Awesome - just got virus thru Zach Arias' site

Clicked the link on his site to Radio Poppers and caught me an ITD. Internet Security 2010. Just FYI.
Wrong forum I know, but a high traffic area

Please point out the page with the link you clicked.

Mr. Clean wrote in post #9533098
.. caught me an ITD. Internet Security 2010. ..

You shouldn't go sippin' where someone's been dippin'

Brett wrote in post #9533172
Please point out the page with the link you clicked.

Ah - I ain't goin' back. It was on the fron page IIRC, the link was RadioPoppers

Perfect_10 wrote in post #9533183
You shouldn't go sippin' where someone's been dippin'

[GIFS ARE NOT RENDERED IN QUOTES]

amen brutha!

Mr. Clean wrote in post #9533238
Ah - I ain't goin' back. It was on the fron page IIRC, the link was RadioPoppers

amen brutha!

The front page is all Flash with just a menu, so no RP links there.

Googling "site:zarias.com Radio Poppers" returns exactly one result:
http://www.zarias.com/​?p=281

It's a page in his blog. There's a link to RP there:
**DON'T CLICK THIS** http://www.radiopopper​.com/blog **DON'T CLICK THIS**

That's a direct link; there's no javascript or link obfuscation from the zarias.com site.

Clicking that link takes you to the legit RP blog, but COMODO firewall stops AcroRd32.exe from loading. But, AcroRd32.exe is just an Adobe Acrobat Reader browser-integration file. Info here: http://kb2.adobe.com/c​ps/331/331506.html

COMODO reports that it attempted to "execute shellcode as a result of a possible buffer overflow attack. This is typical of a buffer overflow attack."

It sounds like something is amiss with the RP site. They are well-known and should be considered a "trusted" site, so it's possible an attack has been injected on their site. I'll shoot them an email to make them aware of it.

Edit: In fact, it's occurring on apparently all of their pages, including their front page. Email sent.

Awesome job Brett, you're mostly right I think. I hit the front page using Chrome? I just googled Zach Arias...Maybe I just luckily hit that link.
Good job sending feedback too, my poor desktop is dyin'! Running malwarebytes right now...

Mr. Clean wrote in post #9533483
Awesome job Brett, you're mostly right I think. I hit the front page using Chrome? I just googled Zach Arias...Maybe I just luckily hit that link.
Good job sending feedback too, my poor desktop is dyin'! Running malwarebytes right now...

Good luck. I'd be interested to know what the results are.

And get yourself a firewall!

Todd Lambert wrote in post #9533536
Man, so glad I'm on a Mac.... lol

Sorry

Certainly doesn't make you entirely immune to malware, though.

Radio Popper responded that they're looking into it now.

Brett wrote in post #9533531
Good luck. I'd be interested to know what the results are.

And get yourself a firewall!

Brett - worked like a charm! My desktop is good to go and I grabbed the free version of Comodo to try Running another scan now just in case

Brett wrote in post #9533689
Certainly doesn't make you entirely immune to malware, though.


Radio Popper responded that they're looking into it now.

Is it safe to go back yet

Mr. Clean wrote in post #9534164
Brett - worked like a charm! My desktop is good to go and I grabbed the free version of Comodo to try Running another scan now just in case

Is it safe to go back yet

Glad you're back in business. It doesn't seem to be huge threat to the PCs that visit that site, but I think there was an actual attack on radiopopper.com. Their site is currently completely down.

I'm glad you pointed it out here, so that I could alert them (something you should always try to do when you suspect an attack from a trusted site), and possibly save them some trouble.

So, you can try to go back, but it's currently a 404.