Invasive, non-cancelable javascript virus scan pops up automatically

I'm getting a bogus javascript dialog box when I view this page:

http://www.photo.net/bboard/q-and-a-fetch-msg?msg_id=00Ov1V&unified_p=1

 

I'm assuming it's from an ad. It looks like a Javascript alert box and

says "NOTICE: If your computer has been running slower than normal, it may be

stored with Adwares, Spywares or Malwares. AntiSpywareDeluxe can perform a

quick and completely FREE scan of your system for malicious software. Download

AntiSpywareDeluxe FREE now!" If I click cancel, it pops up a CSS frame over

top of the photo.net page, and starts either scanning or pretending to scan a

mess of DLLs on my system. If I click back, I get the pop up dialog box

again. Same thing happens if I close the alert box without clicking cancel.

Again, I hit the back button and the CSS frame pops up over the page (I can

only see this because of the resolution I'm running on my monitor.) I have not

clicked "yes" to download, but I can't quit Internet Explorer without clicking

yes.

Happened to me also. I hit ALT+CTR+DEL and clicked "end task" for IE in the task manager. Recommend you run a current version of Norton or equivalent.

Nothing shows up on my Mac.

I just got the same message.

Methinks you need a spyware/adware scan...but of your own choosing!

I just got it.

 

Conni

Errr,

 

That is odd. I'll see if I can make it happen to me. But I can tell you that it SHOULDN'T be happening. There should never be any pop-ups or crap ads like that on photo.net.

I got it twice this morning. Even with pop-ups blocked in Firefox.

 

Also the adserver is slower than molasses on a cold day today. I'm getting time outs on most forum messages this AM.

 

<Chas>

I was able to make it happen on Windows IE. But not on my Mac with Firefox. I have the ad people chasing the issue down.

 

Oddly enough, I haven't seen the adserver loading problems this morning myself. At least not the ones where the adserver causes the page to not load.

Me too.<div></div>

http://blog.wired.com/business/2007/11/doubleclick-red.html

 

This is a concerted attack on the ad networks themselves, unfortunately.

I've seen this before on a mac with safari, incidentally - though not on the page mentioned

here. The download wouldn't do anything, but it'll still absolutely interrupt browsing (even

with popup blocking on).

The ad gurus are tracking this down, it was as much of a surprise to them as it was to all of us. Thanks to everyone who brought it to our attention.

 

Also, I do highly suggest that everyone give their machines a run through Adaware and Spybot to make sure that nothing more than annoyance was passed along.

While we are awaiting a resolution, I encourage people with ad-blockers to block the domain antispywaredeluxe.com This is a good anyway, since nothing good is going to come out of that domain.

I got the same thing a few days ago, but on a different site. The pop-up was identical to the one in Bob's screen shot, but the header read "Windows XP Explorer". McAfee scan found nothing.....

I didn't get anything. Is it gone now? (I'm running Firefox)

Not seeing this particular problem on my PC.

 

PIII running WinME.

 

Firefox 2.0.0.12

 

No problems running an IE tab within Firefox or IE ver. 6x either.

 

I might be running some blocking or spyware/malware utility in the background that I've forgotten about but when I disable the utilities I'm aware of I'm still not seeing this particular problem.

I got the javascript on Firefox on a PC

 

The Adserver problem happened 3 times this morning and I gave up.

 

Conni

Just got it on Firefox (most recent) on PC - again.

Just got it for the first time in Firefox/Vista

FRUSTRATING.

 

I promise we're trying to remove the offending ad. But I guess it's proving to be a larger issue than originally thought. I have no idea why, but then again, I'm not an ad guy.

Josh,

If you read the Wired article linked above, you are in good company .. meaning many major sites have had this issue. It is hard to detect because

"The malware is apparently being disguised as a Flash file that has a redirect function encrypted in the file, so that when publishers upload the ad file the malware is not detectable. Once deployed on a site, the Flash file launches the malicious redirects, perhaps triggered at certain times or in certain locations."

 

good luck nailing it

For what it is worth, Josh. It just popped up on my screen in the last five minutes.<br>Using Windoze XP and Firefox browser.

Just an update - Happened again at 10:15 am today.

okay.

 

The damn thing SHOULD be gone. Please tell me if you are still seeing it.