# Infection



## rehevkor (Sep 25, 2011)

I've just had a rather unpleasant experience while browsing the forum - including some kind of attempted infection. I was reading while not logged in, after having come here via a search engine, I clicked on the Kirby Mass Attack AP thread and instead of going to the thread I started getting redirected all over the place - the next few entries in the history where (click at your own risk):



Spoiler



http://www.google-analytics.com/gc.js?1&am...353911287900823
http://strongbodys.net/aff?aff=http%3A%2F%...xvd_c_JqKdOXw~~
http://gbatemp.net/gogo?u=http%3A%2F%2Fgba...lations&c=3
http://109.206.161.73:8180/feed/go.php?id=...6a38f&n=n-4
http://176.9.26.35/feed/go?id=f738ced8-e4d...0139&type=G
http://costse.net/in.cgi?6¶meter=gbatemp.n...o=sumi&CS=1



Ending up at I believe the Costse.net site, which appeared to be some kind of DS flashcard site. Going back in my browser to GBAtemp and clicking on the thread again then took me to shoptemp.net, or in one case to www.shoptemp.fr - this happened no matter where I tried to go on the forums, more google-analytics urls were in my history during that too. Only way to fix it was to close and re open the browser - coming back here I had no problems.

But most worrying was a threat alert from AVG, warning me of:

File name: h.golfes.in/main.php?page=76f6b79d5210675d

Threat name: Exploit Blackhole Explot Kit (type 2057)

False positive? I don't know.


----------



## BoxmanWTF (Sep 25, 2011)

hoo boy...


----------



## Rydian (Sep 28, 2011)

Looks like a rogue ad.


----------



## ShinyJellicent12 (Sep 28, 2011)

Uh.... oh...


----------



## Bladexdsl (Sep 29, 2011)

hehehe should have had Noscript installed


----------



## Rydian (Sep 30, 2011)

Bladexdsl said:
			
		

> hehehe should have had Noscript installed


"Got shot at school?  Heehee should have worn a bullet-proof vest."

The point being that if things are running smoothly you shouldn't need to resort to such measures on a safe site like this.  If an advertising company allowed to insert ads into these pages is forwarding along redirects and infections, _it's a problem for the site_, which is why this thread is here.


----------



## Bladexdsl (Oct 1, 2011)

doesnt matter how safe you think a site is if you go into a site without protection than your asking for trouble. i dont go anywhere without adblockplus, noscript and betterprivacy turned ON


----------



## pspunabletohack (Oct 1, 2011)

Yes i clicked the links and i'm infected
EDIT: oh wait it was just a crack on my destkop lol


----------



## Bladexdsl (Oct 1, 2011)

you dont need to click anything if some idiot has a script in their sig and you go to the same thread as them it can activate itself without you even knowing!


----------

