Tomshardware Linking to Fake Malicious Adobe Flash

[turkey3_scratch]

Tomshardware is the only site doing this right now. I keep getting a Javascript confirmation message saying my Adobe Flash is outdated (obviously fake) and needs updated, if you click okay it downloads a fake Adobe flash from a suspicious website. Why is Toms doing this?

No, I did not run the exe, but don't do it people it is fake.

 

[Darkbreeze]

Happened to me on both IE and FF.

 

[k1114]

On chrome and had the pop up and tried to redirect me but couldn't. I do have adblock.

 

[Dark Lord of Tech]

Weird , still nothing , been all over the site for hours.

 

[ThatVietGuy]

Here is where it'll redirect (unsuccessfully)

 

[Darkbreeze]

I had it happen exactly once per different browser. Chrome, IE and FF all tried it, closed the window immediately, nothing further. Scanning system now.

 

[Dark Lord of Tech]

Thanks , glad to know what it looks like , I haven't come across it.

 

[itmoba]

I found it. It's embedded as a block of "data" in base64 which causes a redirection. It doesn't work on me because I have JSBlocker and Ghostery. The content manager should be notified.

 

[Dark Lord of Tech]

Strange that I haven't even come across it yet , been on all day.

 

[Titillating]

Sorry for the delayed response. I haven't been able to replicate it, but I'll get this escalated.

 

[itmoba]

It seems our sister site at Anandtech (also owned by Purch) is encountering the same problem!

See here for details: http://forums.anandtech.com/showthread.php?p=37803480

 

[jpishgar]

Hey there guys,

Thanks for the reports. We're looking into this. Naturally, do not download or install anything that is not from the direct source itself. Hopefully we'll have this resolved in short order. Any additional information you can provide on where you are seeing this, specifically what URLs you are finding this on (forums? editorial side?) would be beneficial.

Thanks!

-JP

 

[cleanshot911]

It seems our sister site at Anandtech (also owned by Purch) is encountering the same problem!

See here for details: http://forums.anandtech.com/showthread.php?p=37803480

Same thing is going on at PCGamer.com

 

[Saga Lout]

No sign of it by this time of the UK day. Someone in Dallas, Texas must have been shot down.

 

[Darkbreeze]

Ok, what does Dallas, TX have to do with it? I'm afraid you lost me there.

 

[Saga Lout]

I'd be lost there as well but ThatVietGuy has tracked the source back to an IP address which in turn traces to Dallas, TX.

 

[Darkbreeze]

Ok, I see. I must have missed that the first time. I didn't notice the IP he posted. My bad. Long day.

 

[jpishgar]

Hey there guys,

We're on it. We could really use your assistance on this one - it's one of the tougher ones to isolate.

Could you help us dig through to find the needle in the haystack here with answers to the following questions, if you encounter it again? Is anyone here still encountering this issue? If so, please let us know, as well as the following - it would help us locate the offending partner/network and take action.

• What is your geo-location? (Country/State)
• What type of computer are you using? (PC/Mac)
• What OS are you using?
• What Browser and Version?
• What URL exactly did you encounter the issue on?

And lastly, if you could nab a screen-grab, particularly with any ads that might be on the page, that would be extremely helpful.

Thanks in advance!

-JP

 

[Dark Lord of Tech]

I'm from NY , I haven't come across it , not even once.

FF Latest Version

 

[ThatVietGuy]

New Jersey USA
PC with Windows 10 Pro 64-bit
Using Firefox 41.0.2
Pop-up was happening on the main page as seen in my screenshot above.

Though today nothing has popped up.

 

[Dark Lord of Tech]

SoftLayer Technologies is what it comes up from ip viet traced.

 

[jpishgar]

Thank you, everyone. Good news - we believe we have narrowed down the cause of the issue and resolved the problem.

It turns out this breach impacted thousands of sites across the internet for a total of 83 minutes over the weekend. Based on research, we believe it had to do with an issue relating to analytics software shared by a massive number of networks (ours unfortunately included). We're going to double-confirm the "why's and wherefore's" of the matter before we respond definitively, but we're taking steps to ensure that this type of thing doesn't occur again.

We greatly appreciate your assistance in helping us discover the nature of this holiday-timed attack, and are grateful for your vigilance in relaying information to us to help identify and resolve the issue. Thanks for your patience, and for bearing with us during this.

Warm Regards,
Joe Pishgar
Senior Community Manager, Purch

 

[Darkbreeze]

Nice. Glad to hear it.

 

[Rexer]

I downloaded ransomware once. It had a name I can't remember. Something like, 'WARNING! Windows detects Malware. Click here to remove at once!' So I did and my computer immediately shut me out with a threatening countdown it was trying to download. I was so mad, I yanked the plug on my computer and walked away. When I turned it back on, it was in a folder on my desktop. ? So I trashed it and deleted it. I had no problems for a few days till I ran a registry fixer in Ccleaner. Apparently the ransomware program got damaged when I pulled the plug and the registry fixer wanted to clear it out. That was 2007 on an XP machine. Call it what you will, I'm sure I had God, Lady Luck and Karma on my side. Lol.

 

[turkey3_scratch]

Any problems with viruses that are super extreme will have to be modified by accessing the hard drive in another OS.

 

[Rexer]

I know scanning a HDD to a bench computer. I learned it, later. That's why I can it luck.