Jump to content
Sign in to follow this  
lysosome

BUG 008 - FILESTORE321 REDIRECT MALWARE

Recommended Posts

whenever I visit supertalk via google I occasionally see this, the regularity of which seems completely arbitrary:Filestore321_com_-_Your_File_Hosting_and

 

using the browser's back and forward buttons always gets the page to show.

 

edit: sorry for the blurry screenshot...

Edited by lysosome

Share this post


Link to post
Share on other sites

yeh. this is completely weird. just tested and got same results...

do you know when this first started?

we noticed some weirdness with google stats about 2 weekends ago but haven't been able to pinpoint the cause...

this *might* be related...? or a clue...

 

have sent tickets to all the techs.

 

thanks!

Share this post


Link to post
Share on other sites

it's malware. it's sucking all new users google search result links off to that spam site. uuurck. 

techs trying to locate the source code. so far not so easy... bleh.

will update as we get new info...

Share this post


Link to post
Share on other sites

great (that you guys are aware of it I mean). thanks. was starting to get a little paranoid

edit: sorry, didn't see your first post. max a month ago? definitely a fairly recent phenomenon. Hope you guys get it worked out.

Edited by lysosome

Share this post


Link to post
Share on other sites

http://blog.sucuri.net/2015/02/analyzing-malicious-redirects-in-the-ip-board-cms.html

 

this is a nasty muthafucker piece of shit redirect malware. it takes links on google/facebook that should go to supertalk off to spam sites. 

 

if anyone notices this when linking to supertalk [or any other forums for that matter...] please report it here...!!

this is supposed to be a browser only bug on windows OS but it is also affecting forums and browsers on macs. [chrome/firefox etc.]

 

we have been able to temporarily plug it on the website - but it seems to be mutating and finding new ways to inject code.

seems it's currently one step ahead of techs...

trying to get to the bottom of it - and the more info the better...

uuuurK.

Share this post


Link to post
Share on other sites

i was getting the redirect for a while too which seems to have stopped for now but not sure because i haven't accessed sufu through google in a while. it was also redirecting to adultfriendfinder and other adult advertisements as well fwiw.

 

don't know if this is related in anyway, but i've been trying to login through mobile (chrome) since yesterday and i can't proceed due to this word-for-word notification stating "Your connection is not private" "Attackers might be trying to steal your information from supertalk.superfuture.com (for example, passwords, messages, or credit cards) NET::ERR_CERT_AUTHORITY_INVALID"

 

i got a similar notification pop-up when i tried logging in through desktop yesterday but i just x'd out and logged in anyway

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Luisa via Roma (US)
    Brand - 125 x 125