| Author |
Message |
secularpatriot
Joined: 04 Apr 2005
Posts: 296
Location: USA
|
 Posted: Tue Jun 16, 2009 2:29 am Post subject:
Malware on Operation Clambake?
|
|
|
I have been getting this message when I visit Operation Clambake:
Warning: Visiting this site may harm your computer
The website you are visiting appears to contain malware. Malware is malicious software that may harm your computer or otherwise operate without your consent. Your computer can be infected just by browsing to a site with malware, without any further action on your part.
For detailed information about problems found on this site, or a portion of this site, visit the Google Safe Browsing diagnostic page for xxxxxxxx.xx.
Anyone know if this is a real problem?
--SP
(Edited to remove possibly dangerous link.)
Last edited by secularpatriot on Tue Jun 16, 2009 5:24 pm; edited 2 times in total |
|
| Back to top |
|
 |
pharbizorg
Joined: 12 Jul 2006
Posts: 482
Location: Glorious Nation of the Peoples' Canada
|
| Posted: Tue Jun 16, 2009 4:36 am Post subject:
|
|
|
I'm interested in what your specs are: (ie Operating System, Antivirus, etc...)
I am currently running Avast Antivirus (link here) and on Windows 7 (the latest out from Microsoft). I get no messages, but I do recall something similar of this nature that someone brought up a year or two ago. If you can provide what OS you use, your antivirus, and the signature that is being triggered so that I might do some more inquiries into the alert.
_________________
"However beautiful the strategy, you should occasionally look at the results"
"He has all the virtues I dislike and none of the vices I admire"
~Sir Winston Churchill - British politician (1874 - 1965) |
|
| Back to top |
|
|
secularpatriot
Joined: 04 Apr 2005
Posts: 296
Location: USA
|
| Posted: Tue Jun 16, 2009 5:12 am Post subject:
|
|
|
| pharbizorg wrote: | | If you can provide what OS you use, your antivirus, and the signature that is being triggered so that I might do some more inquiries into the alert. |
I'm on a Mac, with OSX 10.5.6.
This is a laptop they gave me to use from work, so I'm not sure what the anti-virus software might be. Any guidance on how to find out? A search of the computer for "anti-virus" or "antivirus" didn't bring up anything.
Not sure what "the signature that is being triggered" means?
Thanks for your help! Just wondered if someone somehow got some malware onto the site. |
|
| Back to top |
|
|
Another Surfer
Joined: 08 Dec 2007
Posts: 293
|
| Posted: Tue Jun 16, 2009 6:55 am Post subject:
|
|
|
I receive this message, too, when accessing the International Picket Central message board: <removed link, sorry -- obviously didn't think that through!>
I have Windows Live OneCare (yeah, lame in some ways).
It might be due to links posted to this part of the site.
I have not visited it since receiving this message some weeks ago. Bummer, for sure, and I will endeavor to get some better internet condom (ha) so that I can get more info re what the problem is.
Here is what I see (big warning, red background),
| Quote: | MALWARE DETECTED: Warning: Visiting this site may harm your computer!
The website at ocmb.xenu.net contains elements from the site gcounter.cn, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for gcounter.cn.
Learn more about how to protect yourself from harmful software online.
I understand that visiting this site may harm my computer |
.
I can choose to continue, but I don't, due to this warning.
Another Surfer
I can't figure out how to insert the screen capture here. I am using the Google browser at the moment.
Last edited by Another Surfer on Thu Jun 18, 2009 5:31 am; edited 1 time in total |
|
| Back to top |
|
|
Old Bomber
Joined: 15 Jun 2006
Posts: 58
Location: At the I.P., Inbound.
|
| Posted: Tue Jun 16, 2009 11:08 am Post subject:
|
|
|
I just checked the link you posted with my Mac running the same version with Norton anti virus and firefox, then with my pc running xp, firefox and Avir antivirus. Didn't get any warnings.
_________________
COFFEE...COFFEE...Must.. engage brain.. before keybord!!! |
|
| Back to top |
|
|
Simonymous
Joined: 26 Feb 2008
Posts: 786
|
| Posted: Tue Jun 16, 2009 12:58 pm Post subject:
|
|
|
The good news is you're on a Mac. Even if there is a virus, you won't catch it! There's almost no Mac viruses, and the ones that do exist are little more than irritating joke programs or only affect really old operating systems.
That doesn't really answer the question, and it doesn't help anyone on a PC... but hopefully it allays a bit of worry.
_________________
Uwe Stuckenbrock was destroyed by Scientology. These harms must never be allowed to continue. |
|
| Back to top |
|
|
Peter Schilte
Joined: 15 May 2006
Posts: 1746
Location: Vierlingsbeek (Netherlands)
|
| Posted: Tue Jun 16, 2009 4:12 pm Post subject:
|
|
|
Running ESET Smart Security on Windows XP-Pro-SP3 I get no warning whatsoever.
My guess is it is a false positive, generated by an overconcerned safety program.
Peter
_________________
"THE ONLY WAY YOU CAN CONTROL PEOPLE IS TO LIE TO THEM."
- L. Ron Hubbard
http://www.scamofscientology.nl |
|
| Back to top |
|
|
Gumbythetruth
Joined: 24 Jul 2007
Posts: 2120
Location: Look over your shoulder!
|
| Posted: Tue Jun 16, 2009 4:30 pm Post subject:
|
|
|
Also on a Mac. Nothing on my end appears as Malware. I have had warnings, when on Google. When i find something of interest and the link is located in some eastern european country. Most of those countries are former soviet bloc entities.
Ah! the wild wild east.
_________________
Master of subterfuge and disinformation! |
|
| Back to top |
|
|
Sponge
Joined: 10 Apr 2006
Posts: 9580
Location: U.K.
|
| Posted: Tue Jun 16, 2009 4:32 pm Post subject:
|
|
|
| Another Surfer wrote: | I receive this message, too, when accessing the International Picket Central message board: | Quote: | | LINK REMOVED FROM THIS QUOTED POST |
I have Windows Live OneCare (yeah, lame in some ways).
It might be due to links posted to this part of the site.
I have not visited it since receiving this message some weeks ago. Bummer, for sure, and I will endeavor to get some better internet condom (ha) so that I can get more info re what the problem is.
Here is what I see (big warning, red background),
| Quote: | MALWARE DETECTED: Warning: Visiting this site may harm your computer!
The website at ocmb.xenu.net contains elements from the site gcounter.cn, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for gcounter.cn.
Learn more about how to protect yourself from harmful software online.
I understand that visiting this site may harm my computer |
.
I can choose to continue, but I don't, due to this warning.
Another Surfer
I can't figure out how to insert the screen capture here. I am using the Google browser at the moment. |
Do not sit on this.
I suggest all of you who have concerns, please PM/Email Andreas and Roan right now and tell of your findings so Andreas can investigate.
In the meantime DO NOT click on that link in the original of the above quoted post.
(A.S., can you edit it out of your post please as there is no point in introducing potential harm to the click-happy who may never have happened upon it otherwise. Thanks).
Index.htm contains JS/Obfuscated and attempts to download readme.pdf which is actually "Exploit.pdf".
The "gcounter.cn" is a site known to be full of malicious shit (google it and it warns you). The exploit starts a hidden IFrame and redirects to that without you being aware. Apparently is is javascript so if you don't have that then it won't run (or if you trap javascript launches in a good software firewall with program access control like zonealarm).
Apparently (not sure) it (or some of it) is injected into the PHP board code of the forum and may be persistent (by that I mean that the more obvious attempts to remove it from the site/forum code may not work perhaps due to a malicious/infected 3rd party phpBB plugin).
Not to cause undue panic or anything but, until admin can get onto it and see what is going on, all technoobs should GTFO off this site and scan your systems. Anyone else who thinks they know what they are doing, continue at your own risk.
_________________
http://forums.whyweprotest.net
www.whyaretheydead.info
Who is David Miscavige?
Last edited by Sponge on Tue Jun 16, 2009 6:30 pm; edited 3 times in total |
|
| Back to top |
|
|
GreatSunJester
Joined: 23 Aug 2005
Posts: 224
|
| Posted: Tue Jun 16, 2009 4:40 pm Post subject:
|
|
|
Quick testing here. I get the same message. Google Chrome give me that message and prevents the site from loading. Nod32 sees nothing with internet Explorer 7.
Another machine with AVG detects java web exploits from cximnik.cn and xfcg.info
_________________
In Search of... a new sig! |
|
| Back to top |
|
|
carol
Joined: 11 Dec 2005
Posts: 398
|
| Posted: Tue Jun 16, 2009 5:20 pm Post subject:
|
|
|
I received that message last week a couple of times. I have AVG protection on my non mac computer.
_________________
stillsearching |
|
| Back to top |
|
|
secularpatriot
Joined: 04 Apr 2005
Posts: 296
Location: USA
|
| Posted: Tue Jun 16, 2009 5:26 pm Post subject:
|
|
|
| Sponge wrote: |
In the meantime DO NOT click on that link in the original of the above quoted post. |
I took the link out of my post.
I'll email Andreas. |
|
| Back to top |
|
|
SchwimmelPuckel
Joined: 10 Feb 2006
Posts: 2242
Location: Denmark
|
| Posted: Tue Jun 16, 2009 8:20 pm Post subject:
|
|
|
Seems to be a problem with GCounter (A traffic statistic system that is linked to on the page).. The following link is Google's warning about it.
http://google.com/safebrowsing/diagnostic?site=gcounter.cn/
<edit.. > Bleh.. Ididn't notice that Sponge mentioned this already.. /edit>
Hmm.. I did click the link before the warnings.. I trusted my AV software, Mc Afee.. No alerts from that. But the computer started downloading stuff while ignoring any input device.. I yanked the wallplug.
_________________
Ask not what Scientology can do for you, ask what the F*arck! is going on. |
|
| Back to top |
|
|
admin
Site Admin
Joined: 18 Nov 2000
Posts: 1605
Location: Stavanger, Norway
|
| Posted: Wed Jun 17, 2009 7:49 am Post subject:
|
|
|
gcounter[DOT]cn is not a Google site, actually it is a site that Google warn about as being malware. Most likely you have already been infected with malware on your computer if you get this warning. This is a malware trying to send you to their own site.
OCMB is not infected.
You can check this link that OCMB does not have malware:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://ocmb.xenu.net/
_________________
Andreas @ www.xenu.net
- Life is not a test. |
|
| Back to top |
|
|
Sponge
Joined: 10 Apr 2006
Posts: 9580
Location: U.K.
|
| Posted: Wed Jun 17, 2009 9:22 am Post subject:
|
|
|
Andreas,
you have a page on this site (see my previous post and the quoted post within it) where "index.htm" is downloading "readme.pdf" which are identified by AVG antivirus as "JS/Obfuscated" and "Exploit.pdf" respectively. This much is real.
First of all just look at the above because several people have now confirmed that as happening.
I don't know if the gcounter.cn thing is related and i speculated that it might be a malware site where the above exploit is invisibly redirecting to (because other people reported that but all I see is what google safe browing report says). The main thing, as far as I can see, is what I said above.
_________________
http://forums.whyweprotest.net
www.whyaretheydead.info
Who is David Miscavige?
|
|
| Back to top |
|
|
|
OCMB FAQ
FAQ
Search
Register
Last Hour
Operation Clambake
Profile
Log in to check your private messages
Log in
Forum index
»
General Topics
»
Opinions & Debate
