Virus loaded ad redirects

wolfsbane2k

Hi.
Had a second redirect from the commuting thread forum on a second device, something is definatley up.

Trying to get the pictures uploaded to share to you.
Its taking over the tab for bike radar.
Both devices reported clean with McAfee av and avast av.

wolfsbane2k

And



Closing page resulted in attempts to get me there my phone.

BikeRadarAdmin

Thanks for this.

Have passed onto the team and we'll get rid of this asap.

wolfsbane2k

joshjevans wrote:

Thanks for this.

Have passed onto the team and we'll get rid of this asap.

No worries. I'll let you know if I have any more.

That last one was particularly nasty redirect, ended up with 14 tabs loaded, all with various junk / "device updates" etc and an APK being downloaded.. :S

BikeRadarAdmin

Eurgh, sorry about this!

Dev team have created a ticket for this so hopefully resolved asap.

Thanks again.

wolfsbane2k

Just hit another one after clicking a link on twitter to your 'suck at repairs' page

BikeRadarAdmin

Thanks, apologies again.

wolfsbane2k

And another.

This one hit the content warning of my mobile provider, always fun :rolleyes:

wolfsbane2k

Gah. And another.

tangled_metal

I've been getting those too but from another site (you can relax Joshevans). Ended up getting windows up mentioning potatoes of all things. Well it was an American food site so some logic there I guess.

Would these involve some nasties being put on your device? My av didn't find anything but since it's my phone I'm kind of worried what's been put on it.

BikeRadarAdmin

Ha, thanks!

I have ad ops investigating whether it is our end or not too.

wolfsbane2k

Oh the irony.

I always and only get them after visiting a br page, and it kicks in about 6 seconds after the page loads. At the moment don't appear to be virus loading, but I might be catching them in the process of loading,

wolfsbane2k

They've evolved.
Now a data: redirect, had two of them.





Still believe they are from here, use phone all day, only appear after a br visit.

wolfsbane2k

wolfsbane2k

2 more just after signing in to the forum.
1 definatley NSFW.

wolfsbane2k

Hi
Just to confirm im now 36 hours without incident, without changing anything on my phone, so still think it was BR.
Cheers:-)

darkhairedlord

I had some on my Android phone yesterday when I went to the pro-race sub forum.
It was claiming to be the Google Awards Programme, usual free phone/tablet guff.
Defo something naughty on the site.

BikeRadarAdmin

Cheers guys, still waiting to hear back from ad ops.

Mattcee

You guys have a major problem with the ad network you're using and rogue advertisers.
Its almost impossible to view the forum now on my android device as every 3 or 4 clicks brings up a bad ad which kills your own site and leaves me just with the rogue ads.

wolfsbane2k

Wow, that's really odd. That's exactly the type of behaviour I was seeing, but it's now disappeared.
I dwonder if the code was clever enough to detect it running through a proxy and abort. I'll keep watch!

wolfsbane2k

If anyone is suffering from this and feels slightly techy, I'm sure Josh would appreciate detailed information.
The best way to get this is to perform a 'man in the middle's attack against it, for which you'll need another PC you can put on the same WiFi network as the phone.

I used fiddler4 software proxy for this (www.fiddler2.com) and set up the WiFi on the phone to proxy through that installation.
If you need help setting it up, holler and I'll try and write a detailed guide.

BikeRadarAdmin

Thanks for the info guys and sorry about this.

I am chasing answers!

homers_double

I get the same on BR on my iphone, several redirects to adds offering me phone upgrades etc.

Cant go back a page so have to shut off the browser.

It isn't when I click on adds either because I don't bother with them or the clickbait at the bottom of the page. Just standard topic links within the forum.

I'll screenshot it next time and post it up.

phil485

Im gwtting this more and more.
Samsung galaxy s6

BikeRadarAdmin

Thanks HD.

Ads thought they had resolved the issue but clearly not!

Any screenshots etc is very helpful.

antsmithmk

For info I have been having the same issue for the last week or so. I only get the issue on this forum. Complete takeover of browser, when I try to go back or close it down more pop ups appear.

wolfsbane2k

Just had another data redirect.
Will go back to running fiddler over the weekend where possible.

wolfsbane2k

And another redirecter
URL incoming

Mattcee

I've had to stop visiting here on mobile because of the rogue ads. Once the ads trigger, Mediaserver on Android runs at almost 50% on my Galaxy S7 which makes the phone incredibly hot and kills the battery in a couple of hours.

I thought my phone had a fault with this issue and even got Samsung/ EE tech support involved, but it turns out it was these ads triggering Mediaserver's high usage

wolfsbane2k

Mattcee wrote:

I've had to stop visiting here on mobile because of the rogue ads. Once the ads trigger, Mediaserver on Android runs at almost 50% on my Galaxy S7 which makes the phone incredibly hot and kills the battery in a couple of hours.

I thought my phone had a fault with this issue and even got Samsung/ EE tech support involved, but it turns out it was these ads triggering Mediaserver's high usage

Yep had the same with the battery issue. Seriously considering an adblock installation on the mobile just for this site.

wolfsbane2k

Haha, Loving the ad removing software autocorrect above. (between the **'s)

Anwyay - yet another data :base64 again.