: Big Problem - Google found some Malware and is (sort of) blocking cadilacforums.com



RippyPartsDept
08-31-12, 12:49 PM
if you use google chrome they have this cool anti-malware cloud-based service that protects you from visiting a site that hosts malware
cadillacforums.com is currently on that list
while you are not prevented from visiting the site you do get a big warning that tries to scare you away

it looks like this:
http://img222.imageshack.us/img222/678/malwaredetected.jpg

if you click on the link that says "Safe Browsing diagnostic page" it will give you the details
http://img259.imageshack.us/img259/166/safebrowsingdiagnostic.jpg

this is also affecting people who come from google searches since the same security feature is used there no matter what browser you're using
it looks like this:

http://img600.imageshack.us/img600/9804/searchwarning.jpg

so, now what?

well there's nothing you can really do as a regular user of this website
the admins probably are already working on getting this fixed
(unless it is a false positive or some other screw-up on google's side - they did flag the whole internet as malicious back in 2009 when this was a new thing)

Slipgate
08-31-12, 01:15 PM
I get this when I come to this site. I think the ads need to be better vetted!

Safe Browsing
Diagnostic page for www.cadillacforums.com/forums

What is the current listing status for www.cadillacforums.com/forums?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 1781 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-31, and the last time suspicious content was found on this site was on 2012-08-30.

Malicious software includes 1 trojan(s), 1 exploit(s). Successful infection resulted in an average of 3 new process(es) on the target machine.

Malicious software is hosted on 1 domain(s), including shorteroracleis.info/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including lodekindles.org/.

This site was hosted on 1 network(s) including AS36351 (SOFTLAYER).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, www.cadillacforums.com/forums did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

Kingoftypos
08-31-12, 01:21 PM
I don't think it's google and I am glad that I am not the only one.

Personally I am on a Mac running the latest Mt Lion, and my Safari browser is doing the same thing. Everything was fine this morning around 7:30ish. Then around 11 is when this started, at least when I got back on.

KOT

Submariner409
08-31-12, 01:30 PM
Yup......... I logged out, went for a hydraulic lunch, just logged back in, and BINGO ! - and as soon as I logged out of the tire site my antivirus shut down CF because it tried to install malware on my laptop.

This ^^^ refers to the "harringer" link in the Deville Vogue tyres thread.

Submariner409
08-31-12, 01:35 PM
You're not alone - and I'll bet the site has been changed to inform someone of tracking and or keystroke activity.

Submariner409
08-31-12, 01:39 PM
See the companion thread - "Big problem" - Looks like we're being tracked or keystroke logged.

My Trend Micro Titanium and another computer with McAfee both call this site as attempting to download malicious software.

This may have something to do with the odd login procedure for the link in the Deville Vogue tire thread - "harrity" tire info site.

basscatt
08-31-12, 01:40 PM
I just got the same warning -

I scanned my computers using several programs including Malwarebytes -

no problems found -

Kingoftypos
08-31-12, 02:32 PM
So what kind of precaution should we be using in the mean time?

On my iPod touch using the Cadillacforum app right now. No warning on that app though.

KOT

Ludacrisvp
08-31-12, 02:50 PM
I am also seeing this.


Safe Browsing
Diagnostic page for www.cadillacforums.com/forums

What is the current listing status for www.cadillacforums.com/forums?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 4 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 2022 pages we tested on the site over the past 90 days, 13 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-31, and the last time suspicious content was found on this site was on 2012-08-31.
Malicious software includes 2 exploit(s), 1 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine.

Malicious software is hosted on 2 domain(s), including adaptersweetening.info/, shorteroracleis.info/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including lodekindles.org/.

This site was hosted on 1 network(s) including AS36351 (SOFTLAYER).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, www.cadillacforums.com/forums did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Updated 10 hours ago

Ranger
08-31-12, 02:54 PM
:yeah: Same here. :noidea:

Ranger
08-31-12, 02:57 PM
Had the same problem. I have been told that Sal and Admin are aware of it. My warning on FireFox was a bit different than Chris's, but I was told to click on ignore. I did and all has been well since.

EDIT:
As I was just editing this post I got a "THREAT WAS BLOCKED" message from my AVG anti-virus (not the first time either). Something strange is going on here.

PontiacV8
08-31-12, 02:58 PM
...Firefox also doesn't like it... (...but IE says nothing...)

Submariner409
08-31-12, 03:36 PM
I just went back through my Trend Micro data logs - suspicious web threats began to be blocked on the morning of August 14 and have continued with peaks and dips (in threats blocked numbers) through today.

Kingoftypos
08-31-12, 03:38 PM
...Firefox also doesn't like it... (...but IE says nothing...)

And your surprised by this? Lol

KOT

PontiacV8
08-31-12, 04:18 PM
And your surprised by this? Lol



...hmmmm...........no...;) :D

RippyPartsDept
08-31-12, 04:41 PM
anyone using IE is probably infected

i would recommend a system restore back to about a month ago (and then running windows update and any anti-virus update until you're back up to date)

RippyPartsDept
08-31-12, 04:52 PM
and another thought

these malicious links/code (buried within ads) were (hopefully) removed from the site very quickly after being brought to the admin's attention
although Ranger just noticed a 'blocked threat' that is not a good sign

eventually the site will be clean but the warnings will still persist until google scans and is happy that there are no more threats
it's always harder to get off of a blacklist than it is to get on it

SC2150
08-31-12, 07:57 PM
I get slammed with malware everytime I log onto the site.....it gets blocked and cleaned, but I wonder what is not?

Ranger
08-31-12, 09:27 PM
Every time I sign in I get the attack warning.

J W
08-31-12, 09:53 PM
Go here
http://www.cadillacforums.com/forums/site-news-feedback-questions-suggestions/268784-big-problem-google-found-some-malware.html#post3073928

Black Beauty DTS
08-31-12, 09:59 PM
anyone using IE is probably infected

i would recommend a system restore back to about a month ago (and then running windows update and any anti-virus update until you're back up to date)

Yes, you're right about IE, and my computer got infected while on this website a few days ago. I had to get another anti-virus which finally was able to remove "Exploit" and a "Trojan" virus.

Needless to say, I'm not very happy about it. I had to restore to an earlier time, rescan and update. I didn't know where this malware and viruses were coming from, until my new anti-virus stopped it several times while I was on this site. Therefore, it is still a problem yet!

Black Beauty DTS
08-31-12, 10:06 PM
Well, I just got another attack that my AV had blocked a few seconds ago. I like this website and enjoy the informative posts, but this is getting ridiculous. Hopefully, this problem is corrected soon.

JimmyH
08-31-12, 10:11 PM
It's a false positive. I have seen these attack warnings before. I have been getting it on Chrome, but not on Firefox. It's why I have stopped using antivirus/malware programs. I got tired of giving up 20% of my computer's resources just to be given false warning messages. There's probably some code in one of the ads that's trying to access your cookies or something like that.

If you are worried, and have vista or seven, just turn UAC all the way up.

Ranger
09-01-12, 09:40 AM
The last couple of days I was getting the alert every time I logged in to this site (using FireFox). I didn't get it this morning.

PineyJustice
09-01-12, 11:09 AM
anyone using IE is probably infected

i would recommend a system restore back to about a month ago (and then running windows update and any anti-virus update until you're back up to date)

No, no and more no.

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

Use that if you think you have been infected, rollbacks are for emergencies only.

Great program for killing viruses btw, it gets just about everything.

Also, THIS kind of thing is EXACTLY why I keep adblock + on at ALL times, trustworthy website or not, ads are almost NEVER trustworthy.

RippyPartsDept
09-01-12, 01:31 PM
if you're infected you're in an emergency situation (at least in my opinion)

i was trying to give the best advice for the most people - lowest common denominator problem

malwarebytes anti-malware (MBAM) is good ... and fairly easy to use
i pretty much only use it in safemode (w/ networking so you can get the updates if there are any)

here's another download link for MBAM - this one was linked from their website as the 'trusted partner' for their free version of MBAM
http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

RippyPartsDept
09-01-12, 01:42 PM
It's a false positive. I have seen these attack warnings before. I have been getting it on Chrome, but not on Firefox. It's why I have stopped using antivirus/malware programs. I got tired of giving up 20% of my computer's resources just to be given false warning messages. There's probably some code in one of the ads that's trying to access your cookies or something like that.

If you are worried, and have vista or seven, just turn UAC all the way up.

JimmyH,

ever since April there has been a building wave of attacks coming from this site and links on this site
before April there was not a single attack

it makes perfect sense to me since the AG family of forums is a much larger target than a single forum

...

this is not a new thing - malvertisements have been around for a long time
you would think that anti-virus companies would have a good business model as ad aggregators that could weed out the malvertisements

JimmyH
09-01-12, 03:50 PM
Well, I don't know who or what they are attacking. I scan my computer frequently, and I have yet to contract any virus or malware.

RippyPartsDept
09-01-12, 05:07 PM
What browser do you use? That makes a big difference.

JimmyH
09-01-12, 10:26 PM
I use Chrome almost exclusively on this site. I use Firefox for everything else (only because it's the easiest way to have my bookmark bar for here, and a different bookmark bar everywhere else)

I just ran another complete (every single block of the hard drive) offline system scan today. Not a single anomaly detected.

drewsdeville
09-02-12, 08:54 AM
Site is still broken. Got the same browser warning message again this morning.

http://img253.imageshack.us/img253/6715/workspace1001l.png

PineyJustice
09-02-12, 09:06 AM
if you're infected you're in an emergency situation (at least in my opinion)

i was trying to give the best advice for the most people - lowest common denominator problem

malwarebytes anti-malware (MBAM) is good ... and fairly easy to use
i pretty much only use it in safemode (w/ networking so you can get the updates if there are any)

here's another download link for MBAM - this one was linked from their website as the 'trusted partner' for their free version of MBAM
http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

cnet.com is the default trusted partner, click download on their main page and it takes you to cnet.

I used to use rollbacks a lot more, right up until it bricked a faily important company machine and I had to spend over 8 hours recovering all the files and rebuilding it, your milage may vary with rollbacks, I prefer to throw MBAM or combofix at the problem first.

Submariner409
09-02-12, 09:58 AM
I logged in at 0953 and got the red box, so whatever the problem is it was quiet yesterday, back this morning.

RippyPartsDept
09-02-12, 02:49 PM
Chrome has been the safest browser to use for a while now.

drewsdeville
09-02-12, 02:54 PM
It's why I have stopped using antivirus/malware programs. I got tired of giving up 20% of my computer's resources just to be given false warning messages.


Well, I don't know who or what they are attacking. I scan my computer frequently, and I have yet to contract any virus or malware.

lol ok

the recluse
09-02-12, 03:41 PM
Am I the only one that Firefox keeps trying to ban from entering this site? Every time I load it up, a big red page pops up and tells me this is an "attack site" set up for malicious purposes...either that or is used by other sites to do this...:hide:

Any thoughts?

drewsdeville
09-02-12, 04:09 PM
Thats what the whole thread is about. No, you arent the only one

Submariner409
09-02-12, 04:33 PM
Drew, I copied his post from the Lounge in order to keep all this "attack" info in one place - his original thread is still in the Lounge - locked.

Ranger
09-02-12, 08:23 PM
I just signed on with FireFox and got it again.

Kingoftypos
09-02-12, 11:52 PM
Hmmm, maybe you guys got affected? I just logged in on my Mac using Safari and Firefox and everything is fine.

I also just logged in using Windows 7 on the same Mac using VMware. Opened Safari as well as Internet Explorer. Still no adverse affects like it was a couple of days ago for me, us.

KOT

drewsdeville
09-02-12, 11:56 PM
Using Chrome on Linux and still receiving the messages.

Kingoftypos
09-03-12, 12:04 AM
Just opened Chrome on the Mac, still going good for me.

I really don't feel like putting my old Win 7 PC back together for testing. So I am just gonna leave that be. lol

KOT

Kingoftypos
09-03-12, 12:38 AM
Little up date here. Using the Safari on the Mac, I am able to click on favorites and links with no problems. Going to the "Cadillac Forums" page isn't a problem when clicking on the link to it. However, if I click on a forum then swipe back (back button) it comes up with the warning. That is the only time that I see it, possibly going forward too. But clicking on a link from another page has yet to generate that warning.

KOT

Ranger
09-03-12, 10:35 AM
I got it again when I logged in this morning. :noidea:

ThumperPup
09-03-12, 11:36 AM
i just noticed this yesterday but not on google crome on firefox

slowbitchV
09-03-12, 03:14 PM
Every time I log on my computer tells me it has blocked another virus, or HiJack...
Does anyone else see this happening or i my computer just crazy?

FoD
09-03-12, 03:19 PM
I've seen it too.

JazMiller
09-03-12, 04:45 PM
It's unlikely that the source of your PC's health issue is this forum. Take it to a pro, have the thing checked out. If you don't want to spend a few bucks on that, take it to http://housecall.trendmicro.com/ as a first step in trying to clean it up. Kaspersky also has some good online tools too: http://www.kaspersky.com/virusscanner.

/Jaz

thebigjimsho
09-03-12, 04:46 PM
It's known about and discussed in The Lounge and Forum Issues...

JazMiller
09-03-12, 04:57 PM
Aw man, that sux and I stand corrected that some browsers are flagging the site. Bad enough that there are as many ads as it is, now we've got malicious code on top of that. Back to the mobile client for me.

crankedupforit
09-03-12, 07:11 PM
I wanted to go to the lounge to catch up on the issue. Mozilla don't like the Cadillac Forum tab. It's infested.

Ranger
09-03-12, 08:56 PM
As mentioned, Admin is aware of it and working on it. It's a false warning. On FireFox, just click on the "ignore" in the lower right. Then close the red bar at the top and happily surf along.

Submariner409
09-04-12, 05:37 AM
Curious that very, very few members in here ever seem to read the Site News or Lounge to find out what's going on in the real world.....:lildevil:

The so-called "attack site" problem is being worked on right now - it has been popping up off and on for 4 - 5 days now. I think Google has found a second or third party ad it does not like and is posting a warning when the site opens. There's a thread about it currently running in ....... Site News !

One way to cut down on a staggering number of ads and banners is to become a Supporting member at some level.

Kingoftypos
09-04-12, 07:29 AM
I've seen my "local bar" hang out decline in posting in the last 2 days or so. Normally I would see at least 20 postings a day in the 1st Gen CTS section, but now 4 or 5. Too many people scared? Perhaps, so hopefully this "virus" is taken care of quickly.

My question is, if the admin knows which one is causing it. Then how come their not deleting it? I mean, it's suspected that its the link or whatever a thread in the Deville section.

KOT

slowbitchV
09-04-12, 07:49 AM
I am very new to the forum, I have been a supporting ember of LS1 tech for years, but just made my way over here in the past few weeks. I will keep my eyes on the the site news from now on.
Thanks for all of the replys guys, I just wasn't sure if anyone else had noticed.

Jarrett

gmercedesbenz
09-04-12, 05:17 PM
This is still an issue, both in Chrome and Firefox. Just for good measure, I've attempted access on 3 different machines on 3 different ISPs and DNS providers.

docjay
09-04-12, 11:47 PM
Is anybody else accessing the forums using Google Chrome and getting a message that the website is infected with a virus? I don't know how to alert the moderators about it.

hueterm
09-05-12, 12:02 AM
Yes, we're working through the problem. There is an ongoing thread in the Site Feedback forum, as well as the Lounge.

JimmyH
09-05-12, 12:39 PM
I clicked on the main forum page, and almost all of the subforums. I have not seen a single warning today. Anyone else?

RippyPartsDept
09-05-12, 01:50 PM
None today ...

Submariner409
09-05-12, 02:57 PM
None here today, either................... but the last time I posted that it started up again.

1percenter
09-06-12, 06:03 PM
appears to be fixed

RippyPartsDept
09-06-12, 07:52 PM
Yeah appears so. I'm curious now to hear from Adam/admin to hear the real/whole story.

Ranger
09-07-12, 11:58 PM
It's not fixed. I have been gone since the 4th, but just got the alert this evening when I logged in.

Johnxlrv
09-08-12, 08:38 AM
Interesting that others have seen the virus...Norton is finding nothing ATM...will continue with IPad/CadillacApp until resolved.

the cadillac man
10-28-12, 01:51 AM
I have noticed it also and I use a Mac with safari but because of this I have been using my iPhone with the app.