Dodgy ad banners?

[Fugitive]

Starting today, I've been seeing some weird behaviour from the ad banners here, including firing up Java but not actually doing anything, causing the "do you want to resubmit this form data?" when going back, and an attempt to run something with an unsigned certificate from "google-adservices.com", which is clearly not associated with Google.

Anyone else seeing these, in case it's just a local browser hijack?

[Cosmic Hippo]

I haven't seen any of that. What browser are you using?

[Charles]

Yeah, I've had java start up on me a couple times today for no reason. Probably related.

[Ephraim]

Yes, I'm seeing a Certificate Trust message in Firefox from the dodgy google-wannabe site. I just keep hitting "No, don't trust" and moving on. I'm not sure which ad banner is causing it.

[WarrenM]

I got a prompt to install Java for Chrome today. Weird.

[Guido Jones]

same thing happened to me when I was typing a post earlier today.

[Pogo]

Tom's loggin' your keyz.

[Fugitive]

It hasn't reoccurred recently, so I guess some shady banners snuck into Google's network and were taken care of shortly thereafter.

Or maybe that's what the rootkit *wants* me to think...

Edit: Argh, started happening to me again as soon as I got home, on my Mac too.

[RyanMichael]

It happened to me around 6:20pm EST. One of the banners was popping up that security certificate thing.

[stusser]

That's really weird, you'd think google would be above that kind of nonsense... although I guess google=doubleclick.net now and doubleclick isn't above grinding up bleached baby bones to make flour for their daily bread.

If it keeps happening I guess send tom a PM.

[Charles]

They are back. Page loads, no visible ad, but Java is running and doing something.

Not a fan of this. Not a fan of this at all.

[Scrax]

Havn't had anything pop up yet on my home or work machine. Both use internet explorer if it makes a difference.

[WarrenM]

I just had Java start up for no apparent reason and then a status bar notification from Google telling me that something tried to change my default search settings and it blocked it from happening.

Some fucked up shit is afoot here.

[Mike O'Malley]

I got the same thing, multiple stacked (10+) security permission request pop-ups from "Security CC LTC". The only thing open was the new posts page from Qt3, with a blank ad banner.

That's shady stuff right there.

[Fugitive]

There have been Java exploits that let an applet get native access to your system, though I think they were in older versions of the JRE so you should be fine if you're up-to-date. It's extra-suspicious that the Java appears to be going ahead and running for some of you, though; it's been blocked by an untrusted certificate prompt for me.

I'm turning off in-browser Java anyway, just to be safe, as I don't think I'm using it anywhere anyway.

[Post-It]

I'm getting the same thing on Windows XP with Chrome.

[shang]

Yep. Have been getting the same frequently today. Really annoying, as it spams the Firefox warning dialog constantly until you manage to reload the page so that some other ad appears.

[RyanMichael]

Quote:

Originally Posted by Charles

They are back. Page loads, no visible ad, but Java is running and doing something.

Not a fan of this. Not a fan of this at all.

Don't worry, you can't get a virus just surfing the Internet. ;)

[Staff Sergeant]

This has been happening to me too but while my pages were minimized, not the selected window, etc. I assumed it was some sort of really transparent spyware and I've run Spybot S&D like 3 times now. Never connected it with Qt3's banner ads.

[stusser]

According to this, it looks like this is happening all across google adsense. I would hope google fixes it soon. Until then, don't accept the security warnings.

I can't replicate it, even when refreshing a couple dozen times, so I dunno. Maybe your machine is trojaned.

[Eric T Cheng]

Noone here uses AdBlock or NoScript?

[stusser]

If they do block ads, they're courteous enough not to brag about it here.

[Staff Sergeant]

Actually many people do brag about it.

[shang]

Disabling Java from Firefox seems to be the best workaround for now.

[JPR]

As of a few seconds ago, Chrome won't load quartertothree.com without clicking a checkbox saying I understand that the site appears to contain malware. Whoever currently hosts qt3 needs to get this taken care of.

[WarrenM]

Yep, this suddenly popped up for me. Chrome now identifies QT3 as a malware site.

[Fugitive]

It's possible something has infected the board software itself and is occasionally replacing the scripting that pulls in Google ads with its own redirection, but I haven't caught anything like that in the page source yet -- it's always still listed pagead2.googlesyndication.com.

[Talisker]

Code:

<!--
google_ad_client = "pub-5008003621943549";
/* 728x90, created 7/7/08 */
google_ad_slot = "8596948173";
google_ad_width = 728;
google_ad_height = 90;
//-->

Dunno if that helps squelch it or not -- can Tom/stusser tell Google to blacklist a given ad client? (assuming it's coming from an ad client, that is)

In any event, I've turned my ad blocker back on for QT3 for the time being.

[Talisker]

Quote:

Originally Posted by stusser

I can't replicate it, even when refreshing a couple dozen times, so I dunno. Maybe your machine is trojaned.

I'm getting it here periodically too; if that means my machine is trojaned, it's gotta be a pretty devious trojan, as I'm running firefox on Ubuntu :)

[stusser]

Lovely, google is calling Qt3 a malware site due to their own ads.