Snopes infected?

Discussion in 'ESET NOD32 Antivirus' started by PaulB2005, Dec 16, 2009.

Thread Status:
Not open for further replies.
  1. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Yesterday and today i visited Snopes and recieved (edited links - correct links can be sent via PM if a Mod or Staff requires them)

    15/12/2009 08:55:44 HTTP filter file http://xxxuvbcmxxx.com/xxx/trest10....0006R517c6c1810aT86cbced5201l0809K7460664f317 JS/Exploit.Pdfka.ASD trojan connection terminated - quarantined Paul-PC\Paul Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe

    16/12/2009 08:32:30 HTTP filter file http://xxxeeklgxxx.com/xxx/TREST10....0006Rf919303b10aT86c41ac0201l0809K4afa19fd317 JS/Exploit.Pdfka.ASD trojan connection terminated - quarantined Paul-PC\Paul Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe

    when visiting a story in the What's New section.

    I've emailed Snopes but wondered if ESET can confirm this?
     
    Last edited: Dec 16, 2009
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Maybe it has to do with this:



    Adobe Warns of Reader, Acrobat attack in the wild
     
  3. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Snopes response

     
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    My guess is that Snopes were hit by a third party malvetising ad.

    What I would like to know is were the information stating that the ad in question was removed from "rotation" was obtained?

    What is the guarantee that the same ad will not reappear and infect more users ?
     
  6. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    There's never a real guarantee. They contact the ad service and make sure that specific one gets pulled out of rotation, but so much ad content is outsourced to very shady providers that it is a matter of hours before another one malicious one makes it in the rotation and starts hitting people again.
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    :thumb:
    This is a given, with an oft-visited site such as Snopes who makes their real revenue from advertising. A HOSTS File would help those that do not already use one.

    Snopes replied to me as follows:
    This would appear to me to be a rather rubber-stamp reply.
    Snopes users should be cautioned on clicking third-party ads while visiting the site.
     
    Last edited: Dec 16, 2009
  8. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Good advice, but all visitors to the site should be forewarned: You do not need to click on any ad for malvertisement to launch it's attack. Simply visiting the Snopes page hosting the ad (i.e. the front page, what's new page, etc.), will be enough for the attack to launch.

    Snopes' pass-the-blame attitude in this is deplorable, in my opinion. As the owners and operators of the page in question, they have a responsibility to keep their ads clean and safe. Anything less is negligence.

    On the other hand, ++ to ESET for recognizing and stopping the attack before it could get its hooks into the OP!
     
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I am hoping the Snopes folks have read this and are taking this somewhat seriously. Meanwhile, surf safe. Think before you click :thumb:
     
    Last edited: Dec 16, 2009
  10. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    The alert would appear when the advert LOADED on the Snopes page. NOT when the advert was clicked on. Actually i don't know about the last part because i didn't click on an advert to find out.

    Exactly what happened, as per my opening post.
     
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I can only advise as to what Snopes was quoted to in several previous replies in this thread, visit the site at your own risk and peril if you feel it is a security risk for your Browsing experience.
     
  12. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Last edited: Dec 18, 2009
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    Some off topic comparison posts not requiring support removed.
     
Thread Status:
Not open for further replies.