Comments

You have commented 339 times on Rantburg.

Your Name

Your e-mail (optional)

Website (optional)

	My Original Nic Pic-a-Nic Sorry. Comments have been closed on this article.
Foto

Submit your comments on this article

Good morning

2013-04-08

Posted by:Fred

#31 Geh mit Gott Warthog. :-)

Posted by: Besoeker 2013-04-08 22:38

#30 All,

Sorry I didn't reply to the Idaho comments yesterday but got the same pesky malware note on my Macbook.

We're off to the Boise Area. As I work in IT (have for 30 yrs) will look to partly retire/ partly work and say adios to Kali...certainly not to the 'Burg however...truly a beacon of truth and light amidst the Coastal Aristocrats and other Obama fellow travelers.

Posted by: Warthog 2013-04-08 21:12

#29 whenever you go to

http://www1.u6a001l18pkriv13q.lflink.com

you will get a malware notice

Posted by: linker 2013-04-08 20:27

#28 oh - that was logged with avast

Posted by: linker 2013-04-08 20:25

#27 to quote our Sage Joe. Running FF (up-to-date) got nuthin

Posted by: Frank G 2013-04-08 20:22

#26 hi - it does not happen every time but i'm receiving

Infection Details
URL: http://www1.u6a001l18pkriv13q.lflink.com...
Process: C:Program FilesMozilla Firefoxirefox...
Infection: URL:Mal

malware probably from an ad site

on firefox with adblocker and ghostery +

Posted by: linker 2013-04-08 20:20

#25 I got the "Fake APP" attack notice from Norton too, when I opened Rantburg for the past couple of days, including just now.

IE 8.

Posted by: Barbara 2013-04-08 19:19

#24 BTW___ running IE 8 on XP.

Posted by: Mercutio 2013-04-08 17:41

#23 Got a blocked attack warning from Norton yesterday as I opened R'burg. Can't copy cleanly from Norton but here's what it said:

Fake APP attack: Fake AV Redirect 29
Port 4474

Attacking URL: Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2013-04-06 9:12:04,High,An intrusion attempt by 66.75.81.217 was blocked.,Blocked,No Action Required,Fake App Attack: Fake AV Redirect 29,No Action Required,No Action Required,"66.75.81.217, 4474","www3.s4nb2qyk6mrqdp21-8.lflink.com/?dobswgj27=iOTL17SYmmJrq1ra1W+erZGq4d6unaFmZmVwm5+XpKeL&f1342b1=01%01%02%02%03%02%04%00%09","188.116.34.244, 80",66.75.81.217,"TCP, Port 4474"
Network traffic from www3.s4nb2qyk6mrqdp21-8.lflink.com/?dobswgj27=iOTL17SYmmJrq1ra1W+erZGq4d6unaFmZmVwm5+XpKeL&f1342b1=01%01%02%02%03%02%04%00%09 matches the signature of a known attack. The attack was resulted from DEVICEHARDDISKVOLUME2PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE. To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me.

The 188 URL is the attacker, the 66. was the target

Posted by: Mercutio 2013-04-08 17:40

#22 It was blue screen of death time for me too - I couldn't restart Windows and had to do a fresh re-install. Jason

Posted by: Secret Master 2013-04-08 16:37

#21 test

Posted by: Whiskey Mike 2013-04-08 15:47

#20 Beau - did they say someone had - or had *attempted* to login from Iran?

Paypal uses email addresses as 'id' so it's somewhat easy for someone to attempt to login as you (since you give your optional email to Rantburg comments).

Best to either not give your email address or give a different address than what you use for Paypal.

Posted by: CrazyFool 2013-04-08 14:23

#19 I got that last night too in Chrome, but it is okay today. More menacing, and probably unrelated, is that Paypal locked my account recently saying that someone had logged in from Iran. Anyone had that happen before? I generally use the same computer/browser for Rantburg and Paypal. Not saying there is a link, just wondering what other hacks are out there we should be careful about.

Posted by: Beau 2013-04-08 13:31

#18 49 Pan: drapes are tricky that way...

Posted by: Steve White 2013-04-08 12:04

#17 What ever it was it lock my computer up as well.

Posted by: 49 Pan 2013-04-08 12:00

#16 Actually in islamist sites you can find photos of "naked like eggs" women except for the burka, the under-burka, the under-under-burka, the under-under-under burka, the ....

Posted by: JFM 2013-04-08 10:05

#15 Drapes, why do they hate us?

Posted by: Rob Crawford 2013-04-08 09:34

#14 Got the same message last night but not now. But I did get an infection earlier and had to run MacKeeper to erase it out.

Posted by: Jack is Back! 2013-04-08 09:23

#13 The Malware may just be fed by a certain ad that doesn't recur too often.

Posted by: European Conservative 2013-04-08 07:51

#12 I got the same from Chrome, phil_b. A hour later it was Ok.

Posted by: g(r)omgoru 2013-04-08 07:49

#11 Ghostery has this info

Detected tracker source URLs:
http://cache.blogads.com/127899083/feed.css
http://cache.blogads.com/852137360/feed.css
http://cache.blogads.com/127899083/feed.js
http://cache.blogads.com/852137360/feed.js

Posted by: European Conservative 2013-04-08 07:18

#10 A real pest, btw... known distributor of Malware

Posted by: European Conservative 2013-04-08 07:09

#9 Fed by

http://cache.blogads.com/127899083/feed.css

Posted by: European Conservative 2013-04-08 07:08

#8 Check out Adknowledge, there's a tracking cookie of them on the Rantburg site.

Posted by: European Conservative 2013-04-08 07:08

#7 FF here, no message.

Posted by: Whiskey Mike 2013-04-08 06:43

#6 Clean here: IE9 and Opera.

Posted by: Skidmark 2013-04-08 06:28

#5 I also got a warning message that Firefox blocked an attacking site when I opened Rantburg. It didn't block Rantburg itself but another site that tried to load with it. It had a very long gibberish URL

Posted by: European Conservative 2013-04-08 06:16

#4 TW, nothing in IE. I don't have FF installed.

Posted by: phil_b 2013-04-08 04:11

#3 You are our third report tonight on that, phil_b, which I'm sure will be helpful in tracking down the problem. Do you get the same message with a different browser?

Posted by: trailing wife 2013-04-08 02:55

#2 Fred,

I'm getting the following from Chrome

Content from zlubob.org, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.

Posted by: phil_b 2013-04-08 01:10

#1 Birthday Gam Shot

Ana de la Reguera [Chicano][Filmography](age 36)

Diseño Desnudo como un Huevo

Posted by: GolfBravoUSMC 2013-04-08 00:29

00:00