1. #1

    WARNING - Attack by clicking D3 link on main page

    Just clicked the "Using Banners As Town Portals, Diablo II Ladder Reset, Blue Posts, Diablo Collectibles" D3 link on the front page and norton gave me a notification that it blocked an attack from qhegc.portrelay.com. The intrusion was described as "Web Attack: FakeAV Download 2".

    Please try to let everyone know as well as the webmasters that this is happening.

  2. #2
    Deleted
    Worked fine for me. Check your PC first tbh.

  3. #3
    Deleted
    Quote Originally Posted by valtyrael View Post
    Just clicked the "Using Banners As Town Portals, Diablo II Ladder Reset, Blue Posts, Diablo Collectibles" D3 link on the front page and norton gave me a notification that it blocked an attack from qhegc.portrelay.com. The intrusion was described as "Web Attack: FakeAV Download 2".

    Please try to let everyone know as well as the webmasters that this is happening.
    im guessing your machine is to blaim in this case. Nothing wrong with the link.

  4. #4
    Stood in the Fire ArMeD_SuRvIvOr's Avatar
    10+ Year Old Account
    Join Date
    Oct 2009
    Location
    Argentina
    Posts
    463
    I recommend stopping using Norton... It's a terrible antivirus. Go with Avast! or NOD32. Also, check your computer for viruses and malware with Malwarebytes.
    Really sucks if they start to limit their vision for an expansion just to get the next one out faster.
    BLOOD DPS. Never forget. Still campaigning to get you back, babe.

  5. #5
    I have been keeping everything (Windows, Anti-Virus, CCleaner, Norton, Applications) on my computer up to date, as well as running regular virus scans and updates through Norton. Have not had any weird things happening on my computer and been running like new, I do not believe that it is the problem.

    I would also recommend to not test it by clicking the link as it could be installing the virus without your permission.
    Last edited by Valtyrael; 2012-11-06 at 07:42 PM.

  6. #6
    The Unstoppable Force Resentful's Avatar
    10+ Year Old Account
    Join Date
    Mar 2011
    Location
    Dota 2 24/7 / Dark Souls II
    Posts
    21,566
    I got nothing with my security OP, Not sure what's wrong with yours.

  7. #7
    Quote Originally Posted by ArMeD_SuRvIvOr View Post
    I recommend stopping using Norton... It's a terrible antivirus. Go with Avast! or NOD32. Also, check your computer for viruses and malware with Malwarebytes.
    Installed Malwarebytes, and Avast!

    Malwarebytes, Norton, and Avast! all coming up with the system being clean.

    Looked up what "FakeAV Download 2" was and it looks like something along the lines of a http redirect

    Maybe the link does not always redirect to the malicious link, but its seems to me that this is not something just on my computer end.

    This message is also at the top of Dota 2's Wiki concerning Curse websites (which the link is):
    Earlier today Curse was notified by Google that there was a script known to be malicious being served though some of our sites. Upon further inspection Curse has determined the script was being served through ad placements from a 3rd party. These ads were being served as they normally would; however, due to a security breach at the 3rd party, a malicious JS was being served that was put in their passback system.
    We have managed to identify the 3rd party, who is well known to be trusted, as the source of the script. They have been contacted about the compromise and have removed the malicious script being served to not only Curse, but possibly everyone with whom they work. They are still investigating the breech.
    Curse takes security extremely seriously and has removed all 3rd party ad partners until the investigation is complete. We will keep you informed of the outcome of this investigation. In the meantime, we recommend you run a malware scan on your computer. You can run a free scan at malwarebytes<dot>org. We sincerely apologize for this inconvenience.
    Last edited by Valtyrael; 2012-11-06 at 07:23 PM.

  8. #8
    Deleted
    That was a few days ago and a confirmed false alert (caused by an ad network being flagged). No files on our servers were even influenced, so there's no way anything could've proactively infiltrated our news post (which wasn't even written yet at that point) to change the link.

  9. #9
    Looked it up on google and that site is apparently a spam site that hosts some awesome malware. Check your browser's addons for anything you did not install that could potentially force-redirect you.
    If you must insist on using a non-sanctioned sitting apparatus, please consider the tensile strength
    of the materials present in the object in question in comparison to your own mass volumetric density.

    In other words, stop breaking shit with your fat ass.

  10. #10
    I just got sent to a page showing Microsoft Essentials had found 3 virus on my computer, but i recognised the scam from work. I used to repair computers, remove virus , clean installation etc etc.

    Once you click yes to clean, you will get a program installed on your pc which will totaly block it, saying there is a virus which actualy makes your computer unuseable. You only able to remove it if you buy the program suggested in the scam or a 100% clean install.

    You should definately look into this. It's not even 3minutes ago it popped up when i decided to check mmo-champion. I use a combo of Malwarebytes and Bullguard. My computer is clean as always.

    Although, will clear my cookiejar just to be safe.
    Last edited by Poinen; 2012-11-06 at 11:19 PM.


    Pater! In manus tuas committo spiritum meum!

  11. #11
    Deleted
    What link did you click before being sent to the scam page?

  12. #12
    Pit Lord lokithor's Avatar
    10+ Year Old Account
    Join Date
    Feb 2010
    Location
    Mobile, AL
    Posts
    2,396
    I have Norton and everything is fine on my end.

  13. #13
    Quote Originally Posted by tielknight View Post
    Looked it up on google and that site is apparently a spam site that hosts some awesome malware. Check your browser's addons for anything you did not install that could potentially force-redirect you.
    Will do, but last time I checked I had everything except Norton Anti-virus for IE disabled

    Quote Originally Posted by Treeston View Post
    What link did you click before being sent to the scam page?
    It was the: "Using Banners As Town Portals, Diablo II Ladder Reset, Blue Posts, Diablo Collectibles" D3 link from chaud published on 2012-11-06 07:48 AM on the homepage of Mmo-champion. I would type it out but theres some stupid restriction on posting links if you havent made alot of forum posts.

  14. #14
    Did an "Inspect Element".

    If you know anything about HTML, you'll see that there's no funky javascript here.

    Code:
    <a href="http://www.diablofans.com/news/1403-using-banners-as-town-portals-diablo-ii-ladder-reset-blue-posts-diablo-collectibles/" target="_blank">Using Banners As Town Portals, Diablo II Ladder Reset, Blue Posts, Diablo Collectibles</a>
    href: Where it wants to go
    target="_blank" = open in a new tab/window

    Also, MMO champs forums push to console.log a lot. you guys may wanna do something about that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •