Messages

Forum Index : Covers Help : Messages Page 3 of 3  1 2 3  
Author: [Covers Help] Topic: More viruses
Mr.Win
RSI Wagerline RSI Rating
send a private message View Space | Blog | Friends | Playbook | My Sportsbook: bet365 |
Mr.Win
Participation Meter
Banned
Joined: Jan 2004
Posts: 4116
Location: Germany
#51
Posted: 12/26/2011 2:10:00 AM
Chrome has an excellent ad blocker as well..I never see an ad.

quote
Europa send a private message View Space | Friends | Playbook |
Europa
Participation Meter
Legend
Joined: Dec 2003
Posts: 32939
Location: California
#52
Posted: 12/26/2011 2:18:14 AM

Exploit:Java/CVE-2011-3544.E was detected by MME and successfully deleted last night. My computer only browsed few web sites, CBS Sportline, Yahoo news, Covers.com and my local book. One way to find it out is, i will NOT go to Covers.com for a couple of days and have Microsoft Security Essentials (MME) scanning everday when my PC is off from Covers.com, and see MME still pick ups viruses in the days without browsing Covers.com.

Thanks for your attention, Lou!

Ok, after i have stopped browsing Covers.com since 12-22-11, my computer picked up NO virus by scanning Microsoft Security Essentials everyday. i suspect that Covers' ads have carried or inbedded with malwares.

quote
Lou send a private message View Space | Blog | Friends | Playbook | My Sportsbook: Sports Interaction |
Lou
Participation Meter
Covers Referee
Joined: May 2001
Posts: 4487
Location: Canada
#53
Posted: 12/26/2011 9:53:40 AM
Europa,

That's the closest thing to a possibility we can find, but unless we are watching every single ad there's not way to be certain.

We are generally working with high-end networks, and when these reports start we throttle it down to just Google AdSense, which is obviously clean.

While we did suspect one of the networks back in early November, we haven't had it on the site since.

This is why it's important for us to know what ads are showing when people get a report... that way we can know which network might be showing a bad ad. Also, quite often the ads being shown are not even ours, which means the PC has already been hijacked.

The only way to know is to know which ads are causing the problem, if any.


pa_picks - I'm not sure from your posts whether or not you have figured out how wrong you were about the situation, so I won't comment.

quote
tinfoils
RSI Wagerline RSI Rating
send a private message View Space | Friends | Playbook |
tinfoils
Participation Meter
Legend
Joined: Jun 2002
Posts: 41920
Location:
#54
Posted: 12/28/2011 3:17:18 PM

Just had an attack. Did not cilck on an ad just a college football thread.

Gorrasco.com/LMASTAN/763956043

212.95.55.198

Don't know if this helps.

quote
Lou send a private message View Space | Blog | Friends | Playbook | My Sportsbook: Sports Interaction |
Lou
Participation Meter
Covers Referee
Joined: May 2001
Posts: 4487
Location: Canada
#55
Posted: 12/29/2011 8:22:07 AM
tinfoils,

Everything helps, but if you could let us know at least which anti-virus software you are using, it would be great too.

quote
aggieaccountant send a private message View Space | Blog | Friends | Playbook | My Sportsbook: 5Dimes |
aggieaccountant
Participation Meter
Veteran
Joined: Sep 2009
Posts: 3488
Location: Texas
#56
Posted: 12/29/2011 11:30:09 AM
Lou, the virus I got (which is mentioned on page 2), was one I got with malware bytes and spy bot.
Posted using a mobile device.
quote
Europa send a private message View Space | Friends | Playbook |
Europa
Participation Meter
Legend
Joined: Dec 2003
Posts: 32939
Location: California
#57
Posted: 12/29/2011 7:23:59 PM

Microsoft Security Essentials just detected Exploit:Java/CVE-2011-3544.E and successfully removed it from my computer three minutes ago.

My computer only browsed, CBS Sportsline and Covers three minutes ago!!

quote
tinfoils
RSI Wagerline RSI Rating
send a private message View Space | Friends | Playbook |
tinfoils
Participation Meter
Legend
Joined: Jun 2002
Posts: 41920
Location:
#58
Posted: 12/30/2011 12:51:02 PM
QUOTE Originally Posted by Lou:

tinfoils,

Everything helps, but if you could let us know at least which anti-virus software you are using, it would be great too.

Norton. If this helps, there are at least two more that always seems to pop up regularly. I'll note them down next time.

quote
kaponofor3 send a private message View Space | Blog | Friends | Playbook |
kaponofor3
Participation Meter
Legend
Joined: Nov 2007
Posts: 35080
Location: California
#59
Posted: 12/30/2011 1:16:18 PM
QUOTE Originally Posted by Lou:



We are generally working with high-end networks, and when these reports start we throttle it down to just Google AdSense, which is obviously clean.

While we did suspect one of the networks back in early November, we haven't had it on the site since.



Hey Lou, I just saw this and I'm a little confused... I thought that you guys checked out all of the ad networks after the original complaints in early November and found that they were all clean? Did your guys' investigation reveal that one of the ad networks did contain some malicious code?
quote
tinfoils
RSI Wagerline RSI Rating
send a private message View Space | Friends | Playbook |
tinfoils
Participation Meter
Legend
Joined: Jun 2002
Posts: 41920
Location:
#60
Posted: 12/30/2011 7:10:09 PM
No ad clicked on. Only Covers open.
 
Malicious java download
 
Nomdeze.com/domexplorer/7636956043
 
188.72.198.37
quote
Lou send a private message View Space | Blog | Friends | Playbook | My Sportsbook: Sports Interaction |
Lou
Participation Meter
Covers Referee
Joined: May 2001
Posts: 4487
Location: Canada
#61
Posted: 1/3/2012 8:58:30 AM
kapono/tinfoils,

Here is the latest theory from the techies...

As usual, the virus is already present on the users' computers. We know it's not on our servers as a drive-by virus - if it was coming from us, we would have infected hundreds of thousands of people by now, not just a few dozen. And - yes, of course - we have scanned and analyzed all code and servers.

Also, since 99% of infections come from people installing infected software themselves - and we don't offer downloads - is another reason why we are absolutely certain it is not coming from us.

However... one question we have is "Why do some people only claim to receive these warnings when they are on our site?"

We have a theory about that...

One of the main symptoms of this virus is that it often shows it's own ads while on websites. And from some of the reports, it seems to do that for some users when they are on Covers.

What we believe is happening is that the already-present virus sniffs the ad-serving domains coming from certain ad networks (these are not hard to figure out), and replaces those ads with it's own ads.

In other words, the virus is already present on the computer, but it only becomes "active" when it senses certain ad-serving domains - at least one of which we use. This activity triggers your AV/malware software to toss up a warning.

Yes, I will repeat this for clarification... if you are getting these warnings, then you probably already have a virus. You are not getting protected, you are getting tricked.

Note that this is not the fault of the ad networks either. If anything, it's a sign of success that these viruses are targeting those networks.

So our only option to help people in this case would be to completely remove all ad networks from our site - effectively cutting off one of our major sources of revenue, while punishing innocent ad networks - because some of our users got infected by a virus somewhere else.

That doesn't seem fair to me.

Now, some of you are going to complain that you have a completely clean computer that was wiped two weeks ago by a technician.

Fine.

Did you install all the necessary Windows updates and have a half-decent firewall? Without these, you can get infected simply by leaving your computer on overnight.

Do you have a real anti-virus program? If you ever downloaded one of those AV programs that have ads promoting "your computer might be infected, scan it now"... those are NOT bonafide AV programs. In fact, they are probably causing the problem.

Did you install ANY third-party software? Because the cleanest computer gets immediately re-infected once you re-install that infected program you downloaded somewhere.



BTW tinfoils, see above regarding Europa's problems... we don't have any java on our site. What this means is that you probably have a virus, ad it's throwing out fake warnings, which is a common symptom.
quote
pa_picks
RSI Wagerline RSI Rating
send a private message View Space | Friends | Playbook |
pa_picks
Participation Meter
Veteran
Joined: Aug 2003
Posts: 1263
Location: Pennsylvania
#62
Posted: 1/4/2012 3:44:47 PM
QUOTE Originally Posted by Lou:

kapono/tinfoils,

One of the main symptoms of this virus is that it often shows it's own ads while on websites. And from some of the reports, it seems to do that for some users when they are on Covers.

What we believe is happening is that the already-present virus sniffs the ad-serving domains coming from certain ad networks (these are not hard to figure out), and replaces those ads with it's own ads.

In other words, the virus is already present on the computer, but it only becomes "active" when it senses certain ad-serving domains - at least one of which we use. This activity triggers your AV/malware software to toss up a warning.




It would seem then that we have a very simple way of testing that theory.  Just direct the users who are getting the virus hits to any other website that uses the same ad network(s) you are referring to and see if the same thing happens.  
quote
borgata13 send a private message View Space | Blog | Friends | Playbook | My Sportsbook: 5Dimes |
borgata13
Participation Meter
Banned
Joined: Dec 2011
Posts: 44
Location: Nevada
#63
Posted: 1/4/2012 5:59:49 PM

Try using Microsoft security essentials

Free and the best

quote
tinfoils
RSI Wagerline RSI Rating
send a private message View Space | Friends | Playbook |
tinfoils
Participation Meter
Legend
Joined: Jun 2002
Posts: 41920
Location:
#64
Posted: 1/5/2012 7:27:08 PM
QUOTE Originally Posted by Lou:

kapono/tinfoils,

Here is the latest theory from the techies...

As usual, the virus is already present on the users' computers. We know it's not on our servers as a drive-by virus - if it was coming from us, we would have infected hundreds of thousands of people by now, not just a few dozen. And - yes, of course - we have scanned and analyzed all code and servers.

Also, since 99% of infections come from people installing infected software themselves - and we don't offer downloads - is another reason why we are absolutely certain it is not coming from us.

However... one question we have is "Why do some people only claim to receive these warnings when they are on our site?"

We have a theory about that...

One of the main symptoms of this virus is that it often shows it's own ads while on websites. And from some of the reports, it seems to do that for some users when they are on Covers.

What we believe is happening is that the already-present virus sniffs the ad-serving domains coming from certain ad networks (these are not hard to figure out), and replaces those ads with it's own ads.

In other words, the virus is already present on the computer, but it only becomes "active" when it senses certain ad-serving domains - at least one of which we use. This activity triggers your AV/malware software to toss up a warning.

Yes, I will repeat this for clarification... if you are getting these warnings, then you probably already have a virus. You are not getting protected, you are getting tricked.

Note that this is not the fault of the ad networks either. If anything, it's a sign of success that these viruses are targeting those networks.

So our only option to help people in this case would be to completely remove all ad networks from our site - effectively cutting off one of our major sources of revenue, while punishing innocent ad networks - because some of our users got infected by a virus somewhere else.

That doesn't seem fair to me.

Now, some of you are going to complain that you have a completely clean computer that was wiped two weeks ago by a technician.

Fine.

Did you install all the necessary Windows updates and have a half-decent firewall? Without these, you can get infected simply by leaving your computer on overnight.

Do you have a real anti-virus program? If you ever downloaded one of those AV programs that have ads promoting "your computer might be infected, scan it now"... those are NOT bonafide AV programs. In fact, they are probably causing the problem.

Did you install ANY third-party software? Because the cleanest computer gets immediately re-infected once you re-install that infected program you downloaded somewhere.



BTW tinfoils, see above regarding Europa's problems... we don't have any java on our site. What this means is that you probably have a virus, ad it's throwing out fake warnings, which is a common symptom.

 

By reading the first line of your post, it is only a theory. Not trying to start anything but I'm interpreting this as you wrote it.

I've been on your site  before you guys became Covers.com by acquiring wagerline and never had any problem until approximately two months ago. The date joined says 2002 but I did not immediately reregister after you became Covers as we know it today 

Regarding the second posting of a virus, that Java download is the title of the virus (?) that was detected. If you look at my post  #54, I did not put in the title because it was exactly the same as Garrasco.com. I also neglected to put in the #13 in my second virus post so it should have read java download #13.If someone was to "plant" a virus on your site, they should just title it "java download" because you will say it's not from Covers and pass it off as nothing to worry about.  I'm just pointing out that the title could be just that, a title. There was a third virus that was titled Website toolkit #9 (sorry I have not seen it since I started posting the first two Viruses). So I  do not  believe it's the same as Europa's problem. I may be wrong, I don't know. 

Yes, I did have the new computer cleaned two weeks ago. No, I have not used an AV downloaded from a website other than Norton. Unless you're telling me Norton's product and website are no good, then I don't know where the virus on my computer came from.  I shut down my computer 2-5 times a day and all Microsoft updates are automatically updated before the computer shuts off. I don't leave my computer on 24/7, ever. I'm not looking for compensation either as alluded to by  Mr. Win.

Here's an update as of today, I have not seen any of the three aforementioned warnings since posting the first two here. In fact, I've not seen the first virus since it was posted. Neither have I seen the second virus since it was posted. If your techies did something, a great big THANK YOU from me is in order. If they did'nt do anything, then I can't figure out why I have not seen any of those warnings.

quote
Europa send a private message View Space | Friends | Playbook |
Europa
Participation Meter
Legend
Joined: Dec 2003
Posts: 32939
Location: California
#65
Posted: 1/5/2012 7:34:04 PM
QUOTE Originally Posted by borgata13:

Try using Microsoft security essentials

Free and the best

My Microsoft Security Essentials detected four Exploit:Java/CVE-2011-3544 virues last night and able to remove again. My computer was only browsing CBS Sports line and Covers.com last night.  

quote
dbuc1
RSI Wagerline RSI Rating
send a private message View Space | Friends | Playbook |
dbuc1
Participation Meter
Prospect
Joined: Dec 2011
Posts: 165
Location: United States
#66
Posted: 1/6/2012 3:07:18 AM
This virus also destroyed my computer "windows 7 security 2012" The guy at the computer store said that my hard drive was ruined. I've never heard of a virus being able to destroy a hard drive but this one it did. Computer was only one year old and I know that it came from this site.
quote
Forum Index : Covers Help : Messages Page 3 of 3  1 2 3  
You have entered the forum as a GUEST. 
You must login/register to post or reply.