The Rolex Forums   The Rolex Watch

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX

Old 9 December 2011, 02:59 PM   #1
rr-nyc
Liar & Ratbag
 
Join Date: Nov 2009
Real Name: Renato
Location: NYC / Miami Beach
Watch: Rolex Daytona
Posts: 5,344
My Mac, Safari and TRF

For the last hour or so, I cant view anything on this site without a phishing alert popping up.

Whats up?
rr-nyc is offline   Reply With Quote
Old 9 December 2011, 03:14 PM   #2
77T
2024 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 40,570
Same here. Have switched to Tapatalk. Methinks a Mod needs to tell sys admin that a 3rd party bit of code has found its way onto the server(s).

It is an insertion or a key logger from the trace I see and has already hopped from TRF to roebbelen.com, theoto.com.br, and 96k.com.cn

My suspicion is the .cn domain is the sender. Just my SWAG tho
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 9 December 2011, 03:15 PM   #3
sleddog
TRF Moderator & 2024 Patron
 
sleddog's Avatar
 
Join Date: Jul 2007
Real Name: Rob
Location: Nearby.
Posts: 24,898
I shall look into it........
To add, no problems on my end with a PC.
__________________
He who wears a Rolex is always on time, even when late!!

TRF's "After Dark" Bar & Nightclub Patron-Founding Member..
sleddog is offline   Reply With Quote
Old 9 December 2011, 03:24 PM   #4
77T
2024 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 40,570
Thanks

BTW the report I read showed 5 code exploits + 3 Trojans.

They all had signatures that were detectable or you wouldn't get the warning.

Worrisome tho since there really could have been 6 exploits and one of the could have been a Day 0 executable that hadn't been seen before.
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 9 December 2011, 03:26 PM   #5
sleddog
TRF Moderator & 2024 Patron
 
sleddog's Avatar
 
Join Date: Jul 2007
Real Name: Rob
Location: Nearby.
Posts: 24,898
Are you both logged in via rolexforums.com, or the Ip address?
__________________
He who wears a Rolex is always on time, even when late!!

TRF's "After Dark" Bar & Nightclub Patron-Founding Member..
sleddog is offline   Reply With Quote
Old 9 December 2011, 03:28 PM   #6
Dan Pierce
2024 Pledge Member
 
Dan Pierce's Avatar
 
Join Date: Dec 2006
Real Name: D'OH!
Location: Kentucky
Watch: Rolex-1 Tudor-3
Posts: 35,666
Same here but only after hitting the advanced button when replying to a thread.
dP
Dan Pierce is offline   Reply With Quote
Old 9 December 2011, 03:31 PM   #7
Dan Pierce
2024 Pledge Member
 
Dan Pierce's Avatar
 
Join Date: Dec 2006
Real Name: D'OH!
Location: Kentucky
Watch: Rolex-1 Tudor-3
Posts: 35,666
Rolexforums.com
dP
Dan Pierce is offline   Reply With Quote
Old 9 December 2011, 03:34 PM   #8
sleddog
TRF Moderator & 2024 Patron
 
sleddog's Avatar
 
Join Date: Jul 2007
Real Name: Rob
Location: Nearby.
Posts: 24,898
Quote:
Originally Posted by Dan Pierce View Post
Rolexforums.com
dP
Thanks Dan!
__________________
He who wears a Rolex is always on time, even when late!!

TRF's "After Dark" Bar & Nightclub Patron-Founding Member..
sleddog is offline   Reply With Quote
Old 9 December 2011, 03:35 PM   #9
oneillba
"TRF" Member
 
oneillba's Avatar
 
Join Date: Apr 2008
Real Name: Brian
Location: Hamilton, MI USA
Watch: My beloved TT DJ
Posts: 3,831
I had the same message. Time to go to bed!
__________________

My Trusty TT DJ
oneillba is offline   Reply With Quote
Old 9 December 2011, 03:36 PM   #10
LordNinja
"TRF" Member
 
LordNinja's Avatar
 
Join Date: Aug 2008
Real Name: Chris
Location: Boston
Watch: 116610,116233,OsQz
Posts: 1,109
Anyone else getting a phishing warning?

On my Apple computers I am getting a warning saying when I click to post the forum is trying to redirect me to a flagged randomly named domain.


I checked DNS to see if two different laptops happen to be hijacked but that does not seem to be the case.

Anyone else on a mac with Lion?
LordNinja is offline   Reply With Quote
Old 9 December 2011, 03:37 PM   #11
rr-nyc
Liar & Ratbag
 
Join Date: Nov 2009
Real Name: Renato
Location: NYC / Miami Beach
Watch: Rolex Daytona
Posts: 5,344
Quote:
Originally Posted by sleddog View Post
Are you both logged in via rolexforums.com, or the Ip address?
Rolexforums
rr-nyc is offline   Reply With Quote
Old 9 December 2011, 03:37 PM   #12
rr-nyc
Liar & Ratbag
 
Join Date: Nov 2009
Real Name: Renato
Location: NYC / Miami Beach
Watch: Rolex Daytona
Posts: 5,344
Quote:
Originally Posted by sleddog View Post
I shall look into it........
To add, no problems on my end with a PC.
Thanks!
rr-nyc is offline   Reply With Quote
Old 9 December 2011, 03:38 PM   #13
sleddog
TRF Moderator & 2024 Patron
 
sleddog's Avatar
 
Join Date: Jul 2007
Real Name: Rob
Location: Nearby.
Posts: 24,898
Quote:
Originally Posted by LordNinja View Post
On my Apple computers I am getting a warning saying when I click to post the forum is trying to redirect me to a flagged randomly named domain.


I checked DNS to see if two different laptops happen to be hijacked but that does not seem to be the case.

Anyone else on a mac with Lion?
I've moved your post over here Chris, to an already current thread on the same issue!
__________________
He who wears a Rolex is always on time, even when late!!

TRF's "After Dark" Bar & Nightclub Patron-Founding Member..
sleddog is offline   Reply With Quote
Old 9 December 2011, 03:38 PM   #14
rr-nyc
Liar & Ratbag
 
Join Date: Nov 2009
Real Name: Renato
Location: NYC / Miami Beach
Watch: Rolex Daytona
Posts: 5,344
Quote:
Originally Posted by LordNinja View Post
On my Apple computers I am getting a warning saying when I click to post the forum is trying to redirect me to a flagged randomly named domain.


I checked DNS to see if two different laptops happen to be hijacked but that does not seem to be the case.

Anyone else on a mac with Lion?
Using lion as well
rr-nyc is offline   Reply With Quote
Old 9 December 2011, 03:38 PM   #15
LordNinja
"TRF" Member
 
LordNinja's Avatar
 
Join Date: Aug 2008
Real Name: Chris
Location: Boston
Watch: 116610,116233,OsQz
Posts: 1,109
Rolexforums as well, I think it's the iframe hack in place somehow... it tries to redirect.. I guess I was right it was widespread so to speak. A PC would not know unless it had special software.
LordNinja is offline   Reply With Quote
Old 9 December 2011, 03:40 PM   #16
Dan Pierce
2024 Pledge Member
 
Dan Pierce's Avatar
 
Join Date: Dec 2006
Real Name: D'OH!
Location: Kentucky
Watch: Rolex-1 Tudor-3
Posts: 35,666
Rob,
Seems to happen while just viewing the IP address and only when using the advanced button on the Rolexforums.com.
dP
__________________
TRF Member# 1668
Bass Player in TRF "AFTER DARK" Bar & NightClub Band
Commander-in-Chief of The Nylon Nation
The Crown & Shield Club
Honorary Member of P-Club
Dan Pierce is offline   Reply With Quote
Old 9 December 2011, 03:43 PM   #17
LordNinja
"TRF" Member
 
LordNinja's Avatar
 
Join Date: Aug 2008
Real Name: Chris
Location: Boston
Watch: 116610,116233,OsQz
Posts: 1,109
Very interesting. I have seen apple/google false flag domains in the past.. but it's rare enough to be concerned. I think normaly people drop hidden frames in place that contain the 'window' to flagged stuff..
LordNinja is offline   Reply With Quote
Old 9 December 2011, 03:44 PM   #18
sleddog
TRF Moderator & 2024 Patron
 
sleddog's Avatar
 
Join Date: Jul 2007
Real Name: Rob
Location: Nearby.
Posts: 24,898
Quote:
Originally Posted by Dan Pierce View Post
Rob,
Seems to happen while just viewing the IP address and only when using the advanced button on the Rolexforums.com.
dP
OK.....Good to know!
__________________
He who wears a Rolex is always on time, even when late!!

TRF's "After Dark" Bar & Nightclub Patron-Founding Member..
sleddog is offline   Reply With Quote
Old 9 December 2011, 03:45 PM   #19
BOA
"TRF" Member
 
BOA's Avatar
 
Join Date: Sep 2009
Real Name: Bruce
Location: Chicago, IL
Watch: Meteorite DD
Posts: 2,129


This is what I'm getting.
BOA is offline   Reply With Quote
Old 9 December 2011, 03:48 PM   #20
Grissom
"TRF" Member
 
Grissom's Avatar
 
Join Date: Oct 2010
Real Name: Nathan
Location: US, Latin America
Watch: GMT IIc 18K/SS
Posts: 3,349
I'm not seeing any issues running snow leopard.......is this something only lion will detect?
__________________
(Member NAWCC since 1976)
116713LN GMT-IIc 18k/SS (Z) + 116520 SS Daytona (M) + 16700 GMT Master (A) + 16610LV Submariner (V) + 16600 Sea Dweller (Z) +
116400 Milgauss White Dial (V) + 70330N Tudor Heritage Chronograph Grey w/Black Sub Dials (J) + 5513 Submariner Serif Dial (5.2 Mil)

Who else needs an Intervention?
(109 297) (137 237) (73 115) (221) (23) (56) (229) P-Club Member #5

RIP JJ Irani - TRF Legend
Grissom is offline   Reply With Quote
Old 9 December 2011, 03:53 PM   #21
77T
2024 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 40,570
Quote:
Originally Posted by Dan Pierce View Post
Rob,
Seems to happen while just viewing the IP address and only when using the advanced button on the Rolexforums.com.
dP
Not exactly
Am running Lion and did the security update Apple pushed last night.
Have spun up Firedox and it is in a DNS redirect loop when trying to resolve TRF's domain.
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 9 December 2011, 03:57 PM   #22
Dan Pierce
2024 Pledge Member
 
Dan Pierce's Avatar
 
Join Date: Dec 2006
Real Name: D'OH!
Location: Kentucky
Watch: Rolex-1 Tudor-3
Posts: 35,666
Yes, now it does it on both sights while just viewing.
dP
Dan Pierce is offline   Reply With Quote
Old 9 December 2011, 03:59 PM   #23
dalip
"TRF" Member
 
dalip's Avatar
 
Join Date: Sep 2009
Real Name: Dalip
Location: Mumbai and Perth
Watch: Rolex PAM Omega
Posts: 18,656
No issues for me at all - running Lion.
__________________



------------------------------------------------------------
"The liar's punishment is not in the least that he is not believed, but that he cannot believe anyone else." George Bernard Shaw
dalip is offline   Reply With Quote
Old 9 December 2011, 03:59 PM   #24
77T
2024 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 40,570
Chrome on Mac with OS X 10.7.2 is working. But as you try to use a feature like attaching a file, the warning pops up.
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 9 December 2011, 04:00 PM   #25
hdrazor251
"TRF" Member
 
hdrazor251's Avatar
 
Join Date: Nov 2010
Real Name: Jeff
Location: Arizona
Watch: is recovered!!
Posts: 4,249
I get nothing with ie but on the same laptop with chrome I get a similar warning as BOA.
__________________
16753 GMT Master, 16613 Bluesy, 16710 GMT Master II, 16570 Polar Explorer II-Stolen & Recovered!!
Card Carrying Member of the Global Assoc. of Retro-Grouch-Curmudgeons
hdrazor251 is offline   Reply With Quote
Old 9 December 2011, 04:07 PM   #26
77T
2024 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 40,570
Quote:
Originally Posted by hdrazor251 View Post
I get nothing with ie but on the same laptop with chrome I get a similar warning as BOA.
You might just be getting a secret gift that keeps on giving

Is this the warning everyone is getting with diagnostics? The redirect to ysybciderbmcp.com is what's causing the alert.

Safe Browsing
Diagnostic page for ysybciderbmcp.com

What is the current listing status for ysybciderbmcp.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 5 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-12-08, and the last time suspicious content was found on this site was on 2011-12-08.
Malicious software includes 5 exploit(s), 3 trojan(s).
This site was hosted on 18 network(s) including AS31334 (KABELDEUTSCHLAND), AS6830 (UPC), AS39309 (EDUTEL).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, ysybciderbmcp.com did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 4 domain(s), includingroebbelen.com/, theoto.com.br/, 96k.com.cn/.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Old 9 December 2011, 04:10 PM   #27
LordNinja
"TRF" Member
 
LordNinja's Avatar
 
Join Date: Aug 2008
Real Name: Chris
Location: Boston
Watch: 116610,116233,OsQz
Posts: 1,109
Same as above message
LordNinja is offline   Reply With Quote
Old 9 December 2011, 04:23 PM   #28
Dan Pierce
2024 Pledge Member
 
Dan Pierce's Avatar
 
Join Date: Dec 2006
Real Name: D'OH!
Location: Kentucky
Watch: Rolex-1 Tudor-3
Posts: 35,666
My mac is running slow if at all now.
dP
Dan Pierce is offline   Reply With Quote
Old 9 December 2011, 04:28 PM   #29
hdrazor251
"TRF" Member
 
hdrazor251's Avatar
 
Join Date: Nov 2010
Real Name: Jeff
Location: Arizona
Watch: is recovered!!
Posts: 4,249
77T - Yip that's it.
__________________
16753 GMT Master, 16613 Bluesy, 16710 GMT Master II, 16570 Polar Explorer II-Stolen & Recovered!!
Card Carrying Member of the Global Assoc. of Retro-Grouch-Curmudgeons
hdrazor251 is offline   Reply With Quote
Old 9 December 2011, 04:33 PM   #30
Dan Pierce
2024 Pledge Member
 
Dan Pierce's Avatar
 
Join Date: Dec 2006
Real Name: D'OH!
Location: Kentucky
Watch: Rolex-1 Tudor-3
Posts: 35,666
Now my mac is running fine, must have been the network at the airport I'm working at.
But I'm afraid to log on TRF so I'm using my DROID instead.
dP
Dan Pierce is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Takuya Watches

Bobs Watches

My Watch LLC

OCWatches

DavidSW Watches

Coronet


*Banners Of The Month*
This space is provided to horological resources.





Copyright ©2004-2024, The Rolex Forums. All Rights Reserved.

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX

Rolex is a registered trademark of ROLEX USA. The Rolex Forums is not affiliated with ROLEX USA in any way.