I stumbled on this site a few weeks back after it picked up http://wordpress.tweetmeme.com which basically collates all the tweets related to wordpress… a great resource for sure. I had this sitting on my IE window today and suddenly it redirected to another location… see the screenshots below. I believe that the advertising network they use for their banner ads is infected with a malicious ad that redirects you to the site shown. I’ve no way to contact these people direct so I’m blogging this so that others will know.
Going to the site can produce the following redirect
Regardless if you press OK or Cancel you get the following which looks real but is in fact inside your web browser
Again regardless of what you press you get the following screen – notice it’s a Windows XP dialog box… I’m running Windows 7 😉
Again regardless of what you press it will try to install what is sure to be spyware… and the loop goes on.
I have seen several of these lately with the same original screen. I have been able to extricate myself, but not sure if average client would even know to do so.
Wayne Small says
Thanks Randy – yes I agree the average client will have no idea how to get out of it. Hopefully it can be shutdown quickly.
Sandi Hardmeier says
Wayne, I see that the web site is using openx. There is a known vulnerability in older versions of openx that the bad guys behind malvertizing have been using to inject malicious code into otherwise safe advertising. You can see more details here:
It may be that this is the cause of the problem that you saw; they are using advertising hosted by Doubleclick so I would be surprised if the ad itself was bad.
I’ll keep an eye on things; see if I can reproduce the problem.
Joly MacFie says
tweetmeme.com is blocked by google right now, presumably via astopbadware.org alert – according to them the problem is from embedded elements (ads?) linking to statsistats.com.
Cara mengatasi ejakulasi dini says
Thanks a bunch for sharing this with all people you really understand what you’re speaking about! Bookmarked. Kindly also consult with my website =). We could have a link change agreement among us
cheap ray bans says
WordPress.Tweetmeme.com infected with spyware
cheap ray bans http://www.northtynesideebp.co.uk/