RedCafe Malicious Advert?

Zarlak said:
It was in the US Airways thread, https://www.redcafe.net/threads/us-airlines-tweet.388712/.
Click to expand...

Sorry just noticed you mentioned this in your OP.

There are no ads in the general forum, so it's not come from some rogue code in an ad. I don't see anything specific in any of the posts in that thread that might cause it either. Possibly something on your machine? Have you done a full virus scan / malware clean up etc?
 
Niall said:
What operating system and browser are you using?
Click to expand...

Windows 7, Chrome. I haven't had it on any other website, it pops up pretending to be Adobe Flash player but you can see player is spelt palyer, then auto downloads a setup.exe.

It might well be a virus so I'll check when I'm back from work, I just thought it strange that it only appeared in that thread.
 
I got exactly the same thing as Zarlak a few days ago. I am using Windows 7 and Firefox. Can't remember the thread but if it happens again i'll take a screenshot.
 
Changes have been made to the ad inventory to hopefully filter out these dodgy ads. Can people please let me know if they see them again and if possible take a screenshot?
 
Browsing the forums on my iPad and I was taken to the AppStore automatically very recently. Being an iPad it's likely that I clicked something for this to happen, but I'm convinced that I didn't.
 
I was reading the Moyes sacking thread on my nexus 7 and got a pop up telling me I needed flash player. I pressed the back button but it still took me to a fake Ad0be site where it forcefully downloaded what I assume to be a malicious exe file
 
At 17:15 (I think while browsing the 'invite only' thread, I got taken to update4.flashes-player.us, which forcibly downloaded a setup.exe and gave the usual spiel about needing to upgrade.

On Chrome/Windows 8.
 
Eugenius said:
I was reading the Moyes sacking thread on my nexus 7 and got a pop up telling me I needed flash player. I pressed the back button but it still took me to a fake Ad0be site where it forcefully downloaded what I assume to be a malicious exe file
Click to expand...

I just got this on my desktop.
 
You have something really naughty going on. At times when you refresh the page it redirects you to a page saying that you have to update Flash, which obviously Adobe would not do. It looks authentic but is asking people to install setup.exe from a dodgy site.

This has been happening all day. It happens even if you press F5 at times.
 
Woodzy said:
Browsing the forums on my iPad and I was taken to the AppStore automatically very recently. Being an iPad it's likely that I clicked something for this to happen, but I'm convinced that I didn't.
Click to expand...
I keep getting this. Definitely not clicking anything but taken to some game page in the AppStore.
 
WeasteDevil said:
You have something really naughty going on. At times when you refresh the page it redirects you to a page saying that you have to update Flash, which obviously Adobe would not do. It looks authentic but is asking people to install setup.exe from a dodgy site.

This has been happening all day. It happens even if you press F5 at times.
Click to expand...

WeasteDevil said:
It's still happening, it has only been doing this to me today, but it seems that it has been going on all week.
Click to expand...

I've removed the ad code which I think is the source of these Adobe ads. Please let me know if you keep seeing and what page you are on when it happens.

LR7 said:
I keep getting this. Definitely not clicking anything but taken to some game page in the AppStore.
Click to expand...

The iOS redirects is a widespread problem across many ad networks and I'm trying to filter them out as best I can. It's proving difficult though :(
 
Yeah, it happened to me today on my laptop too but my antivirus catched the malicious file.
 
That fake flash player thing suddenly appeared on my network yesterday. Not just on the caf though. I ran a few tests. Turned out it was redirecting traffic that should have gone to google _ including site custom searches. It was actually a router worm rather than something on the machines.
 
Last edited:
My router. Linksys, netgear, tplink are under attack. I had to switch routers as there's currently no firmware/settings fix for the one I had that got infected.
 
peterstorey said:
It was a 'you have a virus alert'. No useful diagnostics I'm afraid
Click to expand...

Has it happened on any other site you've been on? Can you remember if you were you looking at a thread, the forum list or a thread list page?
 
It might be an idea to open press f12 and looking at the console tab anytime you(or any of us) gets an error. Giving Niall the information from the link might be helpful.
@Niall could it be some sort of cross site scripting?
 
Crackers said:
It might be an idea to open press f12 and looking at the console tab anytime you(or any of us) gets an error. Giving Niall the information from the link might be helpful.
@Niall could it be some sort of cross site scripting?
Click to expand...

Doubt it. If there was a security hole in XenForo and somebody was injecting malicious code into content on the site, it would be happening to a lot more people.

It's either ads that have malicious javascript embedded in them (a big problem with many ad networks atm) or it's an issue on the user's end, possibly a hacked router as described by somebody else in this thread.

Either way, it's extremely difficult for me to track down and stop :(
 
i just got an ad saying my pc has been locked due to me looking at child porn and i have to pay £100 fine to use my 'computer' again. I'm on my phone here but if i was at work and somebody saw that i would be seriously angry. As someone who doesn't look at child porn, I'm pretty upset about this and i think something needs to be done, Niall.

i had been getting other malware ads for 'flash player' installations and stuff like that, but this is a bit too far.
 
Silent_Running said:
i just got an ad saying my pc has been locked due to me looking at child porn and i have to pay £100 fine to use my 'computer' again. I'm on my phone here but if i was at work and somebody saw that i would be seriously angry. As someone who doesn't look at child porn, I'm pretty upset about this and i think something needs to be done, Niall.

i had been getting other malware ads for 'flash player' installations and stuff like that, but this is a bit too far.
Click to expand...
Thats a virus.
 
Silent_Running said:
i just got an ad saying my pc has been locked due to me looking at child porn and i have to pay £100 fine to use my 'computer' again. I'm on my phone here but if i was at work and somebody saw that i would be seriously angry. As someone who doesn't look at child porn, I'm pretty upset about this and i think something needs to be done, Niall.

i had been getting other malware ads for 'flash player' installations and stuff like that, but this is a bit too far.
Click to expand...
:lol: (Sorry that's hilarious)

I haven't had these stupid things in ages. I recommend everyone get Avast for the phone. It might not be doing anything, buy I haven't got it in a while
 
Big-Red said:
I just know that the child porn warning thing is a well known virus. Theres something mad going on here though, I've yet to see any dodgy ads.
Click to expand...

As I mentioned earlier, I did have a router get hacked a week or so ago that simultaneously put all these kinds of symptoms on all the gadgets in the house - phones and computers. It took me a few hours to understand the problem but since the router work that I did I've seen no recurrence - though I will say I'm getting more server busy messages from RedCafe than normal.

A common variant of the problem is Google and similar search sites getting diverted to Conduit Search either by changes in browser setting, entries in their hosts file, or by the individual machine (or the router) being switched to use a hacked or spoof DNS server. It wouldn't be a surprise if certain advertising server addresses are now being diverted as well.

I guess the other "why not everyone" thing is that context/target sensitive advertising may mean it really is just some ads that have something nasty embedded - right now my browser is busy trying to sell me flight tickets, cameras and flashAir cards but I'm sure that's not true for everyone.
 
Silent_Running said:
i just got an ad saying my pc has been locked due to me looking at child porn and i have to pay £100 fine to use my 'computer' again. I'm on my phone here but if i was at work and somebody saw that i would be seriously angry. As someone who doesn't look at child porn, I'm pretty upset about this and i think something needs to be done, Niall.

i had been getting other malware ads for 'flash player' installations and stuff like that, but this is a bit too far.
Click to expand...

That sounds like the Windows classic known as the police virus
http://blog.vilmatech.com/metropoli...-remove-metropolitan-police-virus-completely/
I haven't seen it on a phone, but I don't see why they can't get it.
Do you have an AV program?

The most shocking version of it that I've seen included approximate location based on IP address and a photo of the "accused" taken with his webcam
 
jojojo said:
As I mentioned earlier, I did have a router get hacked a week or so ago that simultaneously put all these kinds of symptoms on all the gadgets in the house - phones and computers. It took me a few hours to understand the problem but since the router work that I did I've seen no recurrence - though I will say I'm getting more server busy messages from RedCafe than normal.

A common variant of the problem is Google and similar search sites getting diverted to Conduit Search either by changes in browser setting, entries in their hosts file, or by the individual machine (or the router) being switched to use a hacked or spoof DNS server. It wouldn't be a surprise if certain advertising server addresses are now being diverted as well.

I guess the other "why not everyone" thing is that context/target sensitive advertising may mean it really is just some ads that have something nasty embedded - right now my browser is busy trying to sell me flight tickets, cameras and flashAir cards but I'm sure that's not true for everyone.
Click to expand...
This is a good point. My phone is trying to constantly sell me cash back credit cards and baby gates, jenga and monitors from Amazon. I havent seen any adverts but those on the caf for ages.
 
You must log in or register to reply here.