1. #1

    WARNING - Attack by clicking D3 link on main page

    Just clicked the "Using Banners As Town Portals, Diablo II Ladder Reset, Blue Posts, Diablo Collectibles" D3 link on the front page and norton gave me a notification that it blocked an attack from qhegc.portrelay.com. The intrusion was described as "Web Attack: FakeAV Download 2".

    Please try to let everyone know as well as the webmasters that this is happening.

  2. #2
    Stood in the Fire Steik's Avatar
    Join Date
    Mar 2012
    Location
    Portsmouth
    Posts
    401
    Worked fine for me. Check your PC first tbh.

  3. #3
    Bloodsail Admiral melak's Avatar
    Join Date
    Nov 2011
    Location
    Lordaeron
    Posts
    1,054
    Quote Originally Posted by valtyrael View Post
    Just clicked the "Using Banners As Town Portals, Diablo II Ladder Reset, Blue Posts, Diablo Collectibles" D3 link on the front page and norton gave me a notification that it blocked an attack from qhegc.portrelay.com. The intrusion was described as "Web Attack: FakeAV Download 2".

    Please try to let everyone know as well as the webmasters that this is happening.
    im guessing your machine is to blaim in this case. Nothing wrong with the link.
    Quote Originally Posted by Runecapeman
    I try not to post anywhere anymore, due to fear of being infracted. Feels like there are too many mods that aren't screened well enough. "Dirty cops" if you will.

  4. #4
    I recommend stopping using Norton... It's a terrible antivirus. Go with Avast! or NOD32. Also, check your computer for viruses and malware with Malwarebytes.
    Lich King: I spy, with my little eye, something beginning with a ...s...
    Arthas: Snow...?
    Lich King: Yeah...
    Arthas: God, I'm sick of this game.

  5. #5
    I have been keeping everything (Windows, Anti-Virus, CCleaner, Norton, Applications) on my computer up to date, as well as running regular virus scans and updates through Norton. Have not had any weird things happening on my computer and been running like new, I do not believe that it is the problem.

    I would also recommend to not test it by clicking the link as it could be installing the virus without your permission.
    Last edited by Valtyrael; 2012-11-06 at 07:42 PM.

  6. #6
    The Unstoppable Force N-aix's Avatar
    Join Date
    Mar 2011
    Location
    Dota 2 24/7 / Dark Souls II
    Posts
    21,557
    I got nothing with my security OP, Not sure what's wrong with yours.

  7. #7
    Quote Originally Posted by ArMeD_SuRvIvOr View Post
    I recommend stopping using Norton... It's a terrible antivirus. Go with Avast! or NOD32. Also, check your computer for viruses and malware with Malwarebytes.
    Installed Malwarebytes, and Avast!

    Malwarebytes, Norton, and Avast! all coming up with the system being clean.

    Looked up what "FakeAV Download 2" was and it looks like something along the lines of a http redirect

    Maybe the link does not always redirect to the malicious link, but its seems to me that this is not something just on my computer end.

    This message is also at the top of Dota 2's Wiki concerning Curse websites (which the link is):
    Earlier today Curse was notified by Google that there was a script known to be malicious being served though some of our sites. Upon further inspection Curse has determined the script was being served through ad placements from a 3rd party. These ads were being served as they normally would; however, due to a security breach at the 3rd party, a malicious JS was being served that was put in their passback system.
    We have managed to identify the 3rd party, who is well known to be trusted, as the source of the script. They have been contacted about the compromise and have removed the malicious script being served to not only Curse, but possibly everyone with whom they work. They are still investigating the breech.
    Curse takes security extremely seriously and has removed all 3rd party ad partners until the investigation is complete. We will keep you informed of the outcome of this investigation. In the meantime, we recommend you run a malware scan on your computer. You can run a free scan at malwarebytes<dot>org. We sincerely apologize for this inconvenience.
    Last edited by Valtyrael; 2012-11-06 at 07:23 PM.

  8. #8
    That was a few days ago and a confirmed false alert (caused by an ad network being flagged). No files on our servers were even influenced, so there's no way anything could've proactively infiltrated our news post (which wasn't even written yet at that point) to change the link.
    UI & AddOns expert | Interface & Macros moderator - My work

  9. #9
    Looked it up on google and that site is apparently a spam site that hosts some awesome malware. Check your browser's addons for anything you did not install that could potentially force-redirect you.
    If you must insist on using a non-sanctioned sitting apparatus, please consider the tensile strength
    of the materials present in the object in question in comparison to your own mass volumetric density.

    In other words, stop breaking shit with your fat ass.

  10. #10
    The Patient Poinen's Avatar
    Join Date
    May 2009
    Location
    Denmark
    Posts
    286
    I just got sent to a page showing Microsoft Essentials had found 3 virus on my computer, but i recognised the scam from work. I used to repair computers, remove virus , clean installation etc etc.

    Once you click yes to clean, you will get a program installed on your pc which will totaly block it, saying there is a virus which actualy makes your computer unuseable. You only able to remove it if you buy the program suggested in the scam or a 100% clean install.

    You should definately look into this. It's not even 3minutes ago it popped up when i decided to check mmo-champion. I use a combo of Malwarebytes and Bullguard. My computer is clean as always.

    Although, will clear my cookiejar just to be safe.
    Last edited by Poinen; 2012-11-06 at 11:19 PM.


    Pater! In manus tuas committo spiritum meum!

  11. #11
    What link did you click before being sent to the scam page?
    UI & AddOns expert | Interface & Macros moderator - My work

  12. #12
    Epic! lokithor's Avatar
    Join Date
    Feb 2010
    Location
    Mobile, AL
    Posts
    1,681
    I have Norton and everything is fine on my end.

  13. #13
    Quote Originally Posted by tielknight View Post
    Looked it up on google and that site is apparently a spam site that hosts some awesome malware. Check your browser's addons for anything you did not install that could potentially force-redirect you.
    Will do, but last time I checked I had everything except Norton Anti-virus for IE disabled

    Quote Originally Posted by Treeston View Post
    What link did you click before being sent to the scam page?
    It was the: "Using Banners As Town Portals, Diablo II Ladder Reset, Blue Posts, Diablo Collectibles" D3 link from chaud published on 2012-11-06 07:48 AM on the homepage of Mmo-champion. I would type it out but theres some stupid restriction on posting links if you havent made alot of forum posts.

  14. #14
    Did an "Inspect Element".

    If you know anything about HTML, you'll see that there's no funky javascript here.

    Code:
    <a href="http://www.diablofans.com/news/1403-using-banners-as-town-portals-diablo-ii-ladder-reset-blue-posts-diablo-collectibles/" target="_blank">Using Banners As Town Portals, Diablo II Ladder Reset, Blue Posts, Diablo Collectibles</a>
    href: Where it wants to go
    target="_blank" = open in a new tab/window

    Also, MMO champs forums push to console.log a lot. you guys may wanna do something about that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •