Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Javfiler?


  • Please log in to reply
17 replies to this topic

#1 RockVacirca

RockVacirca

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 13 May 2014 - 06:59 PM

Since this morning I have noticed a couple of sites have produced a pop-up that says:

 

========================

Reported Web Forgery!

 

This web page at www.javfiler.net has been reported as a web forgery and has been blocked based on your security preferences.
Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.
Entering any information on this web page may result in identity theft or other fraud.

========================

 

I phoned my son and asked him to try those webpages, and he got the same. Trouble is, Norton reports that javfiler.net carries driveby downloads.

 

Is javfiler.net a legitimate site? Does Firefox use it to identify forged websites?

 

I have noticed a week or so ago that one or two other websites produce pop-ups that request me to update java, but I ignored them.

 

I also notice that all the websites that produce these pop-ups carry active advertising banners, and sites with no adverts never produce pop-ups.

 

Is it my computer, or have scammers found a way of constructing adverts that redirect or produce pop-ups?

 

I have MBAM, SAS, Avast and SpyBot Teatimer installed, and all report no problem.

 

Windows 7. Same result when using either Chrome or Firefox.

 

Rock


Edited by boopme, 13 May 2014 - 08:08 PM.
moved to General security ~~boopme


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:48 AM

Posted 13 May 2014 - 08:30 PM


VirusTotal's javfiler.net domain information
Norton Safe Web javfiler.net report

Dr.Web reports
hxxp://javfiler.net redirects to hxxp://www .javfiler.net/
hxxp://www .javfiler.net/ is in Dr.Web malicious sites list!

You can always check suspicious sites or get second opinions using various URL Link Scanners:-- Use several different vendors when performing queries to confirm the results of page content. Even doing this, you still need to be cautions of other links on the page itself which can redirect to a malicious page.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 QQR1

QQR1

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 13 May 2014 - 08:36 PM

Hi to all, 
 
When I log in now BleepingComputer (21:00 GMT -3) 13.05.2014 sometimes comes this warning from google: 
 
"Pishing terminated following website" 
 
malware_bllepcomputar.jpg
 
Is it malware on the forum or the commercials? It appeared to me without clicking (pressing) on any site. Ie I DO NOT clicked on any link and nothing this warning appears. 
 
I found it very strange that redirect to the site hxxp :/ / www.javfiler.net/hpANk8iG/detection/j/?PubID=79_1731_3782&ClickID=5734721168
 
 
Edit:
 
4 detections  to vírustotal URL:
 

Edited by QQR1, 13 May 2014 - 08:46 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:48 AM

Posted 13 May 2014 - 08:54 PM

Is it malware on the forum or the commercials?

Bleeping Computer does not contain any malware.

If you are receiving redirects to javfiler.net, I suggest you start a new topic in the Am I infected? What do I do? forum or follow the instructions provided in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 RockVacirca

RockVacirca
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 13 May 2014 - 09:25 PM

It is definitely in the commercials.

 

My own website is now doing this. I have a free forum on one of my pages, and it has always had an active banner ad at the top, which pays for the free forum. However, lately when the forum page is loading, and the ad just starts to appear, the user is redirected to another page, and my forum page is closed! Not all ads that are served do this, just some.

 

I looked at my web history and saw the actual redirect URL:

 

http://mmotraffic.com/redirect2.php?go=http%3A%2F%2Fen.elsword.org%2Flanding%2F%3Fkid%3Da-48807-59307-1307-a38071b9+

 

Rock



#6 QQR1

QQR1

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 13 May 2014 - 09:30 PM

quietman7,

 

The redirection only happens here at BleepingComputer forum. In any other website or other forum I'm redirect (redirect just got here in computing bleeping). Believe to be some problem in the forum announcements or to the forum. 
 
I have just redirects this forum only 
 
When the warning with google alert appears, click this link to go back, appears: hXXp://www.updtaend.com/BR/Installer.php?dv1=11579736&dv2=&dv3=&dv4=XKON-BR&sec_id=qWJ8vBQjIEzEzre8F9tovZguI07jDc1%3gA8KWfAX47AM0cV1RNaw47aY0MiNRNaVbNaO3huhhMa80cVRciBKehuzO
 
 
 
Sorry bad english. I use google translator.

Edited by QQR1, 13 May 2014 - 09:34 PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:48 AM

Posted 14 May 2014 - 05:36 AM

quietman7,
 
The redirection only happens here at BleepingComputer forum.

Are you logged in with your account when this occurs?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 QQR1

QQR1

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 14 May 2014 - 08:39 AM

 




quietman7,
 
The redirection only happens here at BleepingComputer forum.

Are you logged in with your account when this occurs?

The redirection happens before login ( before the login ) . Once you do enter the username and password , I also realized yesterday redirects .

I tested some computers and redirect keeps happening in every forum here at BC ( BleepingComputer ) .

Now the redirection today , I was told that my player videos ( video player would be the flash player ? But google has its own in-built flash player ... ) is outdated and you should upgrade it to continue. But my browser ( Google Chrome ) is updated, which means there is an attack going on here maliciso forum .

Yesterday I was going to create a new thread warning about redirects here , but I saw this topic with the name for the site in which it was redirected and prefer this post .

So I am having trouble forwarding this forum only . Desabiltei did some testing and some plugins . The only thing that went right and stopped the redirects was JavaScripit . I even disable flashplayer and other plugins , but it still redirects .

I checked my hardware equipment to make sure it was not a fake DNS server . Ie your veriquei my physical equipment had not been compromised and the answer is : were not compromised . No DNS change in my physical equipment .

I also checked the proxy settings in my browser . There is nothing unusual that justicasse a redirect from my computer ( malicious proxy settings ) .

Therefore , despite being newbie here on the forum , my goal and learn how to remove malware . I'm here to study ... and for now , I tried all possible ways to change on my system that would justify the redirects .

I conclude that the redirects are only here on the forum since I joined several other sites of banks and other major sites that access and no redirection happened . Actually I was surprised to be redirected here!

The watchful may be suffering from BC redirects attacks , and more lay people may be a victim of these attacks (perhaps redirects are exploiting zero-day vulnerabilities , and are independent of the execution of some code ) to be executed on the computer .

Those responsible would be cool BP from now examine the case . I really believe that redirects the ads are coming Since after JavaScripit have disabled the ads ( advertisements ) no longer appear much less redirects .



Look at the last redirection :



REDIRECIONAMENTO_BLEEPINGCOMPUTAR_2.jpg

REDIRECIONAMENTO_BLEEPINGCOMPUTAR.jpg


url redirection:

javascript:downloadEXEWithName('hxxp://ttb.newallsoft.com/download/request/530720c05f1c1ee402000008/hpANk8iG', 'hpANk8iG', 'New player.exe')

Edited by QQR1, 14 May 2014 - 08:43 AM.


#9 Vfrtteste

Vfrtteste

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 14 May 2014 - 09:43 AM

I sent for the total virus file which asks to install the redirection. Look at the result: 
 
It seems that is Adware.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:48 AM

Posted 14 May 2014 - 10:41 AM

I will advise Grinler, the Site Owner of Bleeping Computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:48 AM

Posted 14 May 2014 - 02:24 PM

Looking into it. I use the site with ads always on (even when im logged in) and have not seen this yet at all. No redirects. When you are logging in, is it from a particular page or section on the site?

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:48 AM

Posted 14 May 2014 - 03:04 PM

I cant reproduce it even when making it so my IP address is geographically similar to yours. Are the redirects still happening?

#13 QQR1

QQR1

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 14 May 2014 - 10:01 PM

Hello Grinler, 
 
I go searching on google the name of the forum and come straight to the General Security or also entering the link in my browser favorites. 
 
 
Before logging in, now the night (14/05 23:51 GMT -3) was redirected, so the advertisement appeared. Once I login, I was not redirected. 
 
When it logs in (or logged in the forum) advertisements do not appear or you have disabled them? 
 
I tested today (14/05 15:20 GMT -3) outside my network, on another computer, put without logging in, and redirection happened. 
 
 
Sorry difficulty in communicating, both English and do not know I'm using google translator. I hope you have understood your questions and that you have understood my answers.


Edit:

I noticed that after 1 (once) redirection, I'm not redirected. Not to login (before logging). Any adjustment in the announcement forum settings?

Edited by QQR1, 14 May 2014 - 10:31 PM.


#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:48 AM

Posted 15 May 2014 - 08:58 AM

I go searching on google the name of the forum and come straight to the General Security or also entering the link in my browser favorites.


OK will try that. 
 

When it logs in (or logged in the forum) advertisements do not appear or you have disabled them?


Correct. Logged in members do not see ads on the site.
 

I tested today (14/05 15:20 GMT -3) outside my network, on another computer, put without logging in, and redirection happened.


Did this happen once again when you came from google or just went directly to the site and saw it?

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:48 AM

Posted 15 May 2014 - 09:28 AM

No matter what I try, I cannot get this to trigger. Any chance you can install Fiddler and capture your traffic while you go to bleepingcomputer so we can captuire this happening. I can analyze the fiddler log and see what pages and ads are triggering it.

If you can do this, you can submit it to http://www.bleepingcomputer.com/submit-malware.php?channel=3




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users