Reading mode: Light Dark

Are you a Mac or a PC?

Go to last post
Malware Warning:

Do not go to this page and click on the Home icon at the top:

http://blog.daminion.net/upcoming-posts/mac-vs-pc-what-photographers-prefer/

Otherwise, you may be redirected to a site that will pop up a screen claiming you have malware and show you results from a fake anti-virus engine that's supposedly scanning your hard drive. If you click on anything, it then attempt to install a file named packedupdate107_2156 dot exe

I have verified this behavior using Firefox 3.6.6 under Windows 7 and in Firefox 3.6.3 running from virtual machine booting into a PCLinuxOS Live Linux CD .iso, and on a totally different machine booting directly into a Linux distro (Mepis 8.5 using a Debian base) from a hard drive install, testing with Firefox 3.5.6

I have submitted the OP's home page ( http://blog.daminion.net ) to Wepawet for analysis with no problems found; and also submitted to the URL analysis engine at Finjin.com after seeing the initial problems.

On the surface, this behavior appears to be designed to elude detection by web page analysis engines.

I suspect it has something to do with adserver code looking at cookies and user agent info before doing a redirect to avoid detection, since I noticed it's not repeatable unless you clear your browser's cache and cookies and try again (then, it will attempt to redirect you to malicious content if you click on the main link in the OP's first post, then click on the "Home" icon at the top of the page).

So, the OP may not be aware of this issue, as it may have to do with an adserver being used with redirects based on User Agent info (IP address the viewer is using, etc.).

Again, I have verified this behavior on more than one machine under multiple operating systems (Windows 7, two different Linux distributions).

In all cases, the redirect to malicious content occurred after going to the link in the OP's first post to this thread, then clicking on the "Home" icon at the top.

Expand the below image for one example (Fiirefox 3.5.6 on a machine booting into Mepis 8.5):



Here's another (VM on different machine, running PCLinuxOS 2010.1 with Firefox 3.6.3):



Here's another (Firefox 3.6.6 running under 64 bit Windows 7):



--
JimC
------
http://www.pbase.com/jcockfield
 
Problem located. Again, do not visit the OP's home page, or you may be redirected to a page containing malicious content, especially after you clear any cookies.

The OP's home page at http://blog.daminion.net/ is calling javascript located at http://ae.awaue.com/7

A URL analysis sees the issue with it (see attached screen captures below):



Here's a screen capture with a section of the source code for the OP's main page showing that url:



--
JimC
------
http://www.pbase.com/jcockfield
 
The OP's site appears to be the victim of a known wordpress redirect exploit

Note the reference to ae.awaue.com/7 (which I see in the page source generated for the home page of the OP's blog):

http://wiki.mediatemple.net/w/WordPress_Redirect_Exploit

Again, I would not click on any pages on the OP's site (as in the link to PhilMartin's blog in the first post of this thread) until he fixes this issue.

Otherwise, you may be redirected to a page containing malicious content, as shown in the screen captures in my first page on this thread using multiple operating systems on more than one PC to verify the issue (fake anti-virus scan, with an attempt to install malicious software on your PC).

--
JimC
------
http://www.pbase.com/jcockfield
 
PhilMartin:

Please see my previous posts in this thread. Your blog (the site you have links for in your posts here) is directing readers to malicious content. This appears to be a result of a wordpress redirect exploit, as discussed on this page:

http://wiki.mediatemple.net/w/WordPress_Redirect_Exploit

I also sent an e-mail to the contact address shown on your blog about this issue.

For everyone else --- sorry to sound like a broken record. I just hate to see anyone fall victim to this type of problem, as some of the malware being served up by sites that the OP's blog is redirecting readers to can be difficult to remove, and this redirect exploit is not being detected by anti-malware programs and url scanners I have installed.

--
JimC
------
http://www.pbase.com/jcockfield
 
Jim, I appreciate your comment regarding the wordpress redirect exploit. It was fixed and that script was removed for entire blog.

During the next few hours we'll upgraded WordPress to the latest version with all patches.

If anybody has a blog based on WordPress, please open your blog first page source code and check for the phrases mentioned here:

http://digwp.com/2010/07/media-temple-wordpress-hack/
 
The problem was fixed and script was detected and removed from the blog.

Jim, thanks again for pointing to this problem.
 
Frankly, I'm surprised this exploit was not detected by numerous malware scanners I have installed, and not detected by multiple url scanners allowing you to submit a url for analysis, until I looked at the code and found the references to the malicious page at ae.awaue.com

Even then, http://wepawet.iseclab.org/index.php (a site using a url analysis engine), didn't see a problem when analyzing that url directly (probably due to it's use of tinyurl).

The scanner here did find it (but only when submitting the link to the offending page at ae-awaue.com in the generated source code, not when submitting the url to your main blog page, which came up clean).

http://www.m86security.com/resources/url-analysis.asp

Criminals hacking into sites and planting these exploits are getting to be very smart, and using exploits that are very good about evading detection now.

--
JimC
------
http://www.pbase.com/jcockfield
 
"Real Photographers", as well as others, figured this out years ago; and, so did I (though, I was somewhat led to use of Mac notebook computers about ten years ago, while working with a team of university research engineers on a nuclear project, where each and everyone of them were using a Mac PowerBook notebook computer that had been their "standard issue" computers by the university". I purchased one of these computers at my own expense --- and, in very short time, was immediately converted from using "PC" to use of MAC computers exclusively".): :|

http://www.kenrockwell.com/apple/why-pros-use-mac.htm

--
BRJR ....(LOL, some of us are quite satisfied as Hobbyists ..)


PhilMartin said:
The answer depends on many factors including your job. Many designers prefer Macs, while Architects and Constructors work on a PC. What about photographers?





Please vote:
http://blog.daminion.net/upcoming-posts/mac-vs-pc-what-photographers-prefer/
Click to expand...
 
rm2 said:
PCLinuxOS all the way! Thanks for asking. ;)
Click to expand...
PCLinuxOS and Mepis were the other 2 distro's I played around with before installing Ubuntu.

PCLinuxOS is a very nice distro. I liked it a lot, and preferred the KDE to GNOME. But I went with Ubuntu because I figured since it was the #1 distro, there would be more help available online for it.

And boy, I sure did need a lot of help... LOL ;-)

Candice in PA
 
Jim Cockfield said:
Frankly, I'm surprised this exploit was not detected by numerous malware scanners I have installed, and not detected by multiple url scanners allowing you to submit a url for analysis, until I looked at the code and found the references to the malicious page at ae.awaue.com
Click to expand...
Get a Mac and worry about virus/malware when it becomes a problem. This allows you to save money by not buying antivirus/malware software. These issues may become an problem for macs someday, but until then, I'll continue to happily surf and click on whatever I want without worry!
 
But, other than "semantics", the two are as different as "night and day"; and, for the most part, so are the users. :-)

--
BRJR ....(LOL, some of us are quite satisfied as Hobbyists ..)


Al Patterson said:
I use Windows XP Professional, as that's what I have at work, so I use the same at home.

--
Al Patterson
Click to expand...
 
are cheap plastic cr@p, but I don't have a problem when I visit friends with MACs navigating the OS. For now, I'll dual-boot Windows and Linux on an AMD processor and thus avoid the "MAC Tax".

Yeah, the "MAC" users seem to think their p@@p doesn't stink...
(sarcasm, but you get the point.)

--
Al Patterson
 
BRJR said:
But, other than "semantics", the two are as different as "night and day"; and, for the most part, so are the users. :-)
Click to expand...
Very true in my family. The Mac users in my family are not technically savvy and are so dependent. With the slightest problem, they are off to Apple Care. (They sure get their money's worth but pay dearly with their own time waiting).

We PC users can figure out the problem and resolve it before the Mac users get the car started.

--mamallama
 
this is I what I use:

Photo related apps Lightroom Photoshop ==> MAC
Proshow Producer ==> PC

--
looking for a new house for my lenses
Minolta Lenses:
100-200
Beercan
Sigma Lenses:
135-400
24-60 f2.8
 
You must log in or register to reply here.

Keyboard shortcuts

f
Forum
m
My threads
Mobile site
About
Editorial content
Cameras & Lenses
Community
All content, design, and layout are Copyright © 1998–2025 Digital Photography Review All Rights Reserved.
Reproduction in whole or part in any form or medium without specific written permission is prohibited.
When you use DPReview links to buy products, the site may earn a commission.
©GPS Media - Guides, Products, Services.
Back
Top