WARNING: Your Flash Player plugin is outdated! Upgrade to continue

[jpishgar]

Hey there guys,

Thanks for the reports. We're looking into this. Naturally, do not download or install anything that is not from the direct source itself. Hopefully we'll have this resolved in short order. Any additional information you can provide on where you are seeing this, specifically what URLs you are finding this on (forums? editorial side?) would be beneficial.

Thanks!

-JP

 

[destrekor]

Hey there guys,

Thanks for the reports. We're looking into this. Naturally, do not download or install anything that is not from the direct source itself. Hopefully we'll have this resolved in short order. Any additional information you can provide on where you are seeing this, specifically what URLs you are finding this on (forums? editorial side?) would be beneficial.

Thanks!

-JP

This is only on the forums, as far as I can tell.

 

[VirtualLarry]

Yeah. I'm running Chrome and getting a pop-up. It's similar to pop-ups I've seen on.. uhhh.. less reputable websites.

So when is Anandtech Forums going to start hosting streaming 0-day moviez?

 

[Fanatical Meat]

appears to have stopped on my phone & PC

Larry, I was thinking it was going to be streaming Pr0n

 

[balloonshark]

IP addresses so far:

http://184.173.28.170/adobe_flashplayer_7.exe

http://184.173.28.174/adobe_flashplayer_7.exe

http://75.126.160.35/adobe_flashplayer_7.exe

http://192.155.192.104/adobe_flashplayer_7.exe

I downloaded the file in the first link and uploaded it to be scanned at virustotal and got some hits. https://www.virustotal.com/en/file/...7dbd1b96a2cb7ec46066f37be2093aca60f/analysis/

Edit: I scanned the files on my computer with Emsisoft, Hitman pro free and Malwarebytes free and the latter was the only one to alert to the files. This is why I scan everything I download with virustotal and multiple scanners on my computer before I run them.

 

[destrekor]

I downloaded the file in the first link and uploaded it to be scanned at virustotal and got some hits. https://www.virustotal.com/en/file/...7dbd1b96a2cb7ec46066f37be2093aca60f/analysis/

Edit: I scanned the files on my computer with Emsisoft, Hitman pro free and Malwarebytes free and the latter was the only one to alert to the files. This is why I scan everything I download with virustotal and multiple scanners on my computer before I run them.

Why aren't you running better virus scanners in the first place?

I bet Bitdefender Free or, hell, even Microsoft Defender, would have had a positive hit.

Two of the three you mentioned are great second-line offensive plays (Hitman and Malwarebytes), but should not really be relied upon for first-line defense. Seriously, storied standbys like Bitdefender, Kaspersky, and usually Webroot should be at the top of everyone's list.

 

[balloonshark]

Why aren't you running better virus scanners in the first place?

I bet Bitdefender Free or, hell, even Microsoft Defender, would have had a positive hit.

Two of the three you mentioned are great second-line offensive plays (Hitman and Malwarebytes), but should not really be relied upon for first-line defense. Seriously, storied standbys like Bitdefender, Kaspersky, and usually Webroot should be at the top of everyone's list.

Emsisoft also uses the Bitdefender engine and it didn't get a hit at virustotal. I don't rely on scanners though. I only use them for scanning downloads from reliable sources. I have plenty of other layers including a user account, sandboxie, noscript, ad blocker, etc.

 

[Cobra_41]

Hello, just trying to gather a little more information about this specific issue happening. Can you all provide me either through Private Message or through this forum thread the following details. Are you still having this happen or has it since stopped?

Your location (Country / State)?
What type of computer / OS are you using?
What type of browser / version are you using?
What page URL did this happen on or is happening on?
Are you able to grab a screenshot of all of the ads on the page at the time this pop up happened?
Are you able to use Developer Tools or Firebug like program to inspect the element of the ads on the page. We would be looking for any of the script code that is showing up on all of those particular ads on the page, in some cases this could be a lot of code to copy and paste over but what we would need to look through.

Thanks

 

[jpishgar]

Hey there guys,

We're on it. As Cobra mentioned above we could really use your assistance.

Could you help us dig through to find the needle in the haystack here with answers to the following questions, if you encounter it again? Is anyone here still encountering this issue? If so, please let us know, as well as the following - it would help us locate the offending partner/network and take action.

• What is your geo-location? (Country/State)
• What type of computer are you using? (PC/Mac)
• What OS are you using?
• What Browser and Version?
• What URL exactly did you encounter the issue on?

And lastly, if you could nab a screen-grab, particularly with any ads that might be on the page, that would be extremely helpful.

Thanks in advance!

-JP

 

[pcslookout]

Sure.

I will when I see it.

 

[Balt]

Hey there guys,

We're on it. As Cobra mentioned above we could really use your assistance.

I haven't seen it since last night.

 

[destrekor]

Hey there guys,

We're on it. As Cobra mentioned above we could really use your assistance.

Could you help us dig through to find the needle in the haystack here with answers to the following questions, if you encounter it again? Is anyone here still encountering this issue? If so, please let us know, as well as the following - it would help us locate the offending partner/network and take action.

• What is your geo-location? (Country/State)
• What type of computer are you using? (PC/Mac)
• What OS are you using?
• What Browser and Version?
• What URL exactly did you encounter the issue on?

And lastly, if you could nab a screen-grab, particularly with any ads that might be on the page, that would be extremely helpful.

Thanks in advance!

-JP

Ohio, USA
PC
Windows
Chrome 46
exact URL? hmm, can't help much. I am fairly certain I saw it on: http://forums.anandtech.com/forumdisplay.php?f=14
But it was also seen at other times


It should be noted that I also use the Adguard Adblock extension. No ads were visible.

edit:

I haven't seen it since last night.

This also is true. It has been smooth sailing all day today. After a certain point last night, it ceased to occur, and I browsed to many different URLs on AT Forums.

 

[adamantine.me]

Well that popup looks sketchy as hell. They couldn't have even pasted the official download prompt or pasted the logo on? Looks like someone is half assing their phishing.

 

[jpishgar]

Thank you, everyone. Good news - we believe we have narrowed down the cause of the issue and resolved the problem.

It turns out this breach impacted thousands of sites across the internet for a total of 83 minutes over the weekend. Based on research, we believe it had to do with an issue relating to analytics software shared by a massive number of networks (ours unfortunately included). We're going to double-confirm the "why's and wherefore's" of the matter before we respond definitively, but we're taking steps to ensure that this type of thing doesn't occur again.

We greatly appreciate your assistance in helping us discover the nature of this holiday-timed attack, and are grateful for your vigilance in relaying information to us to help identify and resolve the issue. Thanks for your patience, and for bearing with us during this.

Warm Regards,
Joe Pishgar
Senior Community Manager, Purch

 

[destrekor]

Thank you, everyone. Good news - we believe we have narrowed down the cause of the issue and resolved the problem.

It turns out this breach impacted thousands of sites across the internet for a total of 83 minutes over the weekend. Based on research, we believe it had to do with an issue relating to analytics software shared by a massive number of networks (ours unfortunately included). We're going to double-confirm the "why's and wherefore's" of the matter before we respond definitively, but we're taking steps to ensure that this type of thing doesn't occur again.

We greatly appreciate your assistance in helping us discover the nature of this holiday-timed attack, and are grateful for your vigilance in relaying information to us to help identify and resolve the issue. Thanks for your patience, and for bearing with us during this.

Warm Regards,
Joe Pishgar
Senior Community Manager, Purch

Interesting.

When/if it is confirmed to be as you described, can you provide further detail? I have searched -- admittedly with little effort -- and haven't discovered any coverage of a breach of any analytical service.

At time of confirmation, would you be able to provide the name of the service you use? I usually use Chrome (without NoScript.. I don't know why), but I have NoScript on Firefox and I presume these are all analytical or ad networks:

servebam.com
scorecardresearch.com
demdex.com
google-analytics.com
googletagmanager.com
yahooapis.com
qualtrics.com
perfdrive.com

I presume neither google service or yahoo's service were beached, otherwise I cannot help but assume that would have made headlines.

 

[SNC]

Hello, just trying to gather a little more information about this specific issue happening. Can you all provide me either through Private Message or through this forum thread the following details. Are you still having this happen or has it since stopped?

Your location (Country / State)?
What type of computer / OS are you using?
What type of browser / version are you using?
What page URL did this happen on or is happening on?
Are you able to grab a screenshot of all of the ads on the page at the time this pop up happened?
Are you able to use Developer Tools or Firebug like program to inspect the element of the ads on the page. We would be looking for any of the script code that is showing up on all of those particular ads on the page, in some cases this could be a lot of code to copy and paste over but what we would need to look through.

Thanks

US/PA
Windows 8.1
Chrome Version 46.0.2490.71 m
Just about all forum pages I visited yesterday.
A screenshot would not have helped to show ads as I have ABP and none are shown.
I thought that was a bit odd that even with the ad blocked it would be redirecting.
Had I not been in a hurry I would have looked a bit further into it but I had to get my day started. I have not seen any redirects yet today.

 

[Rakehellion]

IP addresses so far:

http://184.173.28.170/adobe_flashplayer_7.exe

http://184.173.28.174/adobe_flashplayer_7.exe

http://75.126.160.35/adobe_flashplayer_7.exe

http://192.155.192.104/adobe_flashplayer_7.exe

I'm on a Chromebook with the latest version of ChromeOS, no chance for a virus or funky local proxy issues. Either it pops up with the "WARNING: Your Flash Player plugin is outdated! Upgrade to continue" or else it automatically redirects to one of the IP addresses listed above & bounces me off the page I was reading or post I was typing.

Someone download the app and see what it does.

 

[jpishgar]

It's a minor service intended to provide analytics. We're still investigating, but confident that the threat has passed, and taking steps to prevent it from ever recurring.

 

[VirtualLarry]

It's a minor service intended to provide analytics. We're still investigating, but confident that the threat has passed, and taking steps to prevent it from ever recurring.

Well, it just showed up for my Linux-using friend. On Newegg. So the threat is still out there.