The Google Malware Alert

BlurredOut · 12-14-12, 01:05 AM

thanks for the heads up

malware is not a fun thing

Bill Dozer · 12-14-12, 01:11 AM

Google is getting better all the time and making the net better. They are one of those monopolies I think we are better off with... at least at the moment. Hopefully they get better at detecting this stuff too. Embedding a non-clickable image in the forum can't be as dangerous as the offending site itself... All sites need to be careful which I guess is a good thing.

TheCentaur · 12-14-12, 01:26 AM

It wasn't google it was me lots of bad beats in the poker room lately. Sorry

ACoochy · 12-14-12, 01:43 AM

Dozer is good peoples...

Bill Dozer · 12-14-12, 04:00 AM

Looks like it is good now. It may have to update at all the Goog data centers.

cloudagh · 12-14-12, 08:38 AM

I did see this also. Thanks for letting us know what is what.

dj_destroyer · 12-14-12, 10:21 AM

Originally posted by Bill Dozer

Google is getting better all the time and making the net better. They are one of those monopolies I think we are better off with... at least at the moment. Hopefully they get better at detecting this stuff too. Embedding a non-clickable image in the forum can't be as dangerous as the offending site itself... All sites need to be careful which I guess is a good thing.

Definitely an awesome company... I think these guys really get it.

TheMoneyShot · 12-14-12, 10:36 AM

Originally posted by Bill Dozer

Google is getting better all the time and making the net better. They are one of those monopolies I think we are better off with... at least at the moment. Hopefully they get better at detecting this stuff too. Embedding a non-clickable image in the forum can't be as dangerous as the offending site itself... All sites need to be careful which I guess is a good thing.

A girl I know works for Google. She's a higher ranking employee. The personal data they obtain would blow your mind. She said if the government wants to see data about a particular individual... they must release it. It's so extensive at times... Google's formula knows more about you than you know about yourself.

yahoonino · 12-14-12, 11:04 AM

bill , you are the man,,

riffraff24 · 12-14-12, 11:13 AM

Buy Macs. Problem solved.

dante1 · 12-14-12, 11:20 AM

Originally posted by riffraff24

Buy Macs. Problem solved.

I can no longer use anything but Mac.

riffraff24 · 12-14-12, 11:27 AM

Originally posted by dante1

I can no longer use anything but Mac.

Same here. Every time I get on a PC I feel like i'm back in the 80s

FuzzyDunlop · 12-14-12, 11:51 AM

Originally posted by Bill Dozer

Looks like it is good now. It may have to update at all the Goog data centers.

Working in Digitial Security, I've seen this take up to 3 weeks.

lolbear · 12-14-12, 10:25 PM

google scares me

FilL IVY League · 12-16-12, 06:58 AM

Originally posted by TheMoneyShot

A girl I know works for Google. She's a higher ranking employee. The personal data they obtain would blow your mind. She said if the government wants to see data about a particular individual... they must release it. It's so extensive at times... Google's formula knows more about you than you know about yourself.

Google don't know anything they merely save information, it is those that have access to that info that knows a thing or two, "So know you know, and knowing is half the battle"! G I Joe american heroe

Iwinyourmoney · 12-16-12, 07:56 AM

slacker00 · 12-20-12, 01:35 AM

I'm still getting the virus message. Any update on this?

capitalist pig · 12-20-12, 06:58 AM

I got the attack again last night after clicking on recommened books tab, I screen shot it but there seems to be so many things going wrong here at the moment I didnt send it in again.

later

nosniboR11 · 12-20-12, 09:38 AM

in the meantime, some posters have had thousands stolen from them and sbr basically laughs

SBR Lou · 12-20-12, 11:39 AM

Originally posted by capitalist pig

I got the attack again last night after clicking on recommened books tab, I screen shot it but there seems to be so many things going wrong here at the moment I didnt send it in again.

later

Are you using Firefox? I can reproduce a message logged in through Google but it doesn't actually say anything's wrong. Appears to just be cache from before.

Screenshots are always a plus.

tad0matic · 12-20-12, 02:13 PM

I got the message for the first time today, but after I closed chrome and tried it again there was no malware message. I'm posting this in the chrome browser.

slacker00 · 12-21-12, 04:42 AM

Originally posted by SBR Lou

Are you using Firefox? I can reproduce a message logged in through Google but it doesn't actually say anything's wrong. Appears to just be cache from before.

Screenshots are always a plus.

I get the message using IE.

JR007 · 12-22-12, 03:09 PM

thanks

capitalist pig · 12-24-12, 10:04 AM

Click on sbr odds, brings it up for a flash then page goes blank and say IE can not connect to that web page. It was doing the same thing yesterday using Google Chrome.

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
12/24/2012 8:59:46 AM,High,An intrusion attempt by qgwzzddnkyv.antongorbunov.com was blocked.,Blocked,No Action Required,Web Attack: FakeAV Download 2,No Action Required,No Action Required,"qgwzzddnkyv.antongorbunov.com (31.7.57.194, 80)","qgwzzddnkyv.antongorbunov.com/index.php?c=RaENOjEayDF925cOxP3ACC60zajg AjCTlcK0liAaKtvKheVQzm+YhzfWz1MPnw1S6zBd yf5LI5bynvIuWgPy46nXyoM=","VALUED-C0DCCC42 (xxx.xxx.x.x, xxxx)",31.7.57.194 (31.7.57.194),"TCP, www-http"
Network traffic from qgwzzddnkyv.antongorbunov.com/index.php?c=RaENOjEayDF925cOxP3ACC60zajg AjCTlcK0liAaKtvKheVQzm+YhzfWz1MPnw1S6zBd yf5LI5bynvIuWgPy46nXyoM= matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me.

later

SBR Lou · 12-24-12, 10:06 AM

Hi cap,

Where are you clicking SBR Odds from - the posting forum or somewhere else?

capitalist pig · 12-24-12, 10:17 AM

Originally posted by SBR Lou

Hi cap,

Where are you clicking SBR Odds from - the posting forum or somewhere else?

Posting forum

later

SBR Lou · 12-24-12, 11:07 AM

Thanks Cap. The rotator that was serving the iframe that seems to be triggering these alerts has been disabled while we investigate.