Today when I open a page on pprune (only) I often get an open/save dialogue box for ca.js which would seem to be a trojan (and obviosly I do not open or save). Anybody else getting this? Is this emanating from some of the adverts on pprune? I have up to date anti-virus software running.

Encyclopedia Search Results: JS/Redirector - Learn more about malware - Microsoft Malware Protection Center (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=JS/Redirector)


Screenshot:

http://www.use.com/images/s_3/1f0ec1cf4651d60fdcf8.jpg

Just been using a different computer and sure enough on pprune only I'm getting these dialogue boxes. Both computers are clean according to Norton and Malwarebytes. Seems to be something nasty lurking in pprune today.

Now also jload.js from pixel.adsafeprotected.com. Excellent.

You're not alone, I've been getting the second for a couple of hours.

Block all coms with the site amazonaws.com (google it)

Block all coms with the site amazonaws.com

Talk about using a sledgehammer to crack a nut !

Amazonaws? The Amazon cloud ? Given Amazon is one of the largest cloud providers, you could find yourself blocking more than you set out to !

have any of you reported this to Clee?
No point just complaining here if you don't tell the sysadmins

have any of you reported this to Clee?
No point just complaining here if you don't tell the sysadmins

I have already done so, linking to this thread.

When the US west coast wakes up I'm sure they will be onto it!

SD

Thank you Saab.:ok:

Thanks for the reports, guys. We haven't been able to see this issue here, so we need more data.

The two things we're seeking are the sources of the Javascript files (so far you guys have reported choices.truste.com and pixel.adsafeprotected.com), and what ads are on the page when you see these popups, as they are most likely coming from ads.

We don't recommend blocking the entire Amazon cloud, as you will likely end up blocking many sites, big and small, that use the Amazon cloud for hosting.

Just be on the safe side, I had one of our developers scan the site code to see if anything got injected into it. He didn't find anything and believes this is an issue with Internet Explorer 9. If you're experiencing the issue, try using another browser and seeing if the issue clears up. If not, let us know the ad that's on the page (name of advertiser and link the ad goes to), as well as the source of the JS file, and we'll take a look.

EDIT TO ADD:
For what it's worth, Google Safe Browsing diagnostic shows both above reported JS sources to be safe:

Google Safe Browsing diagnostic page for pixel.adsafeprotected.com (http://www.google.com/safebrowsing/diagnostic?site=pixel.adsafeprotected.com)
Google Safe Browsing diagnostic page for choices.truste.com (http://www.google.com/safebrowsing/diagnostic?site=choices.truste.com)