Malicious Attacks from AK ads!

Still working behind the scenes to trouble shoot this. Working with a couple members who can replicate the issue almost daily. Did some changes that only affect them and it is looking promising. Now to dig deeper to see why those changes made a difference. The work continues.
 
Decibel_116 said:
The idea that I am being made some kind of scapegoat by my IT department is ridiculous. Making light of my company's IT department capability is fine if that is the approach we want to take. He is not insulted. The key logger issue on my computer was traced to my activity on AK - no fuzz on that. I can even tell you what I was doing when it happened. I was attempting to like a post and it came back with something like " are you sure you want to do that". Literally 2 minutes later, my cyber security guy was in my office. A command and control app was installed that was attempting to call out to an IP in Russia.

In the spirit of trying to help, Chad has offered to explain what he saw from his side. Others may doubt his capability, but after seeing his certifications, I for one do not. I have since installed ad blockers and updated all my malware preventive software on my laptop and have had no issues at home.

Let 's be crystal clear on this. I am not trying to insult anyone's capabilities who help to manage this site. I am simply trying to offer any help I can help prevent this from happening again.

Peace
Click to expand...

has anyone previously surfed as admin on the machine? its irrelevant what you do *now* but one of the first exercises I did in pentest was to replace windoze popup windows/dialog boxes with alternate text *and* handlers. you could very well be a 'sleeper cell' at this point, meaning your entry point is legacy. usually the bots are data collectors buuuut, our friends east of poland are handing out infected machines like candy to whomever wants them for whatever reason. sadly, the easiest way is a re-image and to use a satellite configuration manager to keep watch over your operating enviro...

that you experienced a problem *here* is only indicative that you were *here* when targeted. any other website at that time would do, it just depends really on how you got to it, when you did. people like to assume an american (geographically) computer going to an american (ditto) website falls under our protection. it does not. if you recall, it was not really that long ago when half the west coast traffic routed thru china.....
 
These are the threats my computer identified and quarantined/removed from the 16th and today after visiting here.

Trojan:JS/Flafisi.D
 
for grins, clear your router cache at home and visit the same page and only the same page and tell us where it came from?
 
FWIW, using the 'lots-o-smoke = fire' method of research, I trapped all traffic to and from this site from my one computer. I had a normal AK day, read a few posts, posted in a few threads, did no PMs, internal messages, likes, click thrus etc. but then again Im boring and only talk transistors. No russian agents will spend money to get that info cuz, shoot, we'd give it to them if they ask......

aside from pages from AK, I only pulled in content from ads.vb-api.com which was caused by AK. the IP address, even at 24 bit form does not match any logged attempts at intrusion (my router blocks well the script kiddie DOS attacks)

the VB part = visual basic, thats cause for minimal concern but not alarm, depending on who those jokers are as VB is an easy language to exploit and not really used much anymore. It is the engine behind most attempts at excel/word etc macros, meaning open the bad file and shit happens...

so yesterday, when people were upset, I did average innocent AK things and saw nothing of concern. ymmv. do the same thing I did and report back if it worries you.

and yes, if you access AK from work from a *work* computer, the clear text access method may worry the IT department. by that matter, heckfire, so should CNN. cnn is secure but much of what it does is NOT (at work, if I click cnn on the *work* computer which is 10x locked down than mine, about 1/4 of CNN is blockpaged...fake news? ;-) )
 
For you guys getting all these ads,what happens if you disable scripts?

Im on IE6 and if I have scripts (javascript) disabled (I usually have them disabled all the time) I dont see any ads here....
 
Last edited:
Dude111 said:
For you guys getting all these ads,what happens if you disable scripts?

Im on IE6 and if I have scripts (javascript) disabled (I usually have them disabled all the time) I dont see any ads here....
Click to expand...

IE6 ?? what are you running, Win95??
 
Well, it was meant to be a joke, but I really don't take folks seriously when its that old ...
 
hjames said:
IE6 ?? what are you running, Win95??
Click to expand...

No no Heather Im on Win98se,my favourite os :)

Im using an IE WRAPPER (MyIE2) in conjunction with IE6 (Both work together) I surf with MyIE2 and my engine is IE... (I dont use IE directly very much)

Thanks for asking :)
 
Advally said:
What is the most recent date anyone has had a problem?
Click to expand...

Just now.

Several days in a row I had no redirects and just now got the "chaturbate" redirect.

Don't know if this will help, but I have a notice at the top of this forum page that says "This webpage is using significant energy. Closing it may improve the responsiveness of your Mac."
 
Has anyone else tried to disable scripts and see if you dont see the ads then?

Im just trying to help........
 
Dude111 said:
Has anyone else tried to disable scripts and see if you dont see the ads then?

Im just trying to help........
Click to expand...
Yes. Back scroll and read various threads. Many here have and do use ad script blockers. Very effective and selective as they don't break the java-script that drives the forum editor and other features.

Disabling java-script altogether is ham fisted--- and borks the functionality of Xenforo. The Ghostery add-on and/or the using Brave browser dispenses with the buffoonery.
 
Hmmmm I have javascript disabled globally (Alltogether) and the site runs fine :) (Thankfully)

Thank you +48V for commenting on it!!
 
I have a fairly well protected machine (Win 10, typically using Firefox with Ad-blockers, Norton Security and Malwarebytes). And I have thankfully not had problems on A/K. But I have had problems on similar sites that might be relevant to the discussion.

I believe most of the problems are coming as a result of Google Ads, both the popup and the banner type. And I think the problem lies with Google. I have always noted that sites with Google Ad content are slow to load, as the content I want won't load until the ads do. This problem has worsened tremendously in the last few weeks. But the trend has been accompanied by something much more nefarious.

In the past two weeks I have been attacked by clicking supposedly-safe links. One was a Google-referenced banner ad that repositioned a web page. I didn't mean to click on it but the link I wanted got moved as I clicked. The other was a Google search result link that was both 1st page (after the sponsored links) and considered safe (green).

Both links led me to immediate attempts at infection. For the banner ad my security froze the attack but I had to reboot my machine. For the supposedly safe link I got ransomware popups (despite having blocked all popups). My security software did a decent job, and even apologized for not stopping the popups (unless that was a spoof as part of the attack). After a hard reboot I found that Firefox was corrupted (it launched but the graphical interface was corrupted so you couldn't see or use it, and would have thought it didn't launch). I was off-line so never determined whether this was a harassment or an actual attempt at a back-door. I had to completely uninstall and reinstall Firefox.

While the ransomware attempt was extremely obvious, the banner ad attack would have been invisible if I didn't have my machine set to announce anything and everything unusual. I tried to search whether others were having problems with supposedly safe Google search results, but so far haven't found anythig current and relevant.
 
hammr7 said:
I have a fairly well protected machine (Win 10, typically using Firefox with Ad-blockers, Norton Security and Malwarebytes). And I have thankfully not had problems on A/K. But I have had problems on similar sites that might be relevant to the discussion.

I believe most of the problems are coming as a result of Google Ads, both the popup and the banner type. And I think the problem lies with Google. I have always noted that sites with Google Ad content are slow to load, as the content I want won't load until the ads do. This problem has worsened tremendously in the last few weeks. But the trend has been accompanied by something much more nefarious.

In the past two weeks I have been attacked by clicking supposedly-safe links. One was a Google-referenced banner ad that repositioned a web page. I didn't mean to click on it but the link I wanted got moved as I clicked. The other was a Google search result link that was both 1st page (after the sponsored links) and considered safe (green).

Both links led me to immediate attempts at infection. For the banner ad my security froze the attack but I had to reboot my machine. For the supposedly safe link I got ransomware popups (despite having blocked all popups). My security software did a decent job, and even apologized for not stopping the popups (unless that was a spoof as part of the attack). After a hard reboot I found that Firefox was corrupted (it launched but the graphical interface was corrupted so you couldn't see or use it, and would have thought it didn't launch). I was off-line so never determined whether this was a harassment or an actual attempt at a back-door. I had to completely uninstall and reinstall Firefox.

While the ransomware attempt was extremely obvious, the banner ad attack would have been invisible if I didn't have my machine set to announce anything and everything unusual. I tried to search whether others were having problems with supposedly safe Google search results, but so far haven't found anythig current and relevant.
Click to expand...

The problems you have seen are on other sites, correct? We're actually using a pretty advanced protection system for AudioKarma now... so we need to just keep tuning it to get the last of these things out of our lives.

The problem actually isn't just with Google, its with all advertising across the internet. There's essentially the modern version of forum spam cropping up, which is in the form of these "Mobile re-direct" attacks. There's nefarious actors taking advantage of the system, which is what you're seeing.

Most of these attacks aren't nefarious to infect your computer, they just want you to click on the app store or whatever because they get paid for your clicks. They hijack the ads sourced at media agencies which buy for companies like Ford, and then sneakily inject their ads at the last second when it renders.

The worst part when tracking these things down though, is all the bad behaviours get lumped in. For instance, ransomware attacks rarely come through the normal protected advertising system... they are usually from a compromised site or compromised local machin. However, discussions like these blend all the things together, and depending on how sketchy of ad providers a site is using, those too can be distributing the bad stuff.

I'm glad to hear that A/K has been safe for you. Whatever the problems of the past were, we're working to clean them all up!
 
Advally,

The reason I activated ad-blocker software was related to problems I had on AK. As I already stated, I have run into major delays with ads having to load before I could see the content I wanted. This happened to me on AK, and was related to a string of Google-referenced ad calls. There were times when I would have two sets of banner ads across the top of AK pages, the first being the typical audio-related ads that I usually see, the second being something random or related to Google searches made outside of AK.

A perfect example is that I wanted to replace my old vehicle (a 2000 Lexus RX300 with 280,000+ miles). So in October and November of 2017, I did extensive searches for local, low mileage, RX300s and RX330s. I was also researching prices for some non-audio collectibles I wanted to sell, often with Google searches.

I installed Ad-blocker software because I would often get a second set of banner ads on AK related to older Lexus SUVs and to the collectibles (at best), or more nefarious offers at worst. At the time I thought perhaps AK was allowing more ads, or had inadvertantly allowed some Google-Ads-based media company a little too much access. I see similar ads on other pages (CNN, FOX, and NBC news homepages, for example) but I don't see the double ads.

My machine was protected, so my primary complaint was how long it took for pages to load. Even text pages were taking 10, 15, even 20 seconds to load. The delay was always an unanswered call to Google Ad databases or Google Analytics. I modified my machine to block ads, block pop-ups, and whatever else I could to speed up my Internet experience. I even tried other browsers, but because I work with WebGL applications some browsers, like Edge, are not even feasible.
 
Last edited:
You must log in or register to reply here.

Similar threads

chrisand4
ADS 910s in the house!
2 3
Replies
44
Views
2K
bent14u
bent14u
EchoWars
Ruth Ellen McDonald (otherwise known as 'mom')
3 4 5
Replies
84
Views
4K
75Center
75Center
Arkay
Another nice audio day with a cool turntable find (Garrard 4HF (H))
Replies
7
Views
5K
Arkay
Arkay
EchoWars
  • Sticky
So You Want To Repair Audio gear, Eh? Here's the tools you need...
27 28 29
Replies
570
Views
383K
sregor
sregor
Back
Top Bottom