Anandtech Being Picked up as an Attack Site

[Rubycon]

The network I'm on screens and thus blocks anything malicious so no problems there but most of AT review pages are now blocked by FF as malicious.

I wonder what this is costing Anand as with a new popular hardware review there must be LOTS of traffic to the site!

I'm sure this will raise a red flag back on shore too if malicious files are trying to be pushed to my client pc here. They can figure that out as anandtech.com is not a porn site. (as long as you don't misspell it hehe!)

 

[Regs]

These ads are just getting down right nasty everywhere. They can slow your PC down to a crawl and cause browser crashes.

 

[Zargon]

ads?

 

[Vette73]

Don't know if it helps Mods but I am getting an Abode Reader 3D rendering/Parsing error when I come to the Forums.

That was witrh ie8 and Firefox

 

[mechBgon]

This would be a good time for Windows users to give their rigs a check with the Secunia PSI utility, and for users of other OSes to manually confirm that their Adobe Flash Player and Adobe Reader installations (if present) are fully up-to-date.

http://secunia.com/vulnerability_scanning/personal/ Secunia says 98% of first-time scans find at least one program that needs a security patch. You?

http://get.adobe.com/flashplayer/

http://get.adobe.com/reader/

Moar security tweaks for Windows: http://www.mechbgon.com/security Vista/7 users, note the new SEHOP item.

 

[soloman02]

These ads are just getting down right nasty everywhere. They can slow your PC down to a crawl and cause browser crashes.

Adblock plus FTW!

 

[mechBgon]

Adblock plus FTW!

Actually, folks in this thread are reporting being hit despite Adblock Plus. My personal recommendation, aside from what I posted above, would be to use LUA + SRP, which arbitrarily renders exploit payloads non-executable, even if the exploit itself manages to deliver the payload and attempts to launch it. Good stuff if you can get used to how it works

 

[BurntKooshie]

Always trust Mech's advice. He's good people. But you all knew that already.

*waves to Mech*

 

[mechBgon]

Always trust Mech's advice. He's good people. But you all knew that already.

*waves to Mech*

Hey, long time no see! *waves to BK*

 

[Scalarscience]

You're not being 'hit' despite adblock plus, your browser will download the 'harmful sites' db from google and store it in your profile for the browser you're using. Once the 'problem' with anandtech is fixed (probably malware in an ad imo, or possibly something embedded somewhere via XSS or etc type attack) then google must *recrawl* the site and register the lack of malware, update its attack site list and then you'll download the new list.

So it can take time from teh point this is fixed until google crawls and updates their db, and in the end your browser STILL needs to update its local store from that attack site database (you can manually delete the file and let the browser rebuild it on start.)

 

[Red Squirrel]

I second this. No question it is a necessity these days, and it really isn't a PITA once you allow the sites you use on a regular basis.

The issue is, most people probably have this site whitelisted... I have noscript too, but I never even considered the fact that adservers may get hacked so even if I trust a certain website such as this one, and whitelist it, then I'm nto secure if it gets hacked.

IMO the fact that we have web based client side languages that allow harm to your PC is a huge design flaw on it's own. The internet should have never come to this. White list based security wont do much when a site gets hacked, sadly.

 

[MagickMan]

avast picked it up when I went to forums.anandtech.com

I blocked the same just 3 min ago. It's still screwed up.

 

[pmv]

Actually, folks in this thread are reporting being hit despite Adblock Plus. My personal recommendation, aside from what I posted above, would be to use LUA + SRP, which arbitrarily renders exploit payloads non-executable, even if the exploit itself manages to deliver the payload and attempts to launch it. Good stuff if you can get used to how it works

Interesting, I was going to post a comment arguing that its riduculous that browsers/OSs don't do _exactly_ what you describe there by default - there's no reason why a browser should be allowed to run programs that can affect things outside the browser itself, and if you need to download an executable via the browser you should have to then go via the OS to actually run it. The browser itself has no business running stuff it's downloaded, at least stuff that affects anything beyond cosmetic aspects of the browser.

So it seems this is exactly what XP Pro and later can do. This should really be the norm for anyone using the web.

I didn't know you could set the OS up to do precisely this - probably because I'm on XP home which doesn't let you do it. Is it outrageous to suggest it was a very bad idea for MS not to include this functionality in XP home? Though perhaps back when it came out the net wasn't quite such a jungle and many home users would not be accessing it.

 

[Spacehead]

The issue is, most people probably have this site whitelisted... I have noscript too, but I never even considered the fact that adservers may get hacked so even if I trust a certain website such as this one, and whitelist it, then I'm nto secure if it gets hacked.

Does dynamic2.anandtech.com still handle the ads here? I still have that blocked in my host file from when it was causing problems when we had Fuse Talk.
Would entering whatever the problem server is now in the host file stop this from infecting members here?

 

[pyonir]

The issue is, most people probably have this site whitelisted... I have noscript too, but I never even considered the fact that adservers may get hacked so even if I trust a certain website such as this one, and whitelist it, then I'm nto secure if it gets hacked.

IMO the fact that we have web based client side languages that allow harm to your PC is a huge design flaw on it's own. The internet should have never come to this. White list based security wont do much when a site gets hacked, sadly.

The threat is coming from "googleanalyticsz.com" which you would have to white list independently of anandtech.com (at least the way I have it set up). I only white list anandtech.com...nothing else. So NoScript works fine. On the main Nvidia article, if I go past the attack warning and view the article, there are 4 sites being blocked by NoScript (with only anandtech.com being allowed).

 

[SpatiallyAware]

Is this fixed yet?

 

[Rubycon]

Why ANYONE would allow scripts to run globally these days I don't know! You should not see trojans when browsing the web!

 

[Pantlegz]

I'm having the same issues, malwarebytes is blocking malicious connections. The IP's were 91.213.174.101 and 82.204.219.135 if that helps any...

 

[JEDIYoda]

all good info....
I never had any issues with anands site....
But I have been very proactive for years now when it comes to nasties on the computer!!

 

[mechBgon]

Interesting, I was going to post a comment arguing that its riduculous that browsers/OSs don't do _exactly_ what you describe there by default - there's no reason why a browser should be allowed to run programs that can affect things outside the browser itself, and if you need to download an executable via the browser you should have to then go via the OS to actually run it. The browser itself has no business running stuff it's downloaded, at least stuff that affects anything beyond cosmetic aspects of the browser.

To be precise, the browser is just the gateway to the stuff that's actually getting exploited, such as Sun Java Runtime, Adobe Reader, QuickTime Player, Flash Player, etc. A perfectly-secure browser can still be used to get at a vulnerable version of Java or whatnot.

So it seems this is exactly what XP Pro and later can do. This should really be the norm for anyone using the web.

I didn't know you could set the OS up to do precisely this - probably because I'm on XP home which doesn't let you do it. Is it outrageous to suggest it was a very bad idea for MS not to include this functionality in XP home? Though perhaps back when it came out the net wasn't quite such a jungle and many home users would not be accessing it.

I wish it were possible for all versions of Windows to use SRP, but the general population might find it bewildering. Anyhow, I spent a few hours today testing the attack site to see what works and what doesn't. SRP does stop its attack point-blank, no questions asked. UAC on my test Vista system also kept the attack at bay.