Archived material Access restricted Article
Rantburg

Today's Front Page   View All of Thu 04/18/2013 View Wed 04/17/2013 View Tue 04/16/2013 View Mon 04/15/2013 View Sun 04/14/2013 View Sat 04/13/2013 View Fri 04/12/2013
1
2013-04-18 
Good morning
Posted by Fred 2013-04-18 00:00|| || Front Page|| [5 views ]  Top

#1 I'm getting that google message again.

Content from saversdonessave.org, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
Posted by phil_b 2013-04-18 01:00||   2013-04-18 01:00|| Front Page Top

#2 Carolina Crescentini [Italia][Filmography](age 33)



Emerging Design


Posted by GolfBravoUSMC 2013-04-18 01:46||   2013-04-18 01:46|| Front Page Top

#3 Birthday Gam Shot 04/14

Claire Coffee[Filmography](age 33)



Designed to Detect Low Temperatures


Posted by GolfBravoUSMC 2013-04-18 01:50||   2013-04-18 01:50|| Front Page Top

#4 when I land on the page I get Java telling me I need to allow something to run, which I refuse.
Posted by crosspatch 2013-04-18 04:22||   2013-04-18 04:22|| Front Page Top

#5 Oh, and Chrome won't let me visit the page unless I force it to allow me to.
Posted by crosspatch 2013-04-18 04:22||   2013-04-18 04:22|| Front Page Top

#6 I got this message from Firefox

Reported Attack Page!

This web page at rantburg.com has been reported as an attack page and has been blocked based on your security preferences.

Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
Posted by GolfBravoUSMC 2013-04-18 04:32||   2013-04-18 04:32|| Front Page Top

#7 For those who haven't heard yet, you should consider disabling or, better yet, removing Java from your computers entirely until the folks there get serious about doing their job and make it secure. Pretty much all of the nasty malware these days uses any of the many vulnerabilities they offer to take over your computer and make it do stupid stuff. Like the Saudis do to Obean.
Posted by gorb 2013-04-18 05:03||   2013-04-18 05:03|| Front Page Top

#8 My AVG is reporting the same type of issue.

Back on Topic....I don't care since I'm not at work anymore BUT Claire and Carolina probably should get an NSFW label. Carolina should probably get a Not Safe for Cardiac Patients warning too ;^)
Posted by AlanC 2013-04-18 06:52||   2013-04-18 06:52|| Front Page Top

#9 It's not everyone who can feel comfortable wearing heels in the tub....
Posted by Uncle Phester 2013-04-18 08:14||   2013-04-18 08:14|| Front Page Top

#10 I am getting the malware message, too.
Posted by Deacon Blues 2013-04-18 08:56||   2013-04-18 08:56|| Front Page Top

#11 My Norton reports blocking a malware attempt when I access this site. Yea Norton.
Posted by Mugsy Glink 2013-04-18 09:15||   2013-04-18 09:15|| Front Page Top

#12 Carolina looks frightened. I volunteer to comfort her.
Posted by Jonathan  2013-04-18 09:17||   2013-04-18 09:17|| Front Page Top

#13 Gut wrenching plumbers butt !
Posted by Besoeker 2013-04-18 09:22||   2013-04-18 09:22|| Front Page Top

#14 In case it's helpful, my AVG identified the issue as ...
exploit redkit exploit kit (type 1999)
emucoupons.com

Posted by Extreme Moderate 2013-04-18 09:57||   2013-04-18 09:57|| Front Page Top

#15 Yep, Firefox lists this as a attack site for malware. Been clipping avg alerts for the past couple of days, listing removed exploits -

karasukelepiryazlik.com[Redkit Exploit Kit (type 1999)]
abogadojuliorivera.com[Redkit Exploit Kit (type 1999)]
saversdonessave.com[Blackhole Exploit Kit Detection (type 1970)]
emucoupons.com[Redkit Exploit Kit (type 1999)]
www1.q6xm1jvni5h9cssp.lflink.com[Styx Exploit Pack (type 1937)]
Posted by Procopius2k 2013-04-18 10:04||   2013-04-18 10:04|| Front Page Top

#16 Here's the Norton info....interesting stuff:

Category: Intrusion Prevention
2013-04-17 9:39:17,High,An intrusion attempt by 50.22.194.64 was blocked.,Blocked,,"50.22.194.64, 80",arabicdjottawa.com/hvql.html?Network traffic from arabicdjottawa.com/hvql.html?update=5b7d23dd93133958f397cd211e918b56 matches the signature of a known attack.
Posted by Mugsy Glink 2013-04-18 10:46||   2013-04-18 10:46|| Front Page Top

#17 
or those who haven't heard yet, you should consider disabling or, better yet, removing Java from your computers entirely until the folks there get serious about doing their job and make it secure


Or you could educate yourself and just turn off "applets" in your browser. Outside the browser, it's fine.
Posted by Rob Crawford 2013-04-18 10:50||   2013-04-18 10:50|| Front Page Top

#18 Can you give me as much detail as possible on it?
Posted by Fre 2013-04-18 13:30||   2013-04-18 13:30|| Front Page Top

#19 Running IE8 - both yesterday and today, I get into R'Burg just fine, but the first time I click on "Good Morning", IE drops completely; the second time thru,all OK.
Posted by Mercutio 2013-04-18 13:45||   2013-04-18 13:45|| Front Page Top

#20 I've cleaned out the spam comments (again) and I've blocked 50.22.194.64. I'm doing a Google fetch now.
Posted by Fred 2013-04-18 15:11||   2013-04-18 15:11|| Front Page Top

#21 My AVG got the same as ExModerate:

exploit redkit exploit kit (type 1999)
emucoupons.com

And, back on topic, Mirror, mirror on the wall you're DEFINITELY NSFW!! but in such an attractive manner.

Posted by AlanC 2013-04-18 15:29||   2013-04-18 15:29|| Front Page Top

#22 Mac/Safari and Mac/Firefox complain.
For Google analysis:
http://google.com/safebrowsing/diagnostic?tpl=safari&site=rantburg.com&hl=en-us
Posted by KBK 2013-04-18 16:34||   2013-04-18 16:34|| Front Page Top

#23 loaded FF 20.0.1 just now, no warnings as of yet
Posted by Frank G 2013-04-18 21:13||   2013-04-18 21:13|| Front Page Top

#24 For Mugsy's one did a whois:
[Querying rwhois.softlayer.com]
[rwhois.softlayer.com]
%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.50.22.192.0/18
network:Auth-Area:50.22.192.0/18
network:Network-Name:SOFTLAYER-50.22.192.0
network:IP-Network:50.22.194.64/27
network:IP-Network-Block:50.22.194.64-50.22.194.95
network:Organization;I:Website Welcome
network:Street-Address:11251 Northwest Freeway Suite 400
network:City:Houston
network:State:TX
network:Postal-Code:77092
network:Country-Code:US
network:Tech-Contact;I:sysadmins@softlayer.com
network:Abuse-Contact;I:abuse@websitewelcome.com
network:Admin-Contact;I:IPADM258-ARIN
network:Created:2010-10-28 17:56:39
network:Updated:2012-05-01 07:08:17
network:Updated-By:ipadmin@softlayer.com
Posted by Water Modem 2013-04-18 22:44||   2013-04-18 22:44|| Front Page Top

#25 One of the things that can cause this is google ads. I saw this on a security site discussing the redkit: from one of your ad networks clicks are bad for adware and malware go in google webmaster tools and see where it is, google would have found it, and you will get a warning under your site in the search results,
Posted by Water Modem 2013-04-18 22:56||   2013-04-18 22:56|| Front Page Top

23:55 Alaska Paul
23:52 Bill Clinton
23:06 Rambler in Virginia
22:58 Barbara
22:56 Water Modem
22:44 Water Modem
22:43 Pappy
22:38 Pappy
22:29 American Delight
21:45 Frank G
21:37 Frank G
21:31 Alaska Paul
21:13 Frank G
21:10 swksvolFF
21:05 Charles
21:04 Secret Asian Man
20:20 Barbara
20:18 junkiron
20:18 Barbara
20:15 Barbara
20:12 Deacon Blues
19:36 Procopius2k
19:35 Procopius2k
19:24 Old Patriot









Paypal:
Google
Search WWW Search rantburg.com