malware attack again

Submitted by pontoon on
I was just hit with the same malware/virus that we had last week. I'm pretty sure it came from mgoblog because I opened a new firefox window and mgoblog is my homepage and the only page I had open. Trying to post this from my phone so sorry for any typos but I wanted to warn everyone.
MGoBoard
Other
Malware

MAgoBLUE

July 18th, 2011 at 8:01 PM ^

My work computer has been infected twice in two weeks. I thought the site was supposed to be safe this week so I went back but now I can't visit the site at work for a long time. I'm pretty bummed out about this.

Joined: 05/21/2010

MGoPoints: 2485

mgokev

July 18th, 2011 at 8:22 PM ^

I'm not sure if this is related but I will share a recent experience.  I use an Apple computer so I don't have antivirus warnings, etc.  That said, Apples aren't virus-proof.  I have been using this site regularly despite the warnings as I haven't noticed a problem.  

However, this morning, Gmail alerted me that my account had been accessed suspiciously and I should change my password immediately.  The IP address from the account hacker was located in Ohio.

I don't know if these are all interrelated but seeing as the Gmail hack was the first breach in security I have ever had in addition to the mgoblog cyber-security issues, I would suggest you all keep your wits about you.

/conspiracy theory

Joined: 06/17/2009

MGoPoints: 18955

dennisblundon

July 18th, 2011 at 8:34 PM ^

Why does India handle so many technology issues? They seem to be pretty bad at it and I can't understand a fucking word they say. My favorite game is the guy trying to explain something and having to spell it out for me because we can't understand one another. The old P, as in Peter, conversation that makes me want to P, as in punch him through the phone.

Joined: 02/23/2010

MGoPoints: 9613

JHendo

July 18th, 2011 at 11:48 PM ^

Part of my job is occasionally doing IT support on the phone (fortunately for a company that doesn't outsource overseas....yet), and I hate to break it to you, but a lot of you are damn near impossible to understand yourselves, either due to a poor phone connection, poor grasp of the english language or poor phone etiquette. So, needless to say, I, as a well educated and well spoken American must occassionally resort to the whole "P as Pissed off at your constant mumbling stuff to me" game.

Joined: 10/25/2008

MGoPoints: 13993

mgokev

July 18th, 2011 at 8:37 PM ^

Well that's good to know that it isn't the site. On the other hand, my conspiracy theory has become much less interesting. Not sure if this has anything to do with anything either(not very techie), but above the ad at the top of the page (and only that ad) I am now getting an extremely long string of what looks like coding with lots of allow/disallow verbiage and colons and backslashes. It also starts with "user-agent". I'm on the iPad FWIW if that means anything.

Joined: 06/17/2009

MGoPoints: 18955

mgokev

July 18th, 2011 at 8:50 PM ^

User-agent: * Disallow: /search Disallow: /groups Disallow: /images Disallow: /catalogs Disallow: /catalogues Disallow: /news Allow: /news/directory Disallow: /nwshp Disallow: /setnewsprefs? Disallow: /index.html? Disallow: /? Disallow: /addurl/image? Disallow: /pagead/ Disallow: /relpage/ Disallow: /relcontent Disallow: /imgres Disallow: /imglanding Disallow: /sbd Disallow: /keyword/ Disallow: /u/ Disallow: /univ/ Disallow: /cobrand Disallow: /custom Disallow: /advanced_group_search Disallow: /googlesite Disallow: /preferences Disallow: /setprefs Disallow: /swr Disallow: /url Disallow: /default Disallow: /m? Disallow: /m/? Disallow: /m/blogs? Disallow: /m/directions? Disallow: /m/ig Disallow: /m/images? Disallow: /m/imgres? Disallow: /m/local? Disallow: /m/movies? Disallow: /m/news? Disallow: /m/news/i? Disallow: /m/place? Disallow: /m/products? Disallow: /m/products/ Disallow: /m/setnewsprefs? Disallow: /m/search? Disallow: /m/swmloptin? Disallow: /m/trends Disallow: /m/video? Disallow: /wml? Disallow: /wml/? Disallow: /wml/search? Disallow: /xhtml? Disallow: /xhtml/? Disallow: /xhtml/search? Disallow: /xml? Disallow: /imode? Disallow: /imode/? Disallow: /imode/search? Disallow: /jsky? Disallow: /jsky/? Disallow: /jsky/search? Disallow: /pda? Disallow: /pda/? Disallow: /pda/search? Disallow: /sprint_xhtml Disallow: /sprint_wml Disallow: /pqa Disallow: /palm Disallow: /gwt/ Disallow: /purchases Disallow: /hws Disallow: /bsd? Disallow: /linux? Disallow: /mac? Disallow: /microsoft? Disallow: /unclesam? Disallow: /answers/search?q= Disallow: /local? Disallow: /local_url Disallow: /froogle? Disallow: /products? Disallow: /products/ Disallow: /froogle_ Disallow: /product_ Disallow: /products_ Disallow: /products; Disallow: /print Disallow: /books/ Disallow: /bkshp?*q=* Disallow: /books?*q=* Disallow: /books?*output=* Disallow: /books?*pg=* Disallow: /books?*jtp=* Disallow: /books?*jscmd=* Disallow: /books?*buy=* Disallow: /books?*zoom=* Allow: /books?*q=related:* Allow: /books?*q=editions:* Allow: /books?*q=subject:* Allow: /books/about Allow: /booksrightsholders Allow: /books?*zoom=1* Allow: /books?*zoom=5* Disallow: /ebooks/ Disallow: /ebooks?*q=* Disallow: /ebooks?*output=* Disallow: /ebooks?*pg=* Disallow: /ebooks?*jscmd=* Disallow: /ebooks?*buy=* Disallow: /ebooks?*zoom=* Allow: /ebooks?*q=related:* Allow: /ebooks?*q=editions:* Allow: /ebooks?*q=subject:* Allow: /ebooks?*zoom=1* Allow: /ebooks?*zoom=5* Disallow: /patents? Disallow: /patents/ Allow: /patents/about Disallow: /scholar Disallow: /complete Disallow: /s? Disallow: /sponsoredlinks Disallow: /videosearch? Disallow: /videopreview? Disallow: /videoprograminfo? Disallow: /maps? Disallow: /mapstt? Disallow: /mapslt? Disallow: /maps/stk/ Disallow: /maps/br? Disallow: /mapabcpoi? Disallow: /maphp? Disallow: /mapprint? Disallow: /maps/api/js/StaticMapService.GetMapImage? Disallow: /maps/api/staticmap? Disallow: /mld? Disallow: /staticmap? Disallow: /places/ Allow: /places/$ Disallow: /maps/place Disallow: /help/maps/streetview/partners/welcome/ Disallow: /lochp? Disallow: /center Disallow: /ie? Disallow: /sms/demo? Disallow: /katrina? Disallow: /blogsearch? Disallow: /blogsearch/ Disallow: /blogsearch_feeds Disallow: /advanced_blog_search Disallow: /reader/ Allow: /reader/play Disallow: /uds/ Disallow: /chart? Disallow: /transit? Disallow: /mbd? Disallow: /extern_js/ Disallow: /calendar/feeds/ Disallow: /calendar/ical/ Disallow: /cl2/feeds/ Disallow: /cl2/ical/ Disallow: /coop/directory Disallow: /coop/manage Disallow: /trends? Disallow: /trends/music? Disallow: /trends/hottrends? Disallow: /trends/viz? Disallow: /notebook/search? Disallow: /musica Disallow: /musicad Disallow: /musicas Disallow: /musicl Disallow: /musics Disallow: /musicsearch Disallow: /musicsp Disallow: /musiclp Disallow: /browsersync Disallow: /call Disallow: /archivesearch? Disallow: /archivesearch/url Disallow: /archivesearch/advanced_search Disallow: /base/reportbadoffer Disallow: /urchin_test/ Disallow: /movies? Disallow: /codesearch? Disallow: /codesearch/feeds/search? Disallow: /wapsearch? Disallow: /safebrowsing Allow: /safebrowsing/diagnostic Allow: /safebrowsing/report_badware/ Allow: /safebrowsing/report_error/ Allow: /safebrowsing/report_phish/ Disallow: /reviews/search? Disallow: /orkut/albums Allow: /jsapi Disallow: /views? Disallow: /c/ Disallow: /cbk Allow: /cbk?output=tile&cb_client=maps_sv Disallow: /recharge/dashboard/car Disallow: /recharge/dashboard/static/ Disallow: /translate_a/ Disallow: /translate_c Disallow: /translate_f Disallow: /translate_static/ Disallow: /translate_suggestion Disallow: /profiles/me Allow: /profiles Disallow: /s2/profiles/me Allow: /s2/profiles Allow: /s2/photos Allow: /s2/static Disallow: /s2 Disallow: /transconsole/portal/ Disallow: /gcc/ Disallow: /aclk Disallow: /cse? Disallow: /cse/home Disallow: /cse/panel Disallow: /cse/manage Disallow: /tbproxy/ Disallow: /imesync/ Disallow: /shenghuo/search? Disallow: /support/forum/search? Disallow: /reviews/polls/ Disallow: /hosted/images/ Disallow: /ppob/? Disallow: /ppob? Disallow: /ig/add? Disallow: /adwordsresellers Disallow: /accounts/o8 Allow: /accounts/o8/id Disallow: /topicsearch?q= Disallow: /xfx7/ Disallow: /squared/api Disallow: /squared/search Disallow: /squared/table Disallow: /toolkit/ Allow: /toolkit/*.html Disallow: /globalmarketfinder/ Allow: /globalmarketfinder/*.html Disallow: /qnasearch? Disallow: /app/updates Disallow: /sidewiki/entry/ Disallow: /quality_form? Disallow: /labs/popgadget/search Disallow: /buzz/post Disallow: /compressiontest/ Disallow: /analytics/reporting/ Disallow: /analytics/admin/ Disallow: /analytics/web/ Disallow: /analytics/feeds/ Disallow: /analytics/settings/ Disallow: /alerts/ Disallow: /ads/preferences/ Allow: /ads/preferences/html/ Allow: /ads/preferences/plugin Disallow: /phone/compare/? Allow: /alerts/manage Disallow: /travel/clk Sitemap: http://www.gstatic.com/s2/sitemaps/profiles-sitemap.xml Sitemap: http://www.google.com/hostednews/sitemap_index.xml Sitemap: http://www.google.com/ventures/sitemap_ventures.xml Sitemap: http://www.google.com/sitemaps_webmasters.xml Sitemap: http://www.gstatic.com/trends/websites/sitemaps/sitemapindex.xml Sitemap: http://www.gstatic.com/dictionary/static/sitemaps/sitemap_index.xml

Joined: 06/17/2009

MGoPoints: 18955

mgokev

July 18th, 2011 at 9:00 PM ^

Well, I don't think I can do that on the iPad. That said, that's literally what it looks like. One line under the other starting at the top continuing down the the banner and the site begins immediately below it.

Joined: 06/17/2009

MGoPoints: 18955

mgokev

July 18th, 2011 at 8:52 PM ^

All of that also hasn't shown up before today. Again, not sure if it's related in any way. I have no clue what any of that means and why it's just now showing up. Also I'm on the web browser and not the app.

Joined: 06/17/2009

MGoPoints: 18955

Sac Fly

July 18th, 2011 at 10:40 PM ^

I trust it since it was recomended by john strand, paul asadoorian, and larry pence. Three GAWN, GIAC, GCFW gold certified IT experts who taught me everything I know about computers. Plus, im not dumb enough to use a website like that without being positive that it isn't storing information.

Joined: 04/03/2010

MGoPoints: 5981

Tater

July 18th, 2011 at 8:36 PM ^

My free avast blocked it this time, too.  It even let me read the page while blocking it this time, so it might not be as bad as the last one.  Is this a Columbus thing?  EL?  Somebody with either nothing to do or a lot of hatred seems to be going to a lot of trouble to attack this site.  

Joined: 08/13/2008

MGoPoints: 30584

maizenbluedevil

July 18th, 2011 at 9:41 PM ^

So far I haven't heard of a single person being hit with this that's been using Chrome.  If you're running IE still in 2011, you're crazy.  Switch to Chrome not only because it will keep you safe here, but because it'll provide a MUCH better browsing experience everywhere....cleaner, simpler design, MUCH faster page load times, etc.  

Once you install Chrome, install the AdBlock add-on, and you'll be fine.

Joined: 09/12/2008

MGoPoints: 6906

jmblue

July 18th, 2011 at 11:33 PM ^

You may not want to make this your homepage.  I always google "Mgoblog" to get here, and when it's been infected with malware, my browser was able to alert me before I clicked on the site.

Joined: 11/07/2008

MGoPoints: 103071

JHendo

July 18th, 2011 at 11:59 PM ^

google caches that info for a while. Even if there's been no sign of a site hosting malware for up to 90 days, it will still advise you to stay away. On the opposite end, Google may not notice a site has been infected for up to weeks at a time. There's just too many sites for google's millions of spiders to crawl all the time. Its not very accurate and hardly ever up to date for many sites.

Joined: 10/25/2008

MGoPoints: 13993

jmblue

July 19th, 2011 at 4:45 PM ^

It doesn't do that for me.  It alerted me on the day the malware struck, and then had no warning when it went away.  I'm not sure exactly what my settings are, but they're working out nicely.

Joined: 11/07/2008

MGoPoints: 103071