ca.js trojan on Pprune?
Thread Starter
Joined: Apr 2009
Posts: 816
Likes: 0
From: UK
ca.js trojan on Pprune?
Today when I open a page on pprune (only) I often get an open/save dialogue box for ca.js which would seem to be a trojan (and obviosly I do not open or save). Anybody else getting this? Is this emanating from some of the adverts on pprune? I have up to date anti-virus software running.
Encyclopedia Search Results: JS/Redirector - Learn more about malware - Microsoft Malware Protection Center
Screenshot:
Encyclopedia Search Results: JS/Redirector - Learn more about malware - Microsoft Malware Protection Center
Screenshot:
Last edited by Torque Tonight; 1st October 2012 at 11:57.
Thread Starter
Joined: Apr 2009
Posts: 816
Likes: 0
From: UK
Just been using a different computer and sure enough on pprune only I'm getting these dialogue boxes. Both computers are clean according to Norton and Malwarebytes. Seems to be something nasty lurking in pprune today.
Now also jload.js from pixel.adsafeprotected.com. Excellent.
Now also jload.js from pixel.adsafeprotected.com. Excellent.
Last edited by Torque Tonight; 1st October 2012 at 18:29.
Joined: Aug 2002
Posts: 3,663
Likes: 0
From: Earth
Block all coms with the site amazonaws.com
Amazonaws? The Amazon cloud ? Given Amazon is one of the largest cloud providers, you could find yourself blocking more than you set out to !
Administrator
Joined: Mar 2001
Aviation Qualifications: PPL
Posts: 8,121
Likes: 686
From: Twickenham, home of rugby
have any of you reported this to Clee?
No point just complaining here if you don't tell the sysadmins
No point just complaining here if you don't tell the sysadmins
When the US west coast wakes up I'm sure they will be onto it!
SD
Guest
Joined: Mar 2011
Posts: 673
Likes: 0
From: El Segundo
Thanks for the reports, guys. We haven't been able to see this issue here, so we need more data.
The two things we're seeking are the sources of the Javascript files (so far you guys have reported choices.truste.com and pixel.adsafeprotected.com), and what ads are on the page when you see these popups, as they are most likely coming from ads.
We don't recommend blocking the entire Amazon cloud, as you will likely end up blocking many sites, big and small, that use the Amazon cloud for hosting.
The two things we're seeking are the sources of the Javascript files (so far you guys have reported choices.truste.com and pixel.adsafeprotected.com), and what ads are on the page when you see these popups, as they are most likely coming from ads.
We don't recommend blocking the entire Amazon cloud, as you will likely end up blocking many sites, big and small, that use the Amazon cloud for hosting.
Guest
Joined: Mar 2011
Posts: 673
Likes: 0
From: El Segundo
Just be on the safe side, I had one of our developers scan the site code to see if anything got injected into it. He didn't find anything and believes this is an issue with Internet Explorer 9. If you're experiencing the issue, try using another browser and seeing if the issue clears up. If not, let us know the ad that's on the page (name of advertiser and link the ad goes to), as well as the source of the JS file, and we'll take a look.
EDIT TO ADD:
For what it's worth, Google Safe Browsing diagnostic shows both above reported JS sources to be safe:
Google Safe Browsing diagnostic page for pixel.adsafeprotected.com
Google Safe Browsing diagnostic page for choices.truste.com
EDIT TO ADD:
For what it's worth, Google Safe Browsing diagnostic shows both above reported JS sources to be safe:
Google Safe Browsing diagnostic page for pixel.adsafeprotected.com
Google Safe Browsing diagnostic page for choices.truste.com
