PDA

View Full Version : Malicious Website Warning



dukenilnil
09-16-2012, 10:53 AM
Coming here tripped a malicious website warning based on SB nation. Y'all may want to think about your affiliation with them (or at least keep on top of them).

Text of warning:

WARNING: Something's Not Right Here!

www.dukebastetballreport.com contains content from ox-d.sbnation.com, a site known to distribute malware. Your computer might catch a virus if you visit this site.

GOodle has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or your trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.

We have already notified ox.d.sbnation.com that we found malware on the site. For more about the problems found on ox-d.sbnation.com, visit the Google Safe browing diagnostic page

allenmurray
09-16-2012, 11:45 AM
Coming here tripped a malicious website warning based on SB nation. Y'all may want to think about your affiliation with them (or at least keep on top of them).

Text of warning:

WARNING: Something's Not Right Here!

www.dukebastetballreport.com contains content from ox-d.sbnation.com, a site known to distribute malware. Your computer might catch a virus if you visit this site.

GOodle has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or your trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.

We have already notified ox.d.sbnation.com that we found malware on the site. For more about the problems found on ox-d.sbnation.com, visit the Google Safe browing diagnostic page

It might be kind of hard for DBR to end their affiliation with sbnation since that is who they sold the site to.

Jarhead
09-16-2012, 12:33 PM
A week or so ago I received the exact same warning on attempting to visit crazietalk.net.

2804

Since then the warning stopped, but I remain cautious on going there. Google generates the warning. Are they screening all of my site visits?

-jk
09-16-2012, 01:52 PM
Coming here tripped a malicious website warning based on SB nation. Y'all may want to think about your affiliation with them (or at least keep on top of them).

Text of warning:

WARNING: Something's Not Right Here!

www.dukebastetballreport.com contains content from ox-d.sbnation.com, a site known to distribute malware. Your computer might catch a virus if you visit this site.

GOodle has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or your trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.

We have already notified ox.d.sbnation.com that we found malware on the site. For more about the problems found on ox-d.sbnation.com, visit the Google Safe browing diagnostic page

Thanks for the heads-up. To the best of our knowledge, there is nothing on DBR causing this. I don't get the warning on DBR, but if I try to navigate directly to sbnation.com, I do get it.

Some browsers (or addins) "prefetch" data from links on a page - there's an sbnation link at the bottom of DBR pages - to speed up loading those links, and whatever was prefetched might have tripped the warning. Did you get the warning just by visiting DBR, or did you try to go to SBN?

SBN thinks it's a "false positive". Whether that's true or some advertiser let something slip in (sites generally can't control what comes in the ads, and ads are occasionally used to distribute more than just marketing).

SBN is claiming it's safe now (https://twitter.com/SBNSupport).

-jk

dukenilnil
09-16-2012, 02:17 PM
Thanks for the heads-up. To the best of our knowledge, there is nothing on DBR causing this. I don't get the warning on DBR, but if I try to navigate directly to sbnation.com, I do get it.

Some browsers (or addins) "prefetch" data from links on a page - there's an sbnation link at the bottom of DBR pages - to speed up loading those links, and whatever was prefetched might have tripped the warning. Did you get the warning just by visiting DBR, or did you try to go to SBN?

SBN thinks it's a "false positive". Whether that's true or some advertiser let something slip in (sites generally can't control what comes in the ads, and ads are occasionally used to distribute more than just marketing).

SBN is claiming it's safe now (https://twitter.com/SBNSupport).

-jk

Got it going straight to DBR. FWIW, I don't think I have ever visited SB Nation proper (and I believe I have only ever visited one or 2 of their other sites).
Obviously didn't keep me from coming, but wanted to provide the heads up. Bunch of bad guys out there who like to play games and I image Duke being what it/we are, generates a little more mischievous activities on related sites.

summerwind03
09-16-2012, 04:29 PM
I got it the other day, I believe on the boards. I've never gone to any other site from here.

uh_no
09-16-2012, 06:21 PM
A week or so ago I received the exact same warning on attempting to visit crazietalk.net.



Since then the warning stopped, but I remain cautious on going there. Google generates the warning. Are they screening all of my site visits?

It's generated by your browser when the signature of the received transmissions don't match what they should be. It could indicate a man in the middle attack, but is often just an indication that either host or certificate changed.

Jarhead
09-16-2012, 08:54 PM
It's generated by your browser when the signature of the received transmissions don't match what they should be. It could indicate a man in the middle attack, but is often just an indication that either host or certificate changed.

There is a link in the notification that takes you straight to a Google page that describes what happened. Are you saying that my browser is in cahoots with Google?

J.Blink
09-16-2012, 09:20 PM
It's generated by your browser when the signature of the received transmissions don't match what they should be. It could indicate a man in the middle attack, but is often just an indication that either host or certificate changed.

Actually you're thinking of a totally different kind of error (some kind of certificate mismatch/expired/invalid/etc) message. The pic that Jarhead posted appears (!) to be a fairly standard malware popup. There are blacklists of sites that list sites that are believed to contain malware. Chrome, IE, Firefox, etc, or even just clicking the link from google, can bring up one of these malware messages when trying to open sites that are found in one of the blacklists.

However, it seems that what Jarhead posted (and I saw the same thing going to Crazietalk a week or two ago) could actually be this:

http://www.pcworld.com/article/208305/fake_warnings_trick_chrome_firefox_users_download_ malware.html

The folks are crazietalk might want to check their site security...

CameronBornAndBred
09-17-2012, 10:44 AM
A week or so ago I received the exact same warning on attempting to visit crazietalk.net.

2804

Since then the warning stopped, but I remain cautious on going there. Google generates the warning. Are they screening all of my site visits?

Well...FYI that had to be more than a "week or so ago"..we got hacked back in July/August due to the software used for our front page, which was WordPress. Since I did not feel like paying hundreds of dollars to have someone dig through and wipe out the infection, I simply toasted the front page completely. For a few weeks now we have been (and continue to be) certified as safe. We could not display the following badge if we weren't.

http://shield.sitelock.com/shield/crazietalk.net


Since I was involved with that nightmare, I feel for anyone that runs a site and has to deal with this. First, it might not even be a true infection, the web is at the mercy of Google's reporting which is not flawless. Second, if it is real, it is both time consuming and expensive to cure..especially for a site like CTN which is not there to make money..so any money to fix it comes out of my pocket (or our members that graciously offered to help). Third, you have to figure out how to prevent it. That's how we ended up using SiteLock...they inspect us every day, and if we have a future infection it will be easy to remove since we know when and where it generated. I don't know if SBNation uses such a service, they may be big enough they handle everything in house. CTN is small, so I used to do it all myself, but searching through thousands of lines of php code to solve our problem was not in my timeframe.
Anyways...just to point out, crazietalk.net is indeed safe and will remain safe. I have no doubt that DBR is completely safe as well.

ThePublisher
09-17-2012, 03:31 PM
A week or so ago I received the exact same warning on attempting to visit crazietalk.net.

2804

Since then the warning stopped, but I remain cautious on going there. Google generates the warning. Are they screening all of my site visits?

FYI. Google does screen your site visits. And every thing you click on or type or look at. They probably even track how many breaths you take while visiting a site... Really though, they do track just about everything so they can provide ads that you hopefully click on. Although they probably aren't quite as bad as facebook, who tracks absolutely everything you do in any web site you go to if you leave facebook open...

The best way to avoid this is to open a private or incognito browsing window. And sometimes that doesn't even stop it...

Might I recommend Lavasoft's Ad-Aware as it will remove tracking cookies (info stored by sites to track the other sites you visit) and Malware.