Para Ordnance website redirect to Anti-Virus spam


PDA






RobMoore
October 6, 2008, 05:05 PM
Does anyone know why when I try to visit the Para Ordnance website, I get a popup asking me to install Anti-Virus 2009, and the website redirects to some "trusted scanner" website, which is such an intrusive popup that I have to ctrl-alt-delete for the task manager and end internet explorer to get it off my screen.

If you enjoyed reading about "Para Ordnance website redirect to Anti-Virus spam" here in TheHighRoad.org archive, you'll LOVE our community. Come join TheHighRoad.org today for the full version!
General Geoff
October 6, 2008, 05:10 PM
Looks like somebody hijacked their domain name. You can still access their site via direct IP address, though: http://207.228.229.48/

Irwin
October 6, 2008, 06:08 PM
As soon as i clicked that ip my norton went skitso on me and blocked 3 attacks. Irwin

AndyC
October 6, 2008, 06:17 PM
PO's website is infected - stay away. Oh, and don't download the free antivirus software - it's both a scam and malware.

Edit: Just checked again and the site itself now appears clean - the IP listed above by General Geoff takes me to a clean page, so it's starting to look like a DNS-exploit like the one recently discovered by Dan Kaminsky.

Catherine
October 7, 2008, 06:11 AM
Be careful with all of those links and anti virus deals that 'show up'.

I saw that on a couple of real estate websites and shut down my computer really FAST. It started to download without even touching anything else.

Catherine

Catherine
October 7, 2008, 06:15 AM
PS:

Some men had BIG problems with those links and wrote about it on leverguns.com awhile back. LONG thread and this crapola was all over many gun sites.

Catherine

Schmidlin
October 7, 2008, 07:33 AM
i think the rock river arms site is the same way. My avg closes the browser when ever i try to look at that site.

foghornl
October 7, 2008, 07:37 AM
I just spent 5 days cleaning up 2 computers here at work from those fake "MS Anti-Virus" popups.

(I am the 'Computer Guy') at work. Yeah, some folks will open/follow ANY link, in spite of cautions NOT to do that.

That last variant of the MS Anti-Virus was new enough that neither of the AV service I have stopped it.

dbones
October 7, 2008, 09:06 AM
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

go to that site and download Malware Bytes. Install it and let it update the definition files. Then unhook from the internet and run the program. It will clean that nonsense right off your system.

Jim March
October 7, 2008, 09:16 AM
I won't post the full link but they ARE still having problems...the link involving the work "paraord" tries to infect you.

I went ahead and clicked "sure, why not?" on the various popups, my, it says I had all KINDS of Windows buggies, mercy me, then I get to laugh as it bounced off of Ubuntu Intrepid and went "splat". (To be fair, I DID double-check to make sure I didn't have Wine running...not that it would have done that much if it worked at all but it could have been slightly annoying...)

Penguin power, baybeee!

Harvster
October 7, 2008, 09:50 AM
Run linux and you don't need antivirus software slowing down your system nor do you need to worry about malware or spyware.

Edit for Jim March....isn't it fun to click on all the virus links just for kicks and not have to worry.http://www.ubuntu.com/

Arcturus
October 7, 2008, 10:12 AM
Coming from someone who has been running Linux since the 1.2.X kernel, telling people who do not use computers to run Linux is absolutely completely ABSURD. Linux yuppies need to learn not everyone can figure it out.

Harvster
October 7, 2008, 11:09 AM
telling people who do not use computers to run Linux is absolutely completely ABSURD. Linux yuppies need to learn not everyone can figure it out.

Silly me, I guess I just naively assumed most people here used computers. ;)

sanglant
October 7, 2008, 11:46 AM
first this link (http://www.paraproshop.com/default.htm) works, click paraord.com on that site to get in.:confused:

second opendns (http://www.opendns.com/) will save you all kinds of trouble with this..... stuff. :D

ridata
October 7, 2008, 04:53 PM
Jim March, Harvester ... Intrepid here also. Oh yeah! And yes it is fun to watch as MS bugs try to crawl on you.

Arcturus ... Ubuntu is pretty darn simple. It doesn't take much to figure it out. Many manufacturers are shipping with Ubuntu(on request) now also.

nalioth
October 7, 2008, 05:39 PM
I went ahead and clicked "sure, why not?" on the various popups, my, it says I had all KINDS of Windows buggies, mercy me, then I get to laugh as it bounced off of Ubuntu Intrepid and went "splat". (To be fair, I DID double-check to make sure I didn't have Wine running...not that it would have done that much if it worked at all but it could have been slightly annoying...)

I like the mysterious javascript popups that say "Sorry, you're not win32 compatible." :evil:

crushbup
October 7, 2008, 06:09 PM
The same thing happened to me last night with the Ops Inc. website. I wanted to go look at one of their muzzle brakes, but I got the exact same ad. Is somebody targeting gun-related websites?

Also, having tried to use Linux many a time, sampling many different distros, I have found that I still prefer Windows, as it has all the programs I need to use (try finding a Linux app that can open InDesign files) and it is leagues better in terms of driver support for my desktop. I had some good experience with Linux Mint, but because Wine was a pain to get working I migrated back. Also, Ubuntu is one of the ugliest distros I've ever seen. I'd choose working in a terminal over using Gnome.

ETA: Now Ops Inc. is just down, so I hope they've isolated the problem and will be up again soon

Jim March
October 9, 2008, 03:47 AM
To be fair, I do have Windows XP runnable in a Virtualbox virtual machine. That means any time I want to, I can fire up XP in it's own 786k (adjustable, out of 2gig total on my laptop) memory space and run any XP apps I *really* need in there.

This gives two advantages:

* Ubuntu feeds XP it's internet connection via a "software NAT", meaning Ubuntu is acting as a "software firewall from hell" protecting and enshrouding XP from nasties.

* It's still possible to get XP (wait, or Vista [gag] if you really want to!) infected if you surf the web with it or use it for EMail. But that's OK, because the virtual machine is living in a single file within the Linux directory system (inside your home directory). So you can back it up and restore it any time you want...no reloading Windows itself, no messing around, just copy a file.

Note: run the "full tilt" edition of Virtualbox from their website (known as the "personal evaluation license" variant) as it has two cool features: USB passthrough between the "host" (Linux) and "guest" (Windows) operating system. You also get directory sharing between the windows guest and Linux host, so within Windows you can look "up" into the Linux directory structures and even store your Windows-app data up in the Linux directories so the data is also accessible under Linux. That also lets the Windows virtual machine completely blow itself up without nuking your data. The "fully open source" variant of Virtualbox doesn't have those added benefits; that's the version that comes in the Ubuntu (or other distro) repositories.

General Geoff
October 9, 2008, 05:48 AM
I think we need to be a bit more constructive here and not mutter on and on about how linux can't be infected.


Someone needs to email para ordnance (and any other sites that are affected by this) and tell them what's going on so they can try and fix it.

boredelmo
October 9, 2008, 10:26 AM
So is this the anti-gun campaigns doing such deeds? If so...someone needs to be investigatin'!

Pat-inCO
October 9, 2008, 11:28 AM
I saw that on a couple of real estate websites and shut down my computer really FAST. It started to download without even touching anything else.
Go into "Preferences". You can stop most of that before it even starts.

AndyC
October 9, 2008, 11:51 AM
So is this the anti-gun campaigns doing such deeds? If so...someone needs to be investigatin'!
No, it's how malware-authors manage to infect most people these days - break into a trusted website through XSS or SQL-injection exploits and infect any vulnerable visitor to that site. If they can't break into the site, they use DNS-exploits to redirect - ok, never mind, I'm rambling, I'll shut up now ;)

RobMoore
October 9, 2008, 04:53 PM
Other than being ******-bags, are they doing it for a reason?

crushbup
October 9, 2008, 05:15 PM
******-bags
Sure is ARFCOM in here

RobMoore
October 9, 2008, 08:23 PM
I'm not an ARFCOM member, explain.

Harvster
October 9, 2008, 08:46 PM
RobMoore- This may shed some light on it.
http://www.thehighroad.org/showthread.php?t=270523

crushbup
October 9, 2008, 09:19 PM
Its something of an internet joke. If someone says something offensive, or something playfully offensive and you go along with the joke, you say "Sure is [insert noun here] in here" almost as though you were saying "Sure is [hot, cold] in here."

stevemis
October 10, 2008, 03:29 AM
Edit: Just checked again and the site itself now appears clean - the IP listed above by General Geoff takes me to a clean page, so it's starting to look like a DNS-exploit like the one recently discovered by Dan Kaminsky.


Lovely stuff! I checked the whois record and it doesn't look like the domain has moved around, so the Kaminsky exploit is a good explanation.

Is there any chance you have the IP address? I've never seen this exploit in the wild and would love to study it. Thankfully I didn't need to make any last-minute patches when the proof-of-concept hit the network... djbdns doesn't suffer from such .. uh... well... you know.

Steve

If you enjoyed reading about "Para Ordnance website redirect to Anti-Virus spam" here in TheHighRoad.org archive, you'll LOVE our community. Come join TheHighRoad.org today for the full version!