RickW Posted March 27, 2011 Share Posted March 27, 2011 <p>Someone who viewed one of my photos got a virus warning about "Blackhole Exploit Kit (type 1889)".</p> <p>The photo is http://www.photo.net/photo/12868904.</p> <p>I scanned my Mac with Norton Anti-Virus and MacScan before processing and uploading the photo, so I don't think it's from my system.</p> <p>Rick</p> Link to comment Share on other sites More sharing options...
rashed_s Posted March 27, 2011 Share Posted March 27, 2011 <p>Coud this be whats effecting the site at the moment and non of the members first page can be opened?</p> Link to comment Share on other sites More sharing options...
joshroot Posted March 27, 2011 Share Posted March 27, 2011 <p>Member pages should be fixed.</p> <p>However, we can't figure out why anyone would be seeing a virus warning. Can anyone who sees one take a screenshot of the page you are on and email it to contact@photo.net?</p> Link to comment Share on other sites More sharing options...
William Kahn Posted March 27, 2011 Share Posted March 27, 2011 <p>According to McAfee, Blackhole is a low-risk trojan that's been around since 2004. Heee's their info:</p> <p>This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.</p> <p>Just for info...</p> Link to comment Share on other sites More sharing options...
wogears Posted March 27, 2011 Share Posted March 27, 2011 <p>I got the same message--I can pull it up in Nortons. Will submit a screen grab.</p><div></div> Link to comment Share on other sites More sharing options...
Former P.N Member Posted March 27, 2011 Share Posted March 27, 2011 <p>I got the same message as Les the first time I clicked the link. Subsequent clicks nothing happened - other than displaying the image.</p> Link to comment Share on other sites More sharing options...
mdunker Posted March 27, 2011 Share Posted March 27, 2011 <p>I received the same message from Norton when opening the photo.net homepage. </p> Link to comment Share on other sites More sharing options...
joshroot Posted March 27, 2011 Share Posted March 27, 2011 <p>Just out of curiosity, do any of the people who are seeing the warning also have "spotify" accounts?</p> <p>http://cyberinsecure.com/spotifycom-software-hit-by-malicious-third-party-advertisements-around-9-million-users-affected/</p> Link to comment Share on other sites More sharing options...
pierceart Posted March 27, 2011 Share Posted March 27, 2011 <p>I've gotten the same warning, on THIS page! Josh, I don't have the "Spotify" account. Do the site managers know about this?</p> Link to comment Share on other sites More sharing options...
joshroot Posted March 27, 2011 Share Posted March 27, 2011 <blockquote>Do the site managers know about this? <p><a name="pagebottom"></a></p> </blockquote> <p>Given that I am the one who runs photos.net, I would say yes.</p> <p>We are working on it as quickly as we can. The more information we can gather, the faster we can track it down.</p> Link to comment Share on other sites More sharing options...
joshroot Posted March 27, 2011 Share Posted March 27, 2011 <p>To anyone who sees the warning, do you see the warning again if you return to or reload whatever page you saw it on?</p> <p>We can't find any trace of anything malicious on our servers and are trying to track down if one of the adservers has been compromised.</p> Link to comment Share on other sites More sharing options...
sknowles Posted March 27, 2011 Share Posted March 27, 2011 <p>I only get it when clicking the first time, reloading seems to avoid it. It seems you're on the right path with the ad servers since they change and the Photo.net pages don't. What you need is a global disable routine which replaces all the ads with blank spaces (gifs/jpgs) to preserve page format and presentation. This way you can set a yes/no value or semaphore to able or disable all the ads to test if any problem is Photo.net or elsewhere. Just a thought.</p> Link to comment Share on other sites More sharing options...
mdunker Posted March 27, 2011 Share Posted March 27, 2011 <p>No spotify account here. I did not get the notification when coming back to photo net. It retrospect, I may have received the Norton alert when accessing the Unified forum page, but I had not traveled farther then that. </p> <p>thanks Josh. </p> Link to comment Share on other sites More sharing options...
Former P.N Member Posted March 27, 2011 Share Posted March 27, 2011 <p>"To anyone who sees the warning, do you see the warning again if you return to or reload whatever page you saw it on?"<br> Only saw it the one time but in checking my Norton log I see it's been intercepted a few times. (Just checked - only twice)</p> <p>No spotify account.</p> Link to comment Share on other sites More sharing options...
wogears Posted March 27, 2011 Share Posted March 27, 2011 <p>No Spotify account here. I do get some 'invalid certificate' notices, but I'm too damn stupid to have written them down. I'll grab the next one, I promise!</p> Link to comment Share on other sites More sharing options...
Jeff Lear Posted March 27, 2011 Share Posted March 27, 2011 <p>Some weird things were happening earlier. I was getting strange "unable to open PDF" warnings followed by a browser (Safari) crash when navigating to my community member page. Everything seems to be back to normal now. No Spotify here.</p> Link to comment Share on other sites More sharing options...
pierceart Posted March 28, 2011 Share Posted March 28, 2011 <p>I think that my Norton stops warning me on the same page, but will warn me on the next page it catches. It blocked that warning three times, and I looked at three different pages, mine included.<br> ;-D</p> Link to comment Share on other sites More sharing options...
WJT Posted March 28, 2011 Share Posted March 28, 2011 <p>3/27/2011 12:27:37 PM HTTP filter file <a href="http://lockba.com/adserver/display.cfm/731/1534/45613/j/cd/?pbnt=515a4dgᆴt=481643&imprx=18211123187">http://lockba.com/adserver/display.cfm/731/1534/45613/j/cd/?pbnt=515a4dgᆴt=481643&imprx=18211123187</a> JS/Kryptik.X trojan connection terminated - quarantined. Threat was detected upon access to web by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.</p> <p>The above is what my Eset av produced several times that day when I visited the site, from home and at the office. This is from the log file; I should have grabbed a screenshot, sorry.</p> Link to comment Share on other sites More sharing options...
joshroot Posted March 28, 2011 Share Posted March 28, 2011 <p>Has anyone seen any warnings today? We think we have the issue wrapped up. But I want to know ASAP if anyone sees anything.</p> Link to comment Share on other sites More sharing options...
Former P.N Member Posted March 28, 2011 Share Posted March 28, 2011 <p>"Has anyone seen any warnings today? We think we have the issue wrapped up. But I want to know ASAP if anyone sees anything."</p> <p>Nothing today even after visiting the original link that started this thread. It would be interesting to know what the suspected problem was.</p> Link to comment Share on other sites More sharing options...
WJT Posted March 28, 2011 Share Posted March 28, 2011 <p>So far so good...visited several fora and member's pages.</p> Link to comment Share on other sites More sharing options...
joshroot Posted March 28, 2011 Share Posted March 28, 2011 <blockquote> <p>It would be interesting to know what the suspected problem was.</p> </blockquote> <p>We think it was a bad ad as all of our servers came up clean. I doubt that it was done maliciously, this sort of thing happens because of bad programming. But you never know. So we want to track it down as far as we can.</p> Link to comment Share on other sites More sharing options...
pierceart Posted March 28, 2011 Share Posted March 28, 2011 <p>So far, no warning for me either. Looks like you caught it. ;-D</p> Link to comment Share on other sites More sharing options...
rashed_s Posted March 28, 2011 Share Posted March 28, 2011 <p>I also got the Safri crash number of times when opening photnet, I re open again and it do it successfully but I am of nu understanding of virus, I use the mac 27 inches all in one computer, when the crash takes place, the system ask, reopen and then report of ignore, I do not get this when I open any other site.</p> Link to comment Share on other sites More sharing options...
songtsen Posted March 29, 2011 Share Posted March 29, 2011 I had a 'malware warning' in Opera 11 a few minutes ago.<div></div> Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now