redirects, what if the script ripped the whole damn frame out of the page.... pssh that still wouldn't solve being redirected to malvertising. It seems like the only way to go is to blacklist sites after you have already been poked by them. That's all I can see as a solution. The redirects and reloads are always going to be different url's cause the advertising is constantly redirecting to the next thing. Good, bad or ugly that shit is never going to match. I don't think there is a way to say "allow everything unless it is trying to redirect the main document". Too many factors.

                              I'm currently stumped. I hate the blacklist idea but, I don't have a better solution atm.
                              Last edited by MadGypsy; 12-28-2015, 12:23 AM.
                              http://www.nextgenquake.com

                              Comment

                              Working...
                              X