25-01-2007, 10:00 PM
|
#1 | ||
    Join Date: Mar 2006
Location: ,
Posts: 4,613
|
Has anybody who uses photobucket noticed some changes today? Some VERY nasty ones? It happens when you're logged in, not when you're browsing as a guest.
First the page stopped working fine with Opera, whereas it had always worked perfectly. In fact everything works until I click something, then a popup comes forth. It seemingly tries to load not when loading the page, but when you click anything, because that way it's a solicited popup and it goes through Opera's and Firefox's blocking features. The popup is not just annoying, I wouldn't mention it. It's one of those "OMG system warning, RED alert, your files are corrupt and your PC infected, you must download my software which will fix it or else your computer will explode!! -- OK/Cancel" This isn't advertising, it's swindling. Well Opera, gives me as always the option to stop executing scripts from the page. I do so, but then the page stops working because the interface buttons work through benign scripts. My first reaction was going to Firefox, I've got it installed. The same popup, but there's no option to stop executing scripts, and popups keep on showing. Of course the page works (with these aggressive ads), just like it does in Opera if I don't block scripts. Enough to make me think of not using photobucket any longer if I can't turn it off. But then looking through both browsers' options I realized that Opera lets me ban websites (great stuff). I've banned www.systemdoctor.com and lo, now I can use Photobucket and there are no popups and no swindling. There is no option in Firefox proper to do so as far as I know, algthough I guess some extension out there might do the same trick. (Anyway I used Opera because it was way faster and more efficient and because it was safe as well, but it's been a surprise for me this case where its security has proven superior to Firefox's.) EDIT: You might need to ban more than one domain of the same company. EDIT: Let's see. Before, after banning each new intruding domain the problem came back some time later, and in the meantime there were still non-popup ads of that malware in Photobucket which makes no sense, now I don't think PhB is responsible of this. Now that I've blocked all intruding domains, popups don't come back and the ads are again normal, AdCouncil, Pioneer TV sets and such. I've also learned that this Errorsafe alias systemdoctor is a well-known piece of malware, or a anti-malware program that behaves as malware to convince people of purchasing it or something like that. I've scanned my PC with AVG antispyware and found nothing, and I encounter problems only at PhB. So it seems to me that it was Photobucket itself which was infected and hijacked by errorsafe, and has been unwillingly helping to spread that malware. Obviously I must be wrong and talking nonsense, and sice I know there are people here in Ab who, unlike me, actually know about computing, I'd appreciate their opinion, as well as the input of those who have logged in to Photobucket today.  PS: With all these sites banned PhB is safe for me at last: errorsafe.com www.errorsafe.com es.errorsafe.com systemdoctor.com www.systemdoctor.com es.systemdoctor.com EDIT: It seems this isn't new in image hosting services: http://malwareremoval.com/plog/index.php?o...80&blogId=4 Quote:
Is it only happening to me right now for some random reason? Or has someone else experienced it today? Anyway it's seemingly still an issue for everyone now and then. Anybody knew?
__________________
Life starts every day anew. Prospects not so good... |
||
|
|
|
27-01-2007, 07:27 AM
|
#2 | ||
|
Join Date: Mar 2006
Location: ,
Posts: 4,613
|
BUMP (rules compliant double post) I've already figured all out and have even mailed PhB and got action and an answer from them, so this second post is going to grant information instead of requesting it. If you use any free image hosting service you might be interested in reading it.
First of all, I know why I was getting this and most people weren't, and it's not just bad luck It's because I was trying Comodo firewall and so I had to deactivate the Windows one. People who use the latter --as I now am in the position to advise-- were safe in PhB even when there was malware in it, and I had been safe before while I used the Windows firewall, as I'm doing back now. But the threat was certain, it wasn't in my computer but in PhB as they have admitted themselves in an email. I can't tell for certain how likely it is that PhB was hijacked, or whether they were trying to make some easy dishonest money, but with the fast answer and action I got from them I can't possibly deny them the benefit of doubt. I finally contacted them (with my hotmail account which I use only to give it away when I have to, so I don't care about spam in it) and, shortly thereafter, I encountered this when accessing to PhB and I found the following in my mailbox: Quote:
__________________
Life starts every day anew. Prospects not so good... |
||
|
|
|
|
|
|
|
||
Linear Mode
