My Mac, Safari and TRF

[LordNinja]

Now, in chrome flavor.

[Dan Pierce]

Now my mac is running fine, must have been the network at the airport I'm working at.
But I'm afraid to log on TRF so I'm using my DROID instead.
dP

[316lad]

It's still problematic Dan - as of 09:51
With Safari blocking the site and then this...

[Alex1974]

Here we go :





Regards,
Alex

[HL65]

No issues here and I am also running Lion on my iMac.

[OrangeSport]

Yep, getting the same message on Chrome. Have logged in on my Android instead...

[Lol-x]

No problems.
Make sure you are logged into www.rolexforums.com

[Jimbits76]

Certainly an issue somewhere. I'm getting a pop up asking me to download a piece of software disguised as a microsoft security patch. It's coming from Ccsnaioborn or something!

J

[Jimbits76]

BTW I'm running XP and IE8.

I'm also getting pop ups from Nemmess something or other...

J

[ArcticMoose]

I'm still getting the warning, Safari 5.1.2 on Lion, logged in to www.rolexforums.com.

[Fiery]

Both IE8 and NOD32 throws an alert when visiting TRF. I've never had such issues before... NOD32 says:

*h*t*t*p*://nempesrsrioic.com/content/v1.jar

Java/TrojanDownloader.OpenConnection.AQ trojan

Does anyone else get such an alert? (I've put the asterisks in the URL)

[kultschar]

Im getting malware warning on my Mac - Safari???

[drockadam]

I'm getting it on my laptop! I'll be signing off TRF until, this goes away.

[Fiery]

I've added this to my HOSTS file (which is in \Windows\System32\drivers\etc, at least under WinXP):

127.0.0.1 nempesrsrioic.com

That made it go away :) I hope the mods will take care of getting rid of this threat.

[316lad]

Still getting these two before running away quickly.

Hope it's nothing serious guys.

my system is OS X 10.6 Snow Leopard
Safari
Firefox

Pulling warning signs on both browsers.

[speedo]

Same here. I receive a warning on my pc however it runs flawless on my iphone.

[MoBe]

I`ve been getting trojan warnings from my Kaspersky Anti Virus software.

[roach7]

and i thought i was the only one...

what's going on?

[GradyPhilpott]

Google put up a warning on the site and I've had three (make that at least six now and counting) warnings from Norton that a trojan has been cleaned in rapid succession this morning, not including a couple last night.

[mtrunner]

Not good. I am going to log off until this is is sorted out. Don't want to infect my work computer.

[nauticajoe]

Getting the same problem malware warning. Yikes!





Sent from my iPhone using Tapatalk

[HDHNTER]

Malware warning for me as well.

[mitchy]

me too, not good!!!

[Mosco]

Works fine on my iPad...

[CashGap]

Warning - visiting this web site may harm your computer!

Suggestions:
Return to the previous page and pick another result.
Try another search to find what you're looking for.
Or you can continue to http://www.rolexforums.com/ at your own risk. For detailed information about the problems we found, visit Google's Safe Browsing diagnostic page for this site.

For more information about how to protect yourself from harmful software online, you can visit StopBadware.org.

If you are the owner of this web site, you can request a review of your site using Google's Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

[Cru Jones]

my message:

"Symantec Endpoint Protection - [SID: 24225] - Web Attack: Blackhole Toolkit Website 5 detected."

[dalip]

Working fine on all my devices....all Mac. Seems to be selective. It is being looked into.

[77T]

Thanks to the Mods - please let the hosting company for TRF know that the problem still exists.

New diagnostics report this morning has narrowed the source of malware to 2 domains: ccsnaioebom.com and ysybciderbmcp.com

The problem appears to be on some, but not all, of the virtual name servers at Go Daddy?

Or the Hosting/MNS provider, Liquid Web, may have some issues and is redirecting?

Either way it appears the malicious script(s) is/are not self-executing at this time. However this could change today or in the future. I noticed the number of exploits and Trojans since last nights report. It is now up to 23 exploits, 10 Trojans and 5 scripting exploits - any new ones may or may not become self-executing.

BTW, the "gift" results in an average of 4 new processes running on your PC/Mac. These could be benign like a kid wanting to show his mad coding skills to a bot net controller - or worse like a card skimmer bot waiting for you to use a credit card number for an online purchase.

Sorry for the long posts, just sharing in the spirit of teamwork. Not trying to alarm anyone. Thus far these exploits have been passive which means you'd be prompted to take an action that would insert malware on your machine - but disguised as a legitimate function.

[dalip]

Useful post. Thanks.

[77T]

Quote:

Originally Posted by Fiery

Both IE8 and NOD32 throws an alert when visiting TRF. I've never had such issues before... NOD32 says:

*h*t*t*p*://nempesrsrioic.com/content/v1.jar

Java/TrojanDownloader.OpenConnection.AQ trojan

Does anyone else get such an alert? (I've put the asterisks in the URL)

Yes last night one of the exploits was a jar loader - the disguised message was "Java needs to update files for this site". The exploit was a Java Archive file that had a bundle of multiple executables that would stay resident in background while collecting data on the target machine.

This is usually a keystroke logger specifically designed to log any 16 digit number followed by a 4 digit number and associated name data. After a few days of collection and tracking your activity, the bot code snippet wakes us and reports the contents of the logger to the botnet controller.