Previous 1 2 3 4 Next 53 Replies Latest reply: Sep 16, 2009 6:56 AM by LarsRaggio Go to original post
  • SPurpura Level 1 Level 1 (0 points)
    I just go this too. http://best-antivirus03.com/1/?sess= ...
  • schiang68 Level 1 Level 1 (0 points)
    I had the same experience, also resulting from a visit to the NYT website. I managed to stop the download before it completed, but any advice on how to check whether it's done any damage would be very much appreciated.
  • schiang68 Level 1 Level 1 (0 points)
    One additional piece of information (sorry for not posting this with my earlier message)--

    The address given in the Safari History for the download link is:

    http://sex-and-the-city.cn/go.php?id=2015&key=ace6725ec&p=1
  • zl9600 Level 1 Level 1 (20 points)
    This locked up my Safari on my iPhone (while reading NYT site), and the only way to get my browser back was to do a hard restart of my phone.
  • fmyers Level 1 Level 1 (0 points)
    I just had the identical experience as LarsRaggio - NYTimes / Gail Collins. The common thread seems to be the NYTimes. I'm a complete novice in these matters. Should the NYTimes do something about this? Do they need to be told about it? How?

    Frank
  • Mr. Cat Level 1 Level 1 (5 points)
    This thing took control of an unselected tab pretty dramatically. This is the order of URLs leading up to my encounter with this. (The URLs are broken to protect the cat in all of us.)

    (1) "Toxic Waters - Clean Waters Laws ...t to Health - Series - NYTimes.com" h ttp://www.nytimes.com/2009/09/13/us/13water.html?pagewanted=2&adxnnlx=1&partner =rss&emc=rss&adxnnlx=1252786066-gReQyo8jPjx%20YSkTYAGTYg

    (2) "Toxic Waters - Clean Waters Laws ...t to Health - Series - NYTimes.com" h ttp://www.nytimes.com/2009/09/13/us/13water.html?partner=rss&emc=rss&adxnnlx=12 52786066-gReQyo8jPjx%20YSkTYAGTYg&pagewanted-all

    (3) "My computer Online Scan" h ttp://sex-and-the-city.cn/go.php?id=2006-63&key=0522c70666&p=1

    The URL in Safari's address bar, which was not listed in History, for the page "My computer Online Scan" was h ttp://best-antivirus03.com/1/?sess=%3DWQ52jDwMi02MyZpcD00LjE1NC4yMzcuMjAzjnRpbW O9MTl1NjcwMk0MaQ%3DN

    This authoritative page told me my computer was infected with "431 Probably harmful items". (Is that a standard number or is it customized for each mark?) The threats it warned me of were: Email-worm.Win32.Net, Email-worm.Win32.Myd and Win32:Def=XQ

    P.S. I did not get a .exe file; did I do something wrong?

    Message was edited by: Mr. Cat

    Message was edited by: Mr. Cat
  • acolin Level 1 Level 1 (0 points)
    Same problem, but a different name: protection-check07.com. This from a redirect via sex-and-the-city.cn from the Op/Ed index page. It really does look like either nyt.com or one of their advertising partners has been hacked.
  • zephi Level 1 Level 1 (0 points)
    While I was browsing around on the internet today, using Firefox 3.5.3. I came across this link which redirected me to this free antivirus thing.. "protection-check07.com",
    Looks just like this shown in the photo previously posted http://posterous.com/getfile/files.posterous.com/kevintom/RnR1XK4GBXd1lEU84KXiqA JGt8am8FU1uVXbJaqzxLytBzWGjWUcNb30M0JC/photo.jpg

    I saw it scanned about 20% in like 2 seconds... and instantly closed browser. Scanned with antivirus, and Malwarebytes and came up null.

    Well the link is (union-pac.camy.myhomeserver.com/xataitopl.html) for those who are interested in checking it out... Be warned, hitting (ok) (cancel) or (x) will auto redirect. And it starts scanning your HDDS, and probably downloads some malware. This is the popup message http://img143.imageshack.us/img143/2920/82945077.png
  • Richard Hudak Ii Level 1 Level 1 (5 points)
    I saw this, too, on Safari, browsing the NY Times website. I followed a link from Facebook. Did anyone else?
  • Tumbleweed666 Level 1 Level 1 (0 points)
    +I did a virus scan (I have intego virusbarrier x5) and it came up null.+

    Unsurprising as there are no Mac viruses. How much did you pay for this program to tell you that?
  • BluesMan Level 1 Level 1 (10 points)
    Same thing happened to me. Since, I have never seen a redirect take over like this, I kind of freaked and didn't even think about the fact that is was an .exe file and thus windows directed. This is the history URL RE-DIRECT, that took me back to that site. The actual Safari history entry is NYTimes.

    http://protection-check07.com/1/?sess=%3DWQz2jTwMi02MyZpcD02OC41NS4xOTMuMjIxJnRp bWU9MTI1NjgwOQ0MaQ%3DM

    Not sure what steps to take to prevent intrusions like this. Any advice out there?
  • David Clayton1 Level 1 Level 1 (65 points)
    Yes, me too. Three times in the last two days, trying to read the NY Times using Safari. The only way to get around the pop-up is to quit Safari. Somewhat disturbing that this trojan is outwitting both Safari's popup blocker, and the NY Times!
  • LarsRaggio Level 1 Level 1 (10 points)
    It's baaaack with a new name. Interestingly I was able to navigate all around the NY Times without this happening, but to read the columnists, you have to sign in. I did, and just like yesterday, clicking on a columnist immediately opens up a blank white page with a little window with a blue ? and message: "Warning your system requires immediate anti-virus scan! blah blah with the cancel or OK options. Click either one and it is off and running. I made a screen shot of it today. New faux URL is http://protection-check07.com/1/?sess= then a long string covered up by the little window. Anyone know what this is, and since it is for Windows, why is it even opening in OS X? Also, I opened Safari went to NY Times and columns logged in, and no problem. Anything we can do to get rid of this interruption to morning browsing?
  • xinfinity Level 1 Level 1 (0 points)
    Hey, I don't have any anti-virus program on my mac either, but it hardly seems like this is the time to be bragging about.

    NYTimes for me as well, but from and article about the Roberts court. I was pretty impressed that it got control of Safari with unstoppable pop-up windows and redirected me, but then when it started showing Windows graphics in the background it seemed pretty likely it was just running animation. There are no downloads registered on my machine, I think it is just faking us out. Pretty darn well if it can control Safari AND Firefox....
  • mhartt Level 1 Level 1 (0 points)
    Same as everyone else here, twice in the last two days while reading different stories at NYT in Safari. In my case it was the protection-check07.com variation. I forced quit as quickly as possible and can't find any obvious evidence of malware, but I can't be sure. Hopefully more specific information will be forthcoming soon.