Basejumper.com - archive

I suddenly started getting this when I visit the site:

The website at www.basejumper.com contains elements from the site www.fjeking.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.

Anybody else getting this?

Safe Browsing
Diagnostic page for fjeking.com

What is the current listing status for fjeking.com?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 6 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2008-12-13, and the last time suspicious content was found on this site was on 2008-12-13.
Malicious software includes 4 scripting exploit(s), 4 trojan(s), 3 exploit(s). Successful infection resulted in an average of 0 new processes on the target machine.

This site was hosted on 1 network(s) including AS31708 (COREIX).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, fjeking.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 2 domain(s), including linkbucks.com/, photo.net/.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

Thanks... we're working on the issue. In the mean time all ads have been disabled temporarily and BJ should be 100% safe to use at this point.

DDT (working with sangiro and Jay Young).

Hi folks. I don't know exactly what happened, but it sure was a hectic day.

I do not know what happened, but I will post back Monday sometime with a complete explanation and a plan to make sure it never happens again. First guess -- and this is just from what I've been told -- is that the network from which the offending ads came was compromised.

I'm getting reports on Rockclimbing.com that the following works for what the rogue ad leaves behind (if your own anti-viral didn't stop it). The trojan may be called Extra Antivir. Click below and scroll down just a bit. If that looks familiar to you, follow the instructions.

http://www.bleepingcomputer.com/...remove-extra-antivir

Scratch that. Ads will be back up sometime tomorrow, minus the Coors Light one. I'll be online most of the day making sure everything works as it's supposed to.

Still chugging along, I see.

By way of an update, I'll be back sometime around or after lunch with a more complete report on what happened, how to fix yourself if you picked something up (I think the link I posted above works fine), and what I'll do going forward to try to block this from happening again.

Thx!
J

If you haven't been around for a few days, you may not know that, starting Friday, we had a particularly bad ad running. It is worth noting that the ad was using the Coors brand, but wasn’t connected with the company in any way. The ad messed up the way the site loaded for a lot of people and attempted to prompt users to download a malware program. The fact that the ad launched on the weekend made it more difficult to isolate and fix. We responded as soon as possible, but the ad was intermittently visible to users between Friday evening and Saturday afternoon.

As always, it's a good idea to make sure your antivirus software and computer settings are up to date to block this sort of thing if it squeaks through the defenses of whatever websites you visit. If you are concerned that your computer may have been affected by the ads, it's probably a good idea to go here and follow the directions:

http://www.bleepingcomputer.com/...remove-extra-antivir

Going forward, I and the Namemedia geeks are doing a few things to prevent similar problematic ads from making it to the site:

1. The ad folks at Namemedia are beefing up their tools for detecting ads that contain adware/malware/spyware.
2. New ad campaigns from new advertisers will no longer be launched late in the day, especially on Friday. This will ensure that the right people are available if there’s a problem.
3. We’ll be installing an emergency ad-kill switch that will allow me (and a couple other select folks) to quickly remove ads if a similar problem comes to our attention.

Okay, that's about all I have, except for this. The buck has to stop at somebody, and for this stuff, that's me. I promise I'll do my best to stop it from happening again.

Thanks folks,
Jay