Spyware on Bulbapedia

N

Nando

追放されたバカ
Joined
Aug 22, 2006
Messages
3,227
Reaction score
10
I am posting from my Wii right now...

Just ten minutes ago, a massive spyware attack on my computer began while I viewed the Ash's Gliscor and Jessie's Yanmega pages of Bulbapedia. In light of the recent ad issues, coupled with the fact I had trusted sites open in my other windows, makes me strongly believe Bulbapedia should be checked.

EDIT: my anti-spyware program identified the attacking program as "Virtumonde," an adware program that it says manifests in page script errors.
 
Last edited:
A rather frightening find, and I thought I was perfectly safe here. At least the problem was solved on your machine, well done. But I still worry about looking at some Bulbapedia pages and hopefully this is just a one time incident rather than a very serious issue. This problem is really bad on many websites more notably adult sites or hentai sites but I guess just about any site can carry this kind of thing without the admins knowing. You did the right thing by reporting this on the forum. That way others can be warned about the page and the Bulbapedia admins can take action to make sure no one else gets infected.
 
I don't see how it is possible for adware or spyware to install itself simply by viewing a page. It shouldn't be possible even in Internet Explorer (the latest versions, that is).
 
There are exploits in various browsers which adware and spyware can use to install themselves without prior knowledge, quite a bit like trojans.
 
My virus program found something called "Downloader" that attacked five times between 11:01pm and 11:09pm, the times right after I went on Bulbapedia.
 
There is no "make" about it - just don't click on the ads and nothing will happen.
 
Zhen Lin said:
I don't see how it is possible for adware or spyware to install itself simply by viewing a page. It shouldn't be possible even in Internet Explorer (the latest versions, that is).
Click to expand...

Wikipedia said:
Some spyware authors infect a system through security holes in the Web browser or in other software. When the user navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and installation of spyware. The spyware author would also have some extensive knowledge of commercially-available anti-virus and firewall software. This has become known as a "drive-by download", which leaves the user a hapless bystander to the attack. Common browser exploits target security vulnerabilities in Internet Explorer and in the Sun Microsystems Java runtime.
Click to expand...
 
One, I sure don't appreciate getting blamed for this.

Two, I'm not one to tell others how to do their jobs, but it would be very unwise to blow this off and ignore it, lest something worse happen. I'm a warning sign, I'm an example... something bad is happening.
 
Zhen Lin said:
There is no "make" about it - just don't click on the ads and nothing will happen.
Click to expand...

That seems highly irresponsible to say, anyway. Really, Bulbapedia really should take steps to make sure spyware doesn't end up on anyone's computer. I know you need money to run, and ads provide revenue, but honestly, there must be some advertising service that DOESN'T need creepy spyware to turn a buck.
 
We can't be responsible for the actions (or inaction) of users. We can try to remove problematic ads (if we knew which ads they were, but we don't), but the best thing to do is to keep up with security patches on your own system.

Alternatively, just log in, and there won't be any ads shown at all.
 
More than likely, the issue we're having is being caused by one or two banner ads in particular, not the whole set that's being displayed.

We could really use the co-operation of the community in pinning down which of these banners is the problem. If someone can identify the exact one, it'll help a lot, and we'll be able to get our ad providers to kick that publisher much quicker.

Also, I'd suggest people at the very least make sure they have all the proper security updates on their computer. From memory, the exploit used by Virtumonde never even existed in any browser but IE, and has been patched for some time in IE7.
 
Actually, I think it exploited the fact I don't have the most recent Java update, at least from what I can tell (that Wiki page linked above was a big help) I fully intend to have that fixed right away...
 
I would also agree that utilizing either FireFox or Safari is the best method to avoid receiving any spyware attacks.
 
Please note: The thread is from 18 years ago.
Please take the age of this thread into consideration in writing your reply. Depending on what exactly you wanted to say, you may want to consider if it would be better to post a new thread instead.
Back
Top Bottom