Malware

[LoHi]

To those who say having another browser (other than Google) makes this a better situation, good luck when you visit an actual site with Malware

IE, Firefox, Safari, Opera users may not experience this as primarily they do not have such detection, or their scanning tools are not quite as powerful (given the comparison of Googles ability). Not saying its a bad thing, or trying to start a browser debate. Just stating why they aren't seeing it.

Nothing seems fancy, I have malwarebytes premium version which has realtime mode, and its not blocking anything. So all should be well. You should maintain normal precautions (scanning computer 2-3 times per week, clearing browsing login data, etc).

Oh dear... While I have not looked in to this at all, an attack like this often relies on an exploit in either one of the plugins (Flash, Java) or the browser itself. In the 1st case it doesn't matter what browser you use, but in the 2nd case using a 'less-known' browser would actually be beneficial. Opera and Firefox (maybe IE and Safari too) both have a blocker like Chrome does (it does not scan every page, but rather it gets information from Google's database whether the site is infected or not).

[SugarD]

This is a separate issue from the av.exe Malicious advertisement fro two years ago right?

Completely separate.

[Pandalink]

IE, Firefox, Safari, Opera users may not experience this as primarily they do not have such detection, or their scanning tools are not quite as powerful (given the comparison of Googles ability).

I run firefox and I still got the malware warning, and the explanation linked to google's page. I don't even know why, I wasn't accessing the site from google.

[SugarD]

I run firefox and I still got the malware warning, and the explanation linked to google's page. I don't even know why, I wasn't accessing the site from google.

Firefox reads from another database that also gets it's information from Google's. They just need to query Google's list again sometime soon to update the argonathrpg.eu domain as no longer malicious.

Edit: I have submitted reviews to StopBadware.Org and Mozilla Phishing And Malware Protections' sites in order to have them remove the warning messages that are still lingering around. Give them a day or so to get to it and things should be back to normal again soon.

[Reece]

Uh is it back?

[SugarD]

Uh is it back?

Ctrl+F5 and see if it continues. It may just be lingering around. DNS also may not have updated across all of the world yet, which I believe Google uses to "trick" browsers into going to that page instead.

[Reece]

Again:



I only get it using .com

[Pandalink]

Yea I'm still getting it.

[stormeus]

Directly querying Google SafeBrowsing shows that Argonath is clean. However, querying VirusTotal still reports it as malicious. It would seem that either caches of the Google API results or some providers' records are just out of date.

[Gandalf]

The malware seems to be lingering in the ad software. In the next week we will clean the database, though it is likely a rogue advertiser, in any way it has been reported to the network.
It is certain that our files are clean.

[SugarD]

The malware seems to be lingering in the ad software. In the next week we will clean the database, though it is likely a rogue advertiser, in any way it has been reported to the network.
It is certain that our files are clean.

That was my finding as well when I checked the output source, as well as ran some online "web page" scanners on it. They were all pointing to the code previously reported.

[CrazyDude]

Guys, you've got passive XSS on some page. So if a hacker posts some link, and then some admin/user clicks it, hacker gets his Cookies(no, not food) and login for his name, after he can upload web-shell and do such bad things For more info - PM me.

[Gandalf]

Guys, you've got passive XSS on some page. So if a hacker posts some link, and then some admin/user clicks it, hacker gets his Cookies(no, not food) and login for his name, after he can upload web-shell and do such bad things For more info - PM me.

Which is why we never click links....  :cool:

[Teddy]

Guys, you've got passive XSS on some page. So if a hacker posts some link, and then some admin/user clicks it, hacker gets his Cookies(no, not food) and login for his name, after he can upload web-shell and do such bad things For more info - PM me.

Give me a few moments to stop laughing

[Lionel Valdes]

Who wanted ad's in the first place