Attack from your site

[Tibetan_Ice]

Hi,

I just go this from the tao bums. Any ideas?

 

It says:

 

Severity: High - An intrusion attempt was blocked.

 

Web Attack: Blackhole Exploit Kit 2

Attacker URL http://thetaobums.com/forum/1-general-discussion/

 

Network traffic was detected that matches the signature of a known attack. The attack

was resulted from c:\program files\internet Explorer\iexplore.exe.

 

 

Thanks.

[sean]

highly unlikely this is coming from the forum. sounds like your computer is infected. what av software are you running on your computer? please take a screenshot next time.

 

sean

[Tibetan_Ice]

highly unlikely this is coming from the forum. sounds like your computer is infected. what av software are you running on your computer? please take a screenshot next time.

 

sean

 

Hi Sean,

I have a screen shot, can't figure out how to upload it from my hard drive.

Just figured it out..

 

Thanks.

Edited September 20, 2012 by Tibetan_Ice

[Protector]

INTERNET EXPLORER? MY GAWD!!!

[madMUHHH]

Same here. Using Firefox.

[xabir2005]

When entering this forum I saw the warning screen that this site is an 'attack site'.

 

Safe Browsing

 

Diagnostic page for thetaobums.com

 

What is the current listing status for thetaobums.com?

Site is listed as suspicious - visiting this web site may harm your computer.

What happened when Google visited this site?

Of the 5 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-26, and suspicious content was never found on this site within the past 90 days.

This site was hosted on 2 network(s) including

AS19066 (WIREDTREE)

,

AS13335 (CLOUDFLARENET)

.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, thetaobums.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

• Return to the previous page.
  
• If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
  

Edited September 22, 2012 by xabir2005

[xabir2005]

http://www.airdemon.net/blackhole.html

[Gerard]

.

Edited September 13, 2013 by Gerard

[eye_of_the_storm]

I use firefox... only just started getting these messages today also...

 

something is up

[Seth Ananda]

I just started getting a Malware warning with each TTB page I start to load...

 

I use chrome.

[sean]

damn. ok. investigating.

[Apech]

It was someone using an avatar from a blacklist site last time this happened.

 

I'm using Chrome but not getting this message.

[宁]

as soon as the new version of firefox installed i also got this message, i believe the two events maybe related

[Thunder_Gooch]

alanwatts.com is getting same error, also noticing 0 day Java script exploits.

[sean]

meh. this one is out of my league.

 

hiring a $$ security professional that specializes in malware removal.

 

i normally don't ask this, but if anyone is feeling generous and wants to send me even $1 or two to help defray cost, the paypal address is [email protected]

 

sorry for the inconvenience.

 

best,

sean

[AugustLeo]

meh. this one is out of my league.

 

hiring a $$ security professional that specializes in malware removal.

 

i normally don't ask this, but if anyone is feeling generous and wants to send me even $1 or two to help defray cost, the paypal address is [email protected]

 

sorry for the inconvenience.

 

best,

sean

Sean - just sent a donation to help fix this problem. Michael

[rene]

meh. this one is out of my league.

 

hiring a $$ security professional that specializes in malware removal.

 

i normally don't ask this, but if anyone is feeling generous and wants to send me even $1 or two to help defray cost, the paypal address is [email protected]

 

sorry for the inconvenience.

 

best,

sean

 

FYI - when i tried to come in using firefox - i got the warning like others here. I clicked the "why was this blocked" link - and it took me to a nice helpful page by GOOGLE promoting THEIR security systems.

 

When I came in using IE9 while logged into GOOGLE - i got no warning at all...let me in here easy peasy.

 

IMO this stinks of the ever increasing GOOGLE attempt to be the ONLY player out there... BTW - did you know that the TTB pages "redirect" upon opening? When I use firefox, its shields prevent the redirect. Watch, sometimes, the little info at the bottom where it shows all the stuff that loads up...along with the page loading. MOST of it is GOOGLE. GAG.

 

/rant.

 

(also posted this in the general section, attack thread) Best of luck, Sean.

 

warm regards

[rene]

It was someone using an avatar from a blacklist site last time this happened.

 

I'm using Chrome but not getting this message.

 

Apech..yeah... strange only the "Non-Google" browers are getting this, huh.

[GrandmasterP]

It opens no problem via Bookmarks on Kindle but not by typing Tao Bums into Google using same Kindle. Doing that only brings up the Google Attack warning screen.

[GreytoWhite]

Apech..yeah... strange only the "Non-Google" browers are getting this, huh.

 

I'm getting it on Chrome 21.etc...

[zerostao]

i am still getting the warning message but i am using a college computer

so i aint too worried , but still........

[Gerard]

.

Edited September 13, 2013 by Gerard

[rene]

"Don't just put the blame on Google for this..."

 

I don't. I blame Facebook too.

 

Gerard, you're right. This will take a pro.

[Trunk]

Sean,

 

Attached is the notice I got from Google (saved the webpage).

 

TTBs Google diagnostic b.htm

 

Trunk

[mYTHmAKER]

From Google

 

Safe Browsing

 

Diagnostic page for thetaobums.com

 

What is the current listing status for thetaobums.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 4 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 75 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-09-23, and the last time suspicious content was found on this site was on 2012-09-21.

Malicious software is hosted on 1 domain(s), including

bookmarketingforauthors.info/

.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including

juanmari.net/

,

prapra.net/

.

This site was hosted on 3 network(s) including

AS13335 (CLOUDFLARENET)

,

AS19066 (WIREDTREE)

,

AS15169 (Google Internet Backbone)

.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, thetaobums.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

• Return to the previous page.
  
• If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
  

Updated 6 hours ago