The anti-spam plugins have stopped being effective. Registration is back to requiring approval. After registering, you must ALSO email me with your username, so that I can manually approve your account.

Main Menu

Tracking down a malware issue

Started by sagebrush, February 25, 2009, 06:43:07 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


I was contacted from someone from Xylia, trying to track down a malware problem.  Some rather vague fan reports have indicated that my site also had this problem, but we don't know WHICH of my sites.  We think the source could be from Project Wonderful or Drunk Duck's ad system, which is all we have in common.

Has anyone heard anything like this lately, like in the last few days or so?

Reports (according to Xylia's rep):

From reader Dragonspyrit

"Hi all.. I didn't know where else to post this, so I'm putting it here in the hopes of warning others that something is amiss D:

I rediscovered Xylia Tales this morning and happily began re-reading things to get caught up.. when one of the ads on the site installed an extremely malicious batch of spyware onto my computer. It's a fake spyware removal program (I can't remember the name, since I'm using another computer while my friend heads over to try and fix mine) that constantly spawns error messages and tries to install more malware on my machine. From what I can tell the only way I can remove it is to reformat my computer :(

There is no other site this bug could have come from (the main keenspot page, not this blog) as it was the only thing I was browsing when this all went down. I know this is in no way the fault of the artist or any admin, but I wanted to warn people in case this happened to someone else. I sadly will not be able to read any more for fear of my computer. I dunno what to do :\"

And then Reader KyaStar responded to that with:

"Not good. The webcomic Crowfeathers is having this problem too."


Can you get specifics about what page it's appearing on or anything? The front page doesn't seem to have anything of the normally suspicious sort (usually a hidden iframe or the like) for crowfeathers. It's quite possible it could be from the ad systems though, as that's been a problem in the past with several banner ad networks. I went ahead and ran a full ClamAV (antivirus/malware) scan of all files in your public_html folder, and it came back clean. I really don't know what else to look for without some idea of where or what happened.


If people would get the hell off of ancient browsers and operating systems (like Win98 and IE6), issues like this would come to a damn near dead halt (as well as 90% of the spam and botnets on the net would stop).

Aside from OS and browser security issues from being out of date, nothing and I mean NOTHING can just install itself to your computer. Usually this is caused by some stupid user doing something, well, stupid. Generally stuff like when someone who doesn't really understand what they're doing just decides that because some random popup says, "Your computer is infected, click here and download X to clean it!" that it's a good idea to follow what it says and download said *spyware* to stop that pesky spyware or virus that's on their computer.

Then when it's all said and done, people get frustrated and decide that the only way to fix it is to reformat their computer... which is also equally as stupid now days. The fix I generally find that works better than reformatting is, "Install a new OS or get a new computer".
(\_/)    ~Relakuyae D'Selemae
(")_(")  [Libre Office] [Chrome]


Thanks for the scan.

No one (no fan) has told ME anything about this alleged attack, and I asked all over the place.  I even told Project Wonderful we were looking into this, and they said there was no way in hell it could have come from them.  I banned an advertiser that was promoting a website for desktop porn that apparently downloads spyware onto your computer if you download the porntastic screensaver, and I started a thread on TWCL looking for any more bad advertisers that needed banning. 

So if this has anything to do with me at all, it has to either be coming from something on Drunk Duck or my gallery on Lunarpages, which needs to be moved over here still.

Most likely it's an ID10T error.  :/


It really just sounds like someone screwed up on their end. If not, it'd be a lot more widespread.
And wasn't it you who told me,
"The sun would always chase the day"?


Right, and rather than take responsibility for doing something dumb, they'll blame the website that supposedly infected their computer all by itself.

People really are stupid...
(\_/)    ~Relakuyae D'Selemae
(")_(")  [Libre Office] [Chrome]