When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.
Malware attacks through the Forum: veryield-malyst(.)com
Getting multiple hits from my router blocking connections to a pretty nasty malware distributor, veryield-malyst.com, via Corvette Forum's advertising links.
This site distributes a very nasty bit of malware consisting of an "image" with the URL of a malware site, coupled with a javascript that decodes it from the image itself and re-directs the browser.
It seems to be deep-linked somehow. Had to disable JS in the developer console of Safari to even be able to load enough of the Corvette Forum to post this message.
Our team is investigating but, as stated above, we need more details. If you're seeing a specific ad (which I believe is the only way this can come through), please let us know. Not everyone sees the same thing, which might be why I've not seen this logged myself.
I simply open a page on CF scroll a little and it gets the malware redirect.
No clicking on my part. It seems to be coming through as ads load and rotate.
I haven’t been able to get any breadcrumbs out of the browser or the web inspector console either. I’m in software engineering, but in high performance computing. Not as experienced in web development.
They seem to sneaking it in as payload through the normal advertiser channels.
I simply open a page on CF scroll a little and it gets the malware redirect.
No clicking on my part. It seems to be coming through as ads load and rotate.
I haven’t been able to get any breadcrumbs out of the browser or the web inspector console either. I’m in software engineering, but in high performance computing. Not as experienced in web development.
They seem to sneaking it in as payload through the normal advertiser channels.
That's my take on the fake Mac "Upgrade Flash Player" popups as well. No response to my thread on that topic. Anyone actually have a Mac to see what's happening?
That's my take on the fake Mac "Upgrade Flash Player" popups as well. No response to my thread on that topic. Anyone actually have a Mac to see what's happening?
I had this today, first time I've seen it. Downloaded a file by itself, but did not mount the disk (install). A quick search shows this is a real problem lately, not only on CF.
here is the link it took me to. I deleted the dmg file it downloaded, sorry I can't share that.
Originally Posted by ***DO NOT*** Click this link, it is malware!
I got several re-directs to the same malware URL this morning. It is getting loaded on a timed basis, about 10 seconds or so, from loading the initial page.
I think it is coming through the rolling ad space at either the top of bottom of the CF pages.
I have logs and HAR files from Safari, if anyone is interested.
It looks like the script is likely reading an image, decoding the malware URL using JS and doing a javascipt eval on it. All designed to circumvent security by coming through the regular ad delivery network.
It really sucks, makes the forum unusable at times. I have set the host name to 0.0.0.0 in my hosts file, so it never connects to the fake flash update site. However, the uncommanded re-directs take the browser off the page over and over.
I have been fighting it for a while now. The pop-up locks up SAFARI and when not locked, everything is extremely slow (timing wheel). The URL seems to have changed from the first time it locked me up here on the forum using SAFARI. It has occurred on the Camaro Forum and when using Outlook on this APPLE machine. I have a Windows 10 unit that has not experienced the problem, however, the virus program on the Windows 10 machine has isolated a trojan that it says cannot be deleted from that machine. Don't know if it is the same trojan as it does not list any specific trojan.
Malware attacks through the Forum: veryield-malyst(.)com
