FireFox/Google blocking videohelp.com

[stiltman]

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US...videohelp.com/

Safe Browsing

Diagnostic page for videohelp.com


What is the current listing status for videohelp.com?

Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 39 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 33314 pages we tested on the site over the past 90 days, 9 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-27, and the last time suspicious content was found on this site was on 2012-08-25.Malicious software includes 60 exploit(s), 45 trojan(s), 14 backdoor(s). Successful infection resulted in an average of 6 new process(es) on the target machine.
Malicious software is hosted on 1 domain(s), including java.ns02.us/.
This site was hosted on 3 network(s) including AS16265 (LEASEWEB), AS15169 (Google Internet Backbone), AS9143 (AtHome Benelux BV).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, videohelp.com appeared to function as an intermediary for the infection of 1 site(s) including vcdhelp.com/.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 0 domain(s), including .

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

• Return to the previous page.
• If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

[Baldrick]

It's a www.openx.com security hole. I use it for the banners.

It is highly recommended to install this update as soon as possible, because it contains a number of security fixes. The version of OpenX which you are currently using might be vulnerable to certain attacks and is probably not secure. For more information about upgrading please read the documentation which is included in the files below.

I have removed the javascript and fixed the hole temporarily. And I'm updating openx now.

[ricardouk]

Should we be watching for something on our pcs? i've always trusted videohelp... i know your (Baldrick) work is 5 stars...but no one is perfect...should we just ignore it? Thats what i did.

[FulciLives]

Yeah I was getting a big read screen in Chrome and thinking WTF because I know the site is safe (at least when I'm NOT around) LOL

[Baldrick]

Should we be watching for something on our pcs? i've always trusted videohelp... i know your (Baldrick) work is 5 stars...but no one is perfect...should we just ignore it? Thats what i did.

Are you using internet explorer 6?
Or you didn't click OK on any JAVA-security applet popup?

[DB83]

Interesting to read this.

During my visits here over the last few days, Norton has reported the existance of a trojan (which it safely removed). I usually run an ad-blocker so I do not see the banner ads. The ad-blocker was turned off in this instance.

[ricardouk]

Are you using internet explorer 6?
Or you didn't click OK on any JAVA-security applet popup?

no and no...just asking Baldrick... thanks

[aedipuss]

google is insisting it's more than a fluke this time. they are reporting that the openx/java.ns02.us is actually infecting computers with trojans/virus/malware without clicking on anything. you are reported and on the stopbadware.org list also.

[Baldrick]

Just a javascript can't infect a computer with a virus. But it's usually a javascript with a java-applet that can infect your computer.

[aedipuss]

are they using the script to serve an ad with an applet?

[lordsmurf]

I've seen JS infect computers. Fake anti-malware tools are most common. It takes no interaction on the part of the recipient (infectee), and can happen from Firefox.

Generally speaking, the exploit is launched from a secondary site, so anybody using NoScript is (more) protected.

I was infected with crap in 2011, and started to use NoScript again because of it.

[Baldrick]

I have found the cracker in the logs. He started messing around on August 24th and updated the banners today at 17.43(GMT+1) with the javascript code.

But it shouldn't be possible now. I have updated openx and also added an extra login. Try access www.videohelp.com/oxp/www/admin

[aedipuss]

1? jeez before i gave up and shut down my forum for good i had hundreds of russian/chinese/east europeans trying to pwn it everyday....

[Baldrick]

Yep, just one for this security hole. According to the logs it looks kinda complex.

[jgg]

Firefox (based on the Google list) started blocking the site sometime yesterday (27 Aug) between 3 and 8 p.m. Berlin, Germany time. Now (ca. 3:30 pm) the site is accessible again. Just for the heck of it, though, I'm gonna check my computer with an online virus scanner.

Anyway. I'm glad you're available again.

[jgg]

I just checked my machine with the BitDefender online scanner, and it didn't find anything (whew!).

[Moontrash]

would it be better...or safer...to just try and turn this safebrowsing.clients.google thing off and use anti-virus etc to do its job or would it had not detected this sort of thing?

[chicken264]

i didn't see any problem