Archived material Access restricted Article
Rantburg

Today's Front Page   View All of Mon 04/08/2013 View Sun 04/07/2013 View Sat 04/06/2013 View Fri 04/05/2013 View Thu 04/04/2013 View Wed 04/03/2013 View Tue 04/02/2013
1
2013-04-08 
Good morning
Posted by Fred 2013-04-08 00:00|| || Front Page|| [3 views ]  Top

#1 Birthday Gam Shot

Ana de la Reguera [Chicano][Filmography](age 36)



DiseƱo Desnudo como un Huevo



Posted by GolfBravoUSMC 2013-04-08 00:29||   2013-04-08 00:29|| Front Page Top

#2 Fred,

I'm getting the following from Chrome

Content from zlubob.org, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
Posted by phil_b 2013-04-08 01:10||   2013-04-08 01:10|| Front Page Top

#3 You are our third report tonight on that, phil_b, which I'm sure will be helpful in tracking down the problem. Do you get the same message with a different browser?
Posted by trailing wife 2013-04-08 02:55||   2013-04-08 02:55|| Front Page Top

#4 TW, nothing in IE. I don't have FF installed.
Posted by phil_b 2013-04-08 04:11||   2013-04-08 04:11|| Front Page Top

#5 I also got a warning message that Firefox blocked an attacking site when I opened Rantburg. It didn't block Rantburg itself but another site that tried to load with it. It had a very long gibberish URL
Posted by European Conservative 2013-04-08 06:16||   2013-04-08 06:16|| Front Page Top

#6 Clean here: IE9 and Opera.
Posted by Skidmark 2013-04-08 06:28||   2013-04-08 06:28|| Front Page Top

#7 FF here, no message.
Posted by Whiskey Mike 2013-04-08 06:43||   2013-04-08 06:43|| Front Page Top

#8 Check out Adknowledge, there's a tracking cookie of them on the Rantburg site.
Posted by European Conservative 2013-04-08 07:08||   2013-04-08 07:08|| Front Page Top

#9 Fed by

http://cache.blogads.com/127899083/feed.css
Posted by European Conservative 2013-04-08 07:08||   2013-04-08 07:08|| Front Page Top

#10 A real pest, btw... known distributor of Malware
Posted by European Conservative 2013-04-08 07:09||   2013-04-08 07:09|| Front Page Top

#11 Ghostery has this info

Detected tracker source URLs:
http://cache.blogads.com/127899083/feed.css
http://cache.blogads.com/852137360/feed.css
http://cache.blogads.com/127899083/feed.js
http://cache.blogads.com/852137360/feed.js
Posted by European Conservative 2013-04-08 07:18||   2013-04-08 07:18|| Front Page Top

#12 I got the same from Chrome, phil_b. A hour later it was Ok.
Posted by g(r)omgoru 2013-04-08 07:49||   2013-04-08 07:49|| Front Page Top

#13 The Malware may just be fed by a certain ad that doesn't recur too often.
Posted by European Conservative 2013-04-08 07:51||   2013-04-08 07:51|| Front Page Top

#14 Got the same message last night but not now. But I did get an infection earlier and had to run MacKeeper to erase it out.
Posted by Jack is Back! 2013-04-08 09:23||   2013-04-08 09:23|| Front Page Top

#15 Drapes, why do they hate us?
Posted by Rob Crawford 2013-04-08 09:34||   2013-04-08 09:34|| Front Page Top

#16 Actually in islamist sites you can find photos of "naked like eggs" women except for the burka, the under-burka, the under-under-burka, the under-under-under burka, the ....
Posted by JFM 2013-04-08 10:05||   2013-04-08 10:05|| Front Page Top

#17 What ever it was it lock my computer up as well.
Posted by 49 Pan 2013-04-08 12:00||   2013-04-08 12:00|| Front Page Top

#18 49 Pan: drapes are tricky that way...
Posted by Steve White 2013-04-08 12:04||   2013-04-08 12:04|| Front Page Top

#19 I got that last night too in Chrome, but it is okay today. More menacing, and probably unrelated, is that Paypal locked my account recently saying that someone had logged in from Iran. Anyone had that happen before? I generally use the same computer/browser for Rantburg and Paypal. Not saying there is a link, just wondering what other hacks are out there we should be careful about.
Posted by Beau  2013-04-08 13:31||   2013-04-08 13:31|| Front Page Top

#20 Beau - did they say someone had - or had *attempted* to login from Iran?

Paypal uses email addresses as 'id' so it's somewhat easy for someone to attempt to login as you (since you give your optional email to Rantburg comments).

Best to either not give your email address or give a different address than what you use for Paypal.
Posted by CrazyFool 2013-04-08 14:23||   2013-04-08 14:23|| Front Page Top

#21 test
Posted by Whiskey Mike 2013-04-08 15:47||   2013-04-08 15:47|| Front Page Top

#22 It was blue screen of death time for me too - I couldn't restart Windows and had to do a fresh re-install. Jason
Posted by Secret Master 2013-04-08 16:37||   2013-04-08 16:37|| Front Page Top

#23 Got a blocked attack warning from Norton yesterday as I opened R'burg. Can't copy cleanly from Norton but here's what it said:

Fake APP attack: Fake AV Redirect 29
Port 4474



Attacking URL: Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2013-04-06 9:12:04,High,An intrusion attempt by 66.75.81.217 was blocked.,Blocked,No Action Required,Fake App Attack: Fake AV Redirect 29,No Action Required,No Action Required,"66.75.81.217, 4474","www3.s4nb2qyk6mrqdp21-8.lflink.com/?dobswgj27=iOTL17SYmmJrq1ra1W+erZGq4d6unaFmZmVwm5+XpKeL&f1342b1=01%01%02%02%03%02%04%00%09","188.116.34.244, 80",66.75.81.217,"TCP, Port 4474"
Network traffic from www3.s4nb2qyk6mrqdp21-8.lflink.com/?dobswgj27=iOTL17SYmmJrq1ra1W+erZGq4d6unaFmZmVwm5+XpKeL&f1342b1=01%01%02%02%03%02%04%00%09 matches the signature of a known attack. The attack was resulted from DEVICEHARDDISKVOLUME2PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE. To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me.


The 188 URL is the attacker, the 66. was the target


Posted by Mercutio 2013-04-08 17:40||   2013-04-08 17:40|| Front Page Top

#24 BTW___ running IE 8 on XP.
Posted by Mercutio 2013-04-08 17:41||   2013-04-08 17:41|| Front Page Top

#25 I got the "Fake APP" attack notice from Norton too, when I opened Rantburg for the past couple of days, including just now.

IE 8.
Posted by Barbara 2013-04-08 19:19||   2013-04-08 19:19|| Front Page Top

#26 hi - it does not happen every time but i'm receiving

Infection Details
URL: http://www1.u6a001l18pkriv13q.lflink.com...
Process: C:Program FilesMozilla Firefox irefox...
Infection: URL:Mal

malware probably from an ad site

on firefox with adblocker and ghostery +
Posted by linker 2013-04-08 20:20||   2013-04-08 20:20|| Front Page Top

#27 to quote our Sage Joe. Running FF (up-to-date) got nuthin
Posted by Frank G 2013-04-08 20:22||   2013-04-08 20:22|| Front Page Top

#28 oh - that was logged with avast
Posted by linker 2013-04-08 20:25||   2013-04-08 20:25|| Front Page Top

#29 whenever you go to

http://www1.u6a001l18pkriv13q.lflink.com

you will get a malware notice
Posted by linker 2013-04-08 20:27||   2013-04-08 20:27|| Front Page Top

#30 All,

Sorry I didn't reply to the Idaho comments yesterday but got the same pesky malware note on my Macbook.

We're off to the Boise Area. As I work in IT (have for 30 yrs) will look to partly retire/ partly work and say adios to Kali...certainly not to the 'Burg however...truly a beacon of truth and light amidst the Coastal Aristocrats and other Obama fellow travelers.
Posted by Warthog 2013-04-08 21:12||   2013-04-08 21:12|| Front Page Top

#31 Geh mit Gott Warthog. :-)
Posted by Besoeker 2013-04-08 22:38||   2013-04-08 22:38|| Front Page Top

23:32 JosephMendiola
23:24 JosephMendiola
23:11 JosephMendiola
22:38 Besoeker
21:37 Whiskey Mike
21:12 Warthog
20:44 lord garth
20:27 linker
20:25 linker
20:22 Frank G
20:20 linker
19:56 Glenmore
19:52 JosephMendiola
19:47 JosephMendiola
19:42 JosephMendiola
19:30 JosephMendiola
19:21 Uncle Phester
19:20 Barbara
19:19 Barbara
19:18 Bright Pebbles
18:31 Dale
18:15 AlanC
18:15 Airandee
17:47 Rambler in Virginia









Paypal:
Google
Search WWW Search rantburg.com