Archives > 2008

Safari (PC Malware?) attack - anyone else experienced this?

(1/2) > >>

Over the last couple of days, at Excite's Money site, I've had the nasty experience of clicking on a chart and being confronted by a demand to check for viruses etc. that took over my entire screen, despite having pop-ups disabled etc. I don't have any weird plug-ins for Safari or add-ons.

See this thread at Apple - I'm not the only one experiencing this:

BTW - no DNS Changer trojan - did the scan.

Apparently banner ads at Excite are the culprit:

The guy who started the thread on the Apple forums was visiting the NYT site.

Got a link to the specific page? Their home page is nothing but a platform for javascripts and Flash 'content.'  

Jim - think the entire site is that way! But yes - it's in the Money section - when you ask for charts related to various stock symbols.;x=0&y=0

Start there - then ask for the 6 month chart, or a comparison to the NASDAQ or something - that's when it happened. The other person on the Apple forum with the issue had it occur on the New York Times site. It's random - does NOT happen every time by any means or even very often, so you might think it was a fluke. However, I've been doing a fair bit of stock research in the last couple of days and it's happened at least 3 or 4 times.

This is probably a redirect of some sort - to get around the pop-up blocker - but it's not happening consistently, which makes it hard to deal with.

Well, I've got FF secured so well I don't see the link for a chart of any kind while lokking at the page I navigated to on my own. I haven't used your link yet. However, While looking for the chart link/button, I saw the screen automatically update itself. Don't see that too often, may be the "news" sites that would want to do that. Anyway, that may be another way this redirect could be happening. There may be a cookie showing how long since you started the session and when it reaches a critical value, the page updates. There may be another cookie or another value in some cookie that records the last time you got that 'malware' page. Then again, there may be a 'random' number stored and used to send you there.

I'll use your link in FF and Safari (which is totally unsecured except for blocking pop ups) and see what happens.

Nothing, of course. Except I found a place to set a minimum text size in FF.

Yeah - I wondered about that too. My next move is to go and dump my cookies and the cache.


[0] Message Index

[#] Next page

Go to full version