Web Attack. Malicious File Download.
5 posters
Page 1 of 1
Web Attack. Malicious File Download.
When I open my forum www.hyperparathyroid.forumotion.co.uk, Norton reports blocking a "Web attack: malicious file download 12".
The Attack details are as follows:
"download.adobaaoan.us (91.236.116.81, 80)","download.adobaaoan.us/Flashplay/Lem/App/CD/UKa/auload.html?installer=Flash_Player_11_for_Other_Browsers&browser_type=KHTML&dualoffer=false".
Traffic description: TCP, www-http.
Network traffic from <b>download.adobaaoan.us/Flashplay/Lem/App/CD/UKa/auload.html?installer=Flash_Player_11_for_Other_Browsers&browser_type=KHTML&dualoffer=false matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE.
I now cannot access my forum. When I open the forum home page, it is displayed for a second. Then the adverts appear and the browser is redirected to the above file download.
I am assuming that Norton is doing its job correctly in preventing this download, so why is my browser being hijacked and how can I access my forum without being exposed to this malicious file download?
The Attack details are as follows:
"download.adobaaoan.us (91.236.116.81, 80)","download.adobaaoan.us/Flashplay/Lem/App/CD/UKa/auload.html?installer=Flash_Player_11_for_Other_Browsers&browser_type=KHTML&dualoffer=false".
Traffic description: TCP, www-http.
Network traffic from <b>download.adobaaoan.us/Flashplay/Lem/App/CD/UKa/auload.html?installer=Flash_Player_11_for_Other_Browsers&browser_type=KHTML&dualoffer=false matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE.
I now cannot access my forum. When I open the forum home page, it is displayed for a second. Then the adverts appear and the browser is redirected to the above file download.
I am assuming that Norton is doing its job correctly in preventing this download, so why is my browser being hijacked and how can I access my forum without being exposed to this malicious file download?
Re: Web Attack. Malicious File Download.
Norton is protecting you from this page, it could be firefox. Also do you have any add ons in firefox?parbrook wrote:I am assuming that Norton is doing its job correctly in preventing this download
Norton report
Re: Web Attack. Malicious File Download.
I have a few add-ons but I do not see how these would be related to a redirection that happens as soon as the adverts appear.
This issue only happens on the forum home page, not any other website - just like the iPad redirection problem that I reported yesterday, which may be related.
The common factor is the adverts.
This issue only happens on the forum home page, not any other website - just like the iPad redirection problem that I reported yesterday, which may be related.
The common factor is the adverts.
Re: Web Attack. Malicious File Download.
I'll report this to our Pro Admin who might be able to tell us why this is happening to your forum in the event it isn't something on your end.
Derri- Helper
- Posts : 8755
Reputation : 638
Language : English & Basic French
Location : Scotland, United Kingdom
Re: Web Attack. Malicious File Download.
Hello,
It is advisable to provide screenshot for the pro admin to check, thanks.
It is advisable to provide screenshot for the pro admin to check, thanks.
Jophy- ForumGuru
- Posts : 17924
Reputation : 836
Language : English
Location : Somewhere
Re: Web Attack. Malicious File Download.
Jophy wrote:Hello,
It is advisable to provide screenshot for the pro admin to check, thanks.
OK, but a screenshot of what?
You have a choice of a Firefox message reporting disconnection from the server (thanks to Norton blocking the redirection) and the URL of the hijack destination (which is the same as I reported above), or the Norton Internet Security report, which I have already given above.
Re: Web Attack. Malicious File Download.
Hello
I manage to enter your forum properly: http://hyperparathyroid.forumotion.co.uk/
I have checked your forum on Sucuri http://sitecheck.sucuri.net/results/hyperparathyroid.forumotion.co.uk/
I have also checked your forum on Northon:
All look good.
Thanks for providing more information.
I manage to enter your forum properly: http://hyperparathyroid.forumotion.co.uk/
I have checked your forum on Sucuri http://sitecheck.sucuri.net/results/hyperparathyroid.forumotion.co.uk/
I have also checked your forum on Northon:
All look good.
Thanks for providing more information.
Shadow- Manager
- Posts : 16217
Reputation : 1831
Language : French, English
Re: Web Attack. Malicious File Download.
I also checked the site using securi.net.
I think that the problem is caused by some specific adverts, so you would need to be very lucky to run the security check at the same time as the malicious redirection adverts are appearing.
For your information, the malicious redirection only happens when adverts are displayed.
When I am logged-in as Administrator, adverts are not displayed and I have no problem accessing the forum.
Also, please remember that we have iPad users being redirected to the App Store when they try to log-in.
I think that the problem is caused by some specific adverts, so you would need to be very lucky to run the security check at the same time as the malicious redirection adverts are appearing.
For your information, the malicious redirection only happens when adverts are displayed.
When I am logged-in as Administrator, adverts are not displayed and I have no problem accessing the forum.
Also, please remember that we have iPad users being redirected to the App Store when they try to log-in.
Re: Web Attack. Malicious File Download.
I have noticed that there is a related thread here: https://help.forumotion.com/t133064-913-java-ads
It seems to be Java and Flash adverts that cause the redirections.
I realise the Forumotion do not control the adverts, but it is a major problem when members and visitors cannot access the forums.
It seems to be Java and Flash adverts that cause the redirections.
I realise the Forumotion do not control the adverts, but it is a major problem when members and visitors cannot access the forums.
Re: Web Attack. Malicious File Download.
Hello,
Just to inform that Buttercup is on leave today, she'll be back by tomorrow to assist you further in this issue. Thanks.
Just to inform that Buttercup is on leave today, she'll be back by tomorrow to assist you further in this issue. Thanks.
Jophy- ForumGuru
- Posts : 17924
Reputation : 836
Language : English
Location : Somewhere
Similar topics
» Export users/profiles to Excel file or CSV file
» HoW Can i put in a file or input a file to my posts?
» Malicious Pop Up Ad?
» Malicious adware
» Malicious ads
» HoW Can i put in a file or input a file to my posts?
» Malicious Pop Up Ad?
» Malicious adware
» Malicious ads
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum