Malicious content in post "To All FFXI Addicts Like Myself!"?(false positive)

mackerel · 11-12-2008, 09:18 PM

Safe Browsing
Diagnostic page for hot-hot-hot-catlove.com

What is the current listing status for hot-hot-hot-catlove.com?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 8 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2008-11-12, and the last time suspicious content was found on this site was on 2008-11-11.
Malicious software includes 2 exploit(s). Successful infection resulted in an average of 3 new processes on the target machine.

Malicious software is hosted on 3 domain(s), including mmcounter.com, divinets.cn, filmmultimediaonline.cn.

3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including traffok.cn, teen-free.cn, divinets.cn.

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, hot-hot-hot-catlove.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

admin: assumed false positive, images removed just in case, waiting for verification (was sig and avatar related, not inserted content)

Sonomaa · 11-12-2008, 09:21 PM

killed the thread entirely, just to be safe.

LD · 11-12-2008, 09:23 PM

Saw the same thing on a couple other threads, the browser thread and the 3rd page of the plot hole thread in the elmer section.

Tsutsumiko · 11-12-2008, 09:27 PM

Ok so there was something wrong. I clicked and my anti-virus and all my anti-spyware stuff in my browsers stopped me from going to the page.

Crazy stuff.

mackerel · 11-12-2008, 09:38 PM

I wouldn't be surprised if this is another ffxi-targeted exploit, since it's being posted on BG. Can somebody who knows how to do this stuff figure out what this site is trying to install? Probably many of us have already visited those pages and are infected with whatever this is.

mackerel · 11-12-2008, 09:42 PM

"Windower 3.41 Released / BlinkMeNot&IME Updated" thread affected also.

Almalexia · 11-12-2008, 10:00 PM

Snips and Snails and Puppy Dog Tails - WTF, Google?

Thistle is a poster on BG, hot-hot-hot-catlove is his website. There's no problem with the site according to his LJ, but Google insists there's malicious code.

Sonomaa · 11-12-2008, 10:06 PM

its the guys avatar or sig or something like that, I am almost positive its nothing

Sonomaa · 11-12-2008, 10:07 PM

to be 100% safe, I have deleted his avatars and sigs for now

Thistle · 11-13-2008, 11:28 AM

Eek, yes that's my site. Sorry all, I've submitted my site to Google for a review. I'm the only one with access to it, my password is strong, and I sure as hell didn't add any bad stuff to it on my own. It has to be a mistake.

Tymon · 11-13-2008, 12:03 PM

This happened to my friend's site. Google will do that if anyone at all reports it for any reason.

You just have to ask them to do a review and they'll take it off if there isn't anything on there.

Callisto · 11-13-2008, 12:20 PM

Sorry Thistle, I reported it because I was jealous of your extremely charming avatar.

Thistle · 11-13-2008, 12:31 PM

Quote:

Originally Posted by Callisto

Sorry Thistle, I reported it because I was jealous of your extremely charming avatar.

Thanks for the laugh -- I needed one! My avatars/sigs are causing panic around the net this morning and I'm having to do a lot of explaining. :/

Quote:

Originally Posted by Tymon

This happened to my friend's site. Google will do that if anyone at all reports it for any reason.

You just have to ask them to do a review and they'll take it off if there isn't anything on there.

Yeah, I submitted a review request both yesterday and again this morning. Hopefully it'll get cleared up soon.

Rocl · 11-13-2008, 12:41 PM

Thistle's closed due to malware.

Thistle · 11-13-2008, 01:00 PM

Quote:

Originally Posted by Rocl

Thistle's closed due to malware.

I've been discovered! My cunning plan to steal all your porn has been thwarted. D:

WingsofAeris · 11-13-2008, 01:04 PM

My poor thread...

*/goes to sulk in her kitten corner*....

Ohaigaiz · 11-13-2008, 01:07 PM

Quote:

Originally Posted by WingsofAeris

My poor thread...

*/goes to sulk in her kitten corner*....

Oh my god.

Rocl · 11-13-2008, 01:08 PM

Quote:

Originally Posted by WingsofAeris

My poor thread...

*/goes to sulk in her kitten corner*....

asl?

nekura · 11-13-2008, 01:11 PM

Thistle, someone in your LJ mentioned that there was some potentially harmful Javascript on your page, was there any merit to that? Strong password or not there are always other avenues of attack...

WingsofAeris · 11-13-2008, 01:14 PM

Rather annoying seeing my thread "To All FFXI Addicts Like Myself!" disappear, after wanting to collect opinions from the FFXI community throughout all servers on an emerging phenomenon (MMORPG addiction and factors contributing to it). I suppose I'll just go with what the community had to say on the Allakhazam website.

Ohaigaiz · 11-13-2008, 01:15 PM

Quote:

Originally Posted by WingsofAeris

Rather annoying seeing the thread disappear, after wanting to collect opinions from the FFXI community throughout all servers on an emerging phenomenon (MMORPG addiction and factors contributing to it). I suppose I'll just go with what the community had to say on the Allakhazam website.

What emerging phenomenon? FFXI has been out for like 7 years. This addiction has always existed and always will exist. DID YOU THINK YOU WERE THE FIRST TO NOTICE? SILLY WOMAN!

WingsofAeris · 11-13-2008, 01:19 PM

Did I claim to be the first? No.

And when I say emerging, I am not referring to something relatively new within the past few months, but rather in terms of ten-ish years or less. Is it so bad to ask the actual gaming community what their thoughts and opinions are, when analyzing this? I, myself, am a participant in the addictive FFXI, and it was interesting hearing other perspectives other than my own towards this.

Ohaigaiz · 11-13-2008, 01:21 PM

No it's not OK when you have malicious shit in your linkz fuckin' with muh internet.

WingsofAeris · 11-13-2008, 01:23 PM

Quote:

Originally Posted by Ohaigaiz

No it's not OK when you have malicious shit in your linkz fuckin' with muh internet.

I posted no link in my post for clarification-just a brief post with my questions on the issue; I believe a responder did post a link/had a link in their signature/avatar towards a "malicious site" however. It's amusing you assumed that without even knowing what my thread is or what it involved. Did you even take the time to read the posts above?

11-12-2008, 09:18 PM	#1 (permalink)
mackerel Hydra Join Date: Dec 2006 Posts: 143	Malicious content in post "To All FFXI Addicts Like Myself!"?(false positive) Safe Browsing Diagnostic page for hot-hot-hot-catlove.com What is the current listing status for hot-hot-hot-catlove.com? Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. What happened when Google visited this site? Of the 8 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2008-11-12, and the last time suspicious content was found on this site was on 2008-11-11. Malicious software includes 2 exploit(s). Successful infection resulted in an average of 3 new processes on the target machine. Malicious software is hosted on 3 domain(s), including mmcounter.com, divinets.cn, filmmultimediaonline.cn. 3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including traffok.cn, teen-free.cn, divinets.cn. Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, hot-hot-hot-catlove.com did not appear to function as an intermediary for the infection of any sites. Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days. How did this happen? In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message. Next steps: Return to the previous page. If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center. admin: assumed false positive, images removed just in case, waiting for verification (was sig and avatar related, not inserted content) Last edited by Sonomaa; 11-13-2008 at 02:01 PM.

11-12-2008, 09:23 PM	#3 (permalink)
LD Chram Join Date: Jun 2006 Location: ... Posts: 2,899	Saw the same thing on a couple other threads, the browser thread and the 3rd page of the plot hole thread in the elmer section. __________________

11-12-2008, 09:27 PM	#4 (permalink)
Tsutsumiko CoP Dynamis Join Date: Nov 2007 Posts: 275	Ok so there was something wrong. I clicked and my anti-virus and all my anti-spyware stuff in my browsers stopped me from going to the page. Crazy stuff. __________________ 0688 4931 2018

11-12-2008, 10:00 PM	#7 (permalink)
Almalexia Sea Torques Join Date: Oct 2006 Posts: 837	Snips and Snails and Puppy Dog Tails - WTF, Google? Thistle is a poster on BG, hot-hot-hot-catlove is his website. There's no problem with the site according to his LJ, but Google insists there's malicious code. __________________

11-12-2008, 10:06 PM	#8 (permalink)
Sonomaa Modzilla The Anti-anti-Spider Join Date: Apr 2005 Location: Hudson, FL Posts: 4,783	its the guys avatar or sig or something like that, I am almost positive its nothing __________________

11-12-2008, 09:21 PM	#2 (permalink)
Sonomaa Modzilla The Anti-anti-Spider Join Date: Apr 2005 Location: Hudson, FL Posts: 4,783	killed the thread entirely, just to be safe.

11-12-2008, 09:38 PM	#5 (permalink)
mackerel Hydra Join Date: Dec 2006 Posts: 143	I wouldn't be surprised if this is another ffxi-targeted exploit, since it's being posted on BG. Can somebody who knows how to do this stuff figure out what this site is trying to install? Probably many of us have already visited those pages and are infected with whatever this is.

11-12-2008, 09:42 PM	#6 (permalink)
mackerel Hydra Join Date: Dec 2006 Posts: 143	"Windower 3.41 Released / BlinkMeNot&IME Updated" thread affected also.

11-12-2008, 10:07 PM	#9 (permalink)
Sonomaa Modzilla The Anti-anti-Spider Join Date: Apr 2005 Location: Hudson, FL Posts: 4,783	to be 100% safe, I have deleted his avatars and sigs for now __________________

11-13-2008, 11:28 AM	#10 (permalink)
Thistle Relic Shield Join Date: May 2006 Posts: 1,788	Eek, yes that's my site. Sorry all, I've submitted my site to Google for a review. I'm the only one with access to it, my password is strong, and I sure as hell didn't add any bad stuff to it on my own. It has to be a mistake. __________________ Thistle: Leather 100 +3 + moglification, bone/gold/cloth +1 Chaser: Gold 95 + 3 / Fishingbot: Wood 98 + 2 / Catsoup: Alchemy 100 +2 / Katerwaul: Bone 78 + 2 Total guild points turned in: 1,870,000 / Blog Sig image made more "piratey" by Veloxe! Thanks!

11-13-2008, 12:03 PM	#11 (permalink)
Tymon Sea Torques Join Date: Mar 2005 Location: Memphis, TN Posts: 965	This happened to my friend's site. Google will do that if anyone at all reports it for any reason. You just have to ask them to do a review and they'll take it off if there isn't anything on there. __________________ Tymon - Retired Brawl FC: Drew-0731-4412-0088 Temenos - 80 Warrior Bravehearth - 70 Paladin Bloodscalp (Horde) US

11-13-2008, 12:20 PM	#12 (permalink)
Callisto This t Join Date: Sep 2007 Location: Chicago NW Suburbs Posts: 2,308	Sorry Thistle, I reported it because I was jealous of your extremely charming avatar. __________________ I sold Isildar most of my SCHMAKITY WAKKITY DO RIDILL FAT CHICKS ETC and all I got was my job is down. But then we rode perversively in a . The HQ one with a mangerable pile of secrets. But when we got there the camwhore taking orders was all like SPACE POOPIN'. Callisto \| Thorald MogHouse LS - Ramuh Cliff Notes: - 100% LEGIT BITCHES

11-13-2008, 12:41 PM	#14 (permalink)
Rocl Saint Rocl Von Quitter the 2nd Patron of Yin Join Date: Aug 2005 Posts: 146	Thistle's closed due to malware. __________________ Another day older, and deeper in debt Saint Peter don't call me cause I can't go!

11-13-2008, 01:04 PM	#16 (permalink)
WingsofAeris Melee Summoner Join Date: Jun 2008 Location: Bellingham, WA Posts: 15	My poor thread... /goes to sulk in her kitten corner.... __________________ :: Phoenix Server \| BlackMage(main)/Monk/Samurai 75 ::

11-13-2008, 01:11 PM	#19 (permalink)
nekura Sea Torques Join Date: Jul 2007 Location: Bellevue, WA Posts: 568	Thistle, someone in your LJ mentioned that there was some potentially harmful Javascript on your page, was there any merit to that? Strong password or not there are always other avenues of attack... __________________ RDM75/COR75/WAR75

11-13-2008, 01:14 PM	#20 (permalink)
WingsofAeris Melee Summoner Join Date: Jun 2008 Location: Bellingham, WA Posts: 15	Rather annoying seeing my thread "To All FFXI Addicts Like Myself!" disappear, after wanting to collect opinions from the FFXI community throughout all servers on an emerging phenomenon (MMORPG addiction and factors contributing to it). I suppose I'll just go with what the community had to say on the Allakhazam website. __________________ :: Phoenix Server \| BlackMage(main)/Monk/Samurai 75 ::

11-13-2008, 01:19 PM	#22 (permalink)
WingsofAeris Melee Summoner Join Date: Jun 2008 Location: Bellingham, WA Posts: 15	Did I claim to be the first? No. And when I say emerging, I am not referring to something relatively new within the past few months, but rather in terms of ten-ish years or less. Is it so bad to ask the actual gaming community what their thoughts and opinions are, when analyzing this? I, myself, am a participant in the addictive FFXI, and it was interesting hearing other perspectives other than my own towards this. __________________ :: Phoenix Server \| BlackMage(main)/Monk/Samurai 75 ::

11-13-2008, 01:21 PM	#23 (permalink)
Ohaigaiz Sea Torques Join Date: Jul 2008 Location: Orlando Posts: 651	No it's not OK when you have malicious shit in your linkz fuckin' with muh internet.