ca.js trojan on Pprune?
Thread Starter
Join Date: Apr 2009
Location: UK
Posts: 816
Likes: 0
Received 0 Likes
on
0 Posts
ca.js trojan on Pprune?
Today when I open a page on pprune (only) I often get an open/save dialogue box for ca.js which would seem to be a trojan (and obviosly I do not open or save). Anybody else getting this? Is this emanating from some of the adverts on pprune? I have up to date anti-virus software running.
Encyclopedia Search Results: JS/Redirector - Learn more about malware - Microsoft Malware Protection Center
Screenshot:
Encyclopedia Search Results: JS/Redirector - Learn more about malware - Microsoft Malware Protection Center
Screenshot:
Last edited by Torque Tonight; 1st Oct 2012 at 11:57.
Thread Starter
Join Date: Apr 2009
Location: UK
Posts: 816
Likes: 0
Received 0 Likes
on
0 Posts
Just been using a different computer and sure enough on pprune only I'm getting these dialogue boxes. Both computers are clean according to Norton and Malwarebytes. Seems to be something nasty lurking in pprune today.
Now also jload.js from pixel.adsafeprotected.com. Excellent.
Now also jload.js from pixel.adsafeprotected.com. Excellent.
Last edited by Torque Tonight; 1st Oct 2012 at 18:29.
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
Block all coms with the site amazonaws.com
Amazonaws? The Amazon cloud ? Given Amazon is one of the largest cloud providers, you could find yourself blocking more than you set out to !
Spoon PPRuNerist & Mad Inistrator
have any of you reported this to Clee?
No point just complaining here if you don't tell the sysadmins
No point just complaining here if you don't tell the sysadmins
When the US west coast wakes up I'm sure they will be onto it!
SD
Join Date: Mar 2011
Location: El Segundo
Posts: 674
Likes: 0
Received 0 Likes
on
0 Posts
Thanks for the reports, guys. We haven't been able to see this issue here, so we need more data.
The two things we're seeking are the sources of the Javascript files (so far you guys have reported choices.truste.com and pixel.adsafeprotected.com), and what ads are on the page when you see these popups, as they are most likely coming from ads.
We don't recommend blocking the entire Amazon cloud, as you will likely end up blocking many sites, big and small, that use the Amazon cloud for hosting.
The two things we're seeking are the sources of the Javascript files (so far you guys have reported choices.truste.com and pixel.adsafeprotected.com), and what ads are on the page when you see these popups, as they are most likely coming from ads.
We don't recommend blocking the entire Amazon cloud, as you will likely end up blocking many sites, big and small, that use the Amazon cloud for hosting.
Join Date: Mar 2011
Location: El Segundo
Posts: 674
Likes: 0
Received 0 Likes
on
0 Posts
Just be on the safe side, I had one of our developers scan the site code to see if anything got injected into it. He didn't find anything and believes this is an issue with Internet Explorer 9. If you're experiencing the issue, try using another browser and seeing if the issue clears up. If not, let us know the ad that's on the page (name of advertiser and link the ad goes to), as well as the source of the JS file, and we'll take a look.
EDIT TO ADD:
For what it's worth, Google Safe Browsing diagnostic shows both above reported JS sources to be safe:
Google Safe Browsing diagnostic page for pixel.adsafeprotected.com
Google Safe Browsing diagnostic page for choices.truste.com
EDIT TO ADD:
For what it's worth, Google Safe Browsing diagnostic shows both above reported JS sources to be safe:
Google Safe Browsing diagnostic page for pixel.adsafeprotected.com
Google Safe Browsing diagnostic page for choices.truste.com