| 12:00 am on Oct 3, 2011 (gmt 0)|
No, I haven't noticed anything but I use firefox. I wonder if it's a IE exploit. Nevertheless, I am about to run some scans on my computer. Thanks for the heads up.
| 12:25 am on Oct 3, 2011 (gmt 0)|
Suggest you look elsewhere for what is "jump starting" your adobe reader..
btw "win32/winwebsec" is a fake AV ( scamware )..if you are seeing this ..you may well have it ..and have picked it up elsewhere..MSRT from MS removes it ..it doesn't quarantine it..MSRT has been able to do this since late 2009.
[edited by: Leosghost at 12:30 am (utc) on Oct 3, 2011]
| 12:27 am on Oct 3, 2011 (gmt 0)|
Most likely it's a compromised ad serving in their ad server, seen this happen to several sites that aggregate third party ad servers. One of the ad servers get compromised and everyone assumes it's the site itself.
| 12:46 am on Oct 3, 2011 (gmt 0)|
I think you are spot on. It may well be the one of their ad servers. I was trying to recreate the problem a short while ago over their main page but it is no longer happening. Maybe they received and acted upon my emails. Who knows..... i will check again later and will take a note of the ads shown once the trojan pops.
Everyone take note. It starts with trying to automatically run/open your "adobe reader" which then try to download and run the Trojan (using java .... you'll notice the java sun systems littel icon come up in the task bar when it all happens).
| 12:56 am on Oct 3, 2011 (gmt 0)|
Happened to me only over statcounter.com home page (twice, and from two different systems). Virus scanned my system with two more virus scanners. My adobe reader may need a patch to cover for this exploit but my system is clean as far as i can see.
| 12:13 am on Oct 4, 2011 (gmt 0)|
The exploit was delivered via an ad. Apparently they received a couple more reports form users and were able to pin point it (so i was informed).
| 12:21 am on Oct 4, 2011 (gmt 0)|
It's going around. I'm still working my way out of an openx hack from Sunday evening and the consultant I used indicated I'm not alone on this.
| 3:42 am on Oct 4, 2011 (gmt 0)|
|The exploit was delivered via an ad. |
Yup, just like I said as I've seen it happen a bunch.
The worse case scenario I've witnessed is an ad servers domain expired and a hacker bought it and put the nastiest set of randomly rotating redirected servers into the ad serving mix so it really confused the issue of where it was coming from.
Very random, I found out who was doing it, but it took some serious sleuthing.
Nothing they won't do for money, sad really.
| 6:27 am on Oct 4, 2011 (gmt 0)|
|Nothing they won't do for money, sad really. |
What i don't get is who the hell is processing online CC payments for those Crooks.
Apparently the sneaky exploit is trying to install malware masquerading as a virus scanner. Interrupting the computer's normal operations and acting in a very malicious and deceiving way, trying to get the user to buy the full version. Pure and simple fraud.
Who the hell is processing orders for those crooks..... surly the money trial will lead right back to he company creating this malicious code. How can they get away with this so easily is simply mind boggling!