Gawker Duped By Malware Gang, Serves Up Infected Suzuki Ads

Scammers pretending to buy ads for Suzuki tricked Gawker’s ad sales team last week into running malware-laced ads that installed spyware and crashed the browsers of some readers before they were caught and pulled.

The network apologized for serving up serving Adobe exploits CVE-2008-2992 and CVE-2009-0927 on its flagship blog by saying simply, “Sorry About That. Our ad sales team fell for a malware scam. Sorry if it crashed your computer.” Silicon Valley Insider has the scoop, including the full email exchange between Gawker ad-sales guy James Del and the scammers.

The ad ran for “less than 5 days last week,” Gawker’s James Del told Threat Level. “This was a very malicious piece of code that seemingly took advantage of unpatched Adobe software, though we don’t have details on how exactly that worked. It was not a ‘trick’ ad, wherein users were prompted to install something … It simply strong armed it’s way through a vulnerability and infected the computer.”

Note that while Gawker still hosts us for the time being, they do not serve any ads to Consumerist readers.

Protect yourself while surfing from ads both dangerous or simply annoying by using Firefox with Adblock and Flashblock.

Gawker Scammed By Malware Crew Pretending To Be Suzuki [Silicon Valley Insider]

Comments

Edit Your Comment

  1. Eldritch says:

    Oh GOD. This happened to me a few days ago! I knew it had to be Jezebel that did it to me. I got one of those stupid fake Windows XP virus scanners. I emailed Jezebel about it but never recieved a reply. I was SO paranoid…

    I hate malware people, why do they do this? People who do this deserve to be punished.

    • GitEmSteveDave_FullOfEvilClowns says:

      @Eldritch: You need to email the GetSatisfaction links at the bottom of each page rather than the site itself. It gets ignored more officially there.

    • SybilDisobedience says:

      @Eldritch: They got me through Gawker. I used MalwareBytes and cleaned it right up.

    • Schmeeky says:

      @Eldritch:

      So that’s what that was. Doesn’t appear to have affected me, but it sure made my browser go crazy for a minute.

      • sardonumspa says:

        @Eldritch:
        I am a big fan of Ad-Block plus. Sorry Consumerist. But I cannot trust websites to do due diligence and keep me safe.

        This kind of thing happens all the time at my office. People are picking up spyware and the like from other reputable websites like CNN and The New York Times all the time. Keeps me plenty busy wiping that stuff away.

        Once I figured out the cause was the served ads, I installed AdBlock and never looked back.

    • Rachacha says:

      @Eldritch: “I hate malware people, why do they do this?” OK, you probably did not want an actual answer to that question, but I will give you one anyway…Money, plain and simple. If they can install malware on your machine, they can use it for sending spam or DDoS attacks.

    • qcgallus says:

      @Eldritch: THAT’S WHAT IT WAS. win32/fakespypro.

      BASTARDS. Thanks a lot, JEZEBEL. They get me too.

    • W10002 says:

      @Eldritch: I got the same malware too. I didn’t know the source [it was either on Gizmodo, io9, or Kotaku], but thankfully I had the tools to remove it. My McAfee didn’t catch it, but my Spybot Search and Destroy did.

      It’s funny, I rarely get my anti-virus software to detect mal-ware, but my free Spybot usually picks them up and removes them.

    • JulesNoctambule says:

      @Eldritch: I knew Jezebel was bad news.

  2. PølάrβǽЯ says:

    What, one week after you move your site from their servers to CU’s servers? Impeccable timing, I do say!

    • MostlyHarmless says:

      @Ursus Maritimus: I dont think they have migrated yet. We have not seen any outages and/or glitches.

      Also, all the images are still being served up from cache.gawker.com

      • PølάrβǽЯ says:

        @MostlyHarmless: Good point. I just remember all that stuff about “we need your email address or your account will go *poof*.” I ass-u-me’d that it was because of server migration.

        • MostlyHarmless says:

          @Ursus Maritimus: It IS because of the server migration. I just dont think it has happened yet. I suppose they are being extra careful and setting everything up in advance to make it as smooth as possible.

    • Applekid ┬──┬ ノ( ã‚œ-゜ノ) says:

      @Ursus Maritimus: Probably has more to do with Consumerist not having any ads, other those those for Consumer Reports which are normal, happy, and respectable images.

      Not the WALL OF FLASH ADVERTISING WITH SECURITY HOLES a lot of other sites throw at people.

  3. MostlyHarmless says:

    Blgs stll s th Gwkr pltfrm?

  4. FDCPAGuy says:

    ah good ol’ fakealert.trojan
    To anyone infected malwarebytes anti-malware (MBAM) will usually take care of these annoying infections and can be found at [www.malwarebytes.org]

    • GitEmSteveDave_FullOfEvilClowns says:

      @FDCPAGuy: Also start up in safe mode with networking, if you can, to allow the program to install and update. I speak from experience.

      • ExtraCelestial says:

        @GitEmSteveDave_FullOfEvilClowns: Or you can browse on a Mac :oD *

        *I know, I know I’m just as bad as the politicizers

        • Jakuub says:

          @ExtraCelestial: Why does everyone feel the need to be this guy? [www.xkcdb.com]

          • ExtraCelestial says:

            @Jakuub: Did you post the same for those suggesting Firefox ad-blocks as an alternative?

            Also “pwn3age” attempts via xkcdb and the like only works on fellow geeks. In fact, I had to consult urban dictionary to remember how to write “pwn3age”. It’s not my scene and just doesn’t have the intended effect. Know your audience.

            • Jakuub says:

              @ExtraCelestial: Firefox ad blocks aren’t something one has to *pay for*, so that seems like a slightly more accessible option.

              You’re the one bringing awkward phrases like “pwn3age” into this conversation – I referenced a bit of quote that I found humorous and topical; try not to get too worked up about it – I’m sure if you click the right things on your mac it’ll take you back to a happy place where people don’t point out that your comments are useless and tired.

              • ExtraCelestial says:

                @Jakuub: Actually your… whatever that was, is highlighting the Monday morning quarterback phenom, not price points. Whether or not you pay for the alternative is not the issue, it’s that you’re offering alternatives after the event has already occurred.

                I’ve linked it again in case you need to review [www.xkcdb.com]

                My comment was clearly made in jest, asterick and all. If you’re over the age of 12 you should be able to discuss different computer operating systems without acting like it’s a personal attack or turning into the Comic Book Guy character. Gizmodo is down the hall to your left.

                And I wrote that on a Win7 Dell :o) *shock,horror* Nothing in life is so black and white.

      • FDCPAGuy says:

        @GitEmSteveDave_Right: 1 Wrong: ∞:
        Yup or run it from a BartPE disk like I do often. It’s nice to not be tied to the host OS and have a known environment to work out of.

    • Riff Raff says:

      @FDCPAGuy:

      Just as a “hear, hear!” thing:

      Malwarebyte’s Anti-Malware is superb. I highly recommend it to anyone experiencing system trouble. I have had multiple virus and spyware scanners fail to catch malware, but MBAM rarely ever fails to do its job fully.

    • katstermonster says:

      @FDCPAGuy: MBAM is the shit.

  5. Blueskylaw says:

    Time for Gawker to self immolate now that Consumerist is gone?

  6. floraposte says:

    It just happened with the New York Times about a month ago, so Gawker’s in classy company.

  7. Razor512 says:

    Adblock for firefox, it prevents these problems because the ads don’t load to begin with.

    websites also load much faster since theres less crap to load.

  8. West Coast Secessionist says:

    Fake “antivirus” software is the #1 plague attacking Windows users. Far out in front of every other threat. I say this as the person who has to handle these IT issues for my whole company (50 or so people) in addition to every family member and friend.

    It’s getting nuts. In the last 6 months we’ve had the fake-antivirus virus on C-level executives’ machines, software engineers (Really ought to know better) down to the receptionist. And every [Windows-using] friend I have has had it too.

    If you want to protect yourself from this problem, make a separate account on your computer, make it an Administrator account, and demote your normal account to be a “Limited User.” Only log into your Admin account when you need to install or update software. NEVER browse the web in that account other than to go directly to windowsupdate.microsoft.com . This is the only reasonably safe way to use Windows.

    Alternatively you could stop using Windows but I won’t list the alternatives here, because I’m not trying to judge or force something on somebody, rather I just am sick of all the crap these virus-writing thugs are perpetrating on us.

    • dwarf74 says:

      @West Coast Secessionist: I haven’t seen these on anything other than XP. Upgrade to Vista or 7 and you’re safe… unless you’ve been dumb and disabled UAC.

      Seriously, Vista x64 has been completely virus-free for me, and the OS hasn’t been crappy for a few *years* now. It’s XP that’s the problem, not Windows in general.

      • friendlynerd says:

        @dwarf74: it happened on Win7 to me 2 days ago. I immediately did ctrl+alt+delete and force closed my browser before anything could really take effect, but my point is that Win7 is not immune.

        • jparadise says:

          @friendlynerd: They brought back ctrl+alt+delete???! Wonders of wonders! I’ve been running Vista on this machine (it came with it) for like 3 years now and still can’t remember the Vista task manager keycombo. I gave up on trying to remember it, and just made the Taskmanager a startup item so it’s always available.

      • katstermonster says:

        @dwarf74: Um, no. They’re definitely on Vista. I took in 3 computers today (I do IT for a large university) with a fake antivirus program on Vista.

        Police Pro is the latest flavor.

    • Razor512 says:

      @West Coast Secessionist: I do a lot of computer repair and support and some of the people who I do this for are programmers, web designers and even once in a while the actual people who handle the software side of keeping the network running for the company.

      Many of them are good at what they do. but many of them never really learn about anything other than what they studied in college.

      for me, since I first used windows xp I have never had any infections. security software doesn’t keep you safe, the reason why many people today are constantly in need of support is because they feel that a firewall and other security software install and running makes them invincible. pretty much all new infections are designed with security software in mind.

      simply disabling all of the startup items and windows services and pre boot items will stop probably about 90-95% if exploits and infections that install with no action on the users part. the rest are generally stopped by using a browser thats not IE.

      if you look at most security updates, and security problems and exploits reported on places like security now podcast, almost all of them rely on a vulnerability in a service or part of window that the average user of the OS will never use or even know exists, microsoft just leaves it all running just in case it is ever needed to reduce support calls, the downside of this is significantly reduced security, reduced speed and performance.

      and also no OS is secure if a unsecure user is using it.

      the best line of security is the person using the computer. if you are not someone who actively stays safe and secure then no matter which OS you use, you will get infected by malware, it is just slightly easier on windows since it is the largest target.

      • katstermonster says:

        @Razor512: Just playing devil’s advocate here…

        As I mentioned in another comment, I do IT for a large university, and have for 3+ years. I am capable of manually cleaning almost any virus off of almost any system. I know my shiznit. I got “XP Antivirus Pro” on my lab computer last year while I was sitting here running Matlab and checking my email, maybe surfing facebook. All of a sudden I had a popup and it was all over. I was using Firefox with Adblock running. My Windows firewall was alive and well. Symantec AV (not a great program, I know, but it’s a lab computer so I didn’t have a choice) was updated and running, with auto-protect enabled.

        My point being: these new fake AV programs are tricky. They can infect a well-protected computer with no action from the user. It’s bad.

    • GitEmSteveDave_Right: 1 Wrong: ∞ says:

      @West Coast Secessionist: Keep in mind this same “bug” also transfers through flashdrives/ANY writable removeable media. So don’t fault them all.

    • mac-phisto says:

      @West Coast Secessionist: a huge part of the problem is that AV software suites were WAAAAY behind the curve on identifying these threats as malicious.

      on the bright side, i’ve noticed a real difference in protection in that past few months on both my home & work computers (which use different AV suites). but the problem is definitely getting worse. 3 times in as many weeks i had to force-quit browsers that were redirected to sites looking to download this crap. & i’m a very careful internet user – i stay away from the scary back alleys as much as possible.

      • GitEmSteveDave_Right: 1 Wrong: ∞ says:

        @mac-phisto: It’s not that they are behind the curve, it’s that the program lies in wait, and slowly starts deactivating updates and alerts and then turning off notification about the lack of updates. It also installs back ups of itself in your restore files. After it knows you’re WAY out of date, it downloads a newer version of itself, and the old defs don’t have a clue as to what this new virus is, so they don’t flag it, and it just gets worse.

        • mac-phisto says:

          @GitEmSteveDave_Right: 1 Wrong: ∞: what i mean is that it took awhile before AV companies even recognized this as a problem. it’s only 2Q of this year (i believe) that AV2009 became categorized as a threat by the big suites (mcafee, symantec, et al) & it’s been around for what – a year?

          • katstermonster says:

            @mac-phisto: That’s pathetic on their parts. Plus the fact that a free program (MBAM) is still best at removing them, while most AV programs are lucky if they can sound the alarm before they’re disabled.

          • GitEmSteveDave_Right: 1 Wrong: ∞ says:

            @mac-phisto: This is really a new variant of Conficker, from what I understand, so they have known about it, but it makes sure your virus defs and malicious software tools are out of date before it launches itself. And many antivirii may eliminate a file, but it’s usually running as a process as well, so it just re-installs itself from a restore file.

            • FDCPAGuy says:

              @GitEmSteveDave_Right: 1 Wrong: ∞:
              @katstermonster:
              The fakealert.trojans if not being loaded by a hacked/malicious ad or malicious code on a site can be loaded in as a payload by several other malware including Rootkit.TDSS. Being that TDSS is a rootkit it’s cloaked from being seen unless it’s device in device manager is killed out or you’re in a PE environment. In addition, the latest rounds of fakealerts have been using start up items pointing to files (mainly *.dll) in the system32 folder to re-insert the infection post removal. You need to make sure you run HijackThis to clean out any malicious start up items, that the system is clean of rootkits (MBAM and MRT do a fine job) and that if MBAM cannot get rid of the rootkit you use a PE environment to see it and manually kill it. I’d tell you guys how I know all this but someone might want to make a snarky comment ;)

              • FDCPAGuy says:

                @FDCPAGuy:
                Oh and the evil ones can also kill out your Windows Restore Points too! I hate them with a passion but I’ve got their removals down pat at this point.

    • Razor512 says:

      @West Coast Secessionist:

      what really annoys me about IE us how easy it is to infect a system running it. If you search around you will find random forums where some people will share a exploit (many of which have reach the script kiddy stage where it tells you to unzip the contents of a file to your FTP server and copy and paste the code from the readme to the to your page then wait for a user to load the page.

      some of the outdated exploits for IE6 still work on IE8

      PS being in a limited account wont stop you from getting infected

      at my college, they are now forced to re image the systems regularly because of the computers constantly getting infected with malware, many rogue security apps.

      the imacs are also getting infected, the only OS that the college has not tried is a linux based one.

      whats needed in a custom linux live OS thats placed in a internal USB port that comes preloaded with all app and setups that the college wants then is write protected that way when it becomes infected, a simple restart will fix it.

  9. krispykrink says:

    This is why I always run Adblock Plus in Firefox (and use OS X), even for sites I like. I made this argument years ago, even the most trusted site can be susceptible to running infected ads.

  10. nucwin83 says:

    Fark had a similar problem about a year ago, but they didn’t fess up about it. The ads just stopped getting served. Flash ad was sending people to an AV2009 page.

  11. From the cubicle of PGibbons says:

    Yet another reason to use Firefox and extensions over IE. IE is for updates on XP and prior, plus when you absolutely need to access a site and it’s written *only* for IE.

    plugins:
    Adblock Plus (as mentioned above) [addons.mozilla.org]
    NoScript: [addons.mozilla.org]
    Flashblock: [addons.mozilla.org]

    There are common tools available to easily minimize the exposure to malware, a certain percentage of people aren’t aware of them yet, but many are but yet have their bad surfing habits and refuse to change.

  12. Trai_Dep says:

    OK, I don’t mean to be snarky or anything, I’m curious.
    How do these work for Windows people – do they have to click the ad then be rerouted then click OK or something? Or just click the ad? Or just view the ad?
    And the default Windows protections aren’t effective? Or is this a case of users turning off firewalls, say, or something else then clicking madly at any OK button that shows up?

    • MostlyHarmless says:

      @Trai_Dep: IANAL, but IMHO its DOA.

    • GitEmSteveDave_Right: 1 Wrong: ∞ says:

      @Trai_Dep: This video shows you about how it’s done.

      It mimics an antivirus and tells you it has detected threats. It tells you that you need to download a program, and you do. When you run it, you are “allowing” it, so it gets past your antivirus. Once in, it slowly starts disabling things like updates, and notifications of out of date updates. It also keeps checking in with it’s home, and will download a new version of itself once it knows you are VERY out of date.

    • kexline says:

      @Trai_Dep: I thought it was like that, until something similar to this (possibly the WaPo attack) hit me several weeks ago. I had my Windows firewall up, was behind a NAT, have no ports open to the net, don’t click on strange ads, and I don’t use thick mail clients. Also, I’m a spelling ace (meaning I’m more likely than average to catch counterfeit ads and software), and my OS and browsers are patched up to the minute.

      Yet somehow, late one night, my winbox went from normal to apeshit in the space of about 90 seconds. I never saw a real Windows prompt the whole time. I didn’t want to click anywhere in any of the fake windows, but somehow the attack disabled my access to the command prompt and Task Manager. I unplugged the network cable and fiddled with it for a few minutes, but ultimately had to disenplug the thing.

      The only, only thing I did wrong was browse as Administrator. I am now one befuddled unix mage with a shiny new Winders install. The old partition was so trashed that I couldn’t boot it if I wanted to.

      • GitEmSteveDave_Right: 1 Wrong: ∞ says:

        @kexline: Do you use flashdrives? This bug will transfer from an infected machine to a non infected through writeable removable media, such as cameras, flashdrives, PMP’s, etc… Yours sounded like it had slowly disabled everything, and waited to strike, which is when you really get nailed. You can usually get your task manager back because it’s disabled with a reg key, but it starts fighting you hard when it knows you’re onto it.

      • nucwin83 says:

        @kexline: That’s how it happened to me too. Something in flash I think along with Admin rights in XP allowed it to just hop on without prompting me to install anything. I just saw it start disabling AVG and windows firewall as well as windows update. Couldn’t go to windows update in a browser, nor any online AV site. Had to download Malware Bytes via a mirror somewhere. Finally eradicated it and immediately installed AdBlock and FlashBlock on Firefox.

        Lesson learned.

        • katstermonster says:

          @nucwin83: I <3 MalwareBytes. It’s the only thing that gets rid of some of these new programs, although they’ve figured that out and won’t let it run. Sigh.

      • katstermonster says:

        @kexline: Thank you thank you THANK YOU for backing me up on this. It happened to me last year, I wasn’t even browsing anything that set off alarm bells. My computer was a disaster within 2 minutes, and I couldn’t even do a manual clean because it got my system files.

        • kexline says:

          @katstermonster: Hey, sometimes a favor’s so easy you don’t even realize you’re doing it.

          Looks like you read the later comments … what GESD said was news to me, and will definitely affect my future behavior.

          • katstermonster says:

            @kexline: Agreed. I’m generally pretty careful about peripherals, because I use my laptop mainly on my couch and I hate to leave things lying around, but I’ll definitely keep it in mind.

            Here’s a good tip for using flash media and not getting fucked by viruses: get a bunch of SD cards (because they can be physically locked against writing, unlike thumb drives etc.) and an SD card reader. Anytime you’re transferring data TO a suspicious machine or one that isn’t yours, lock the SD card. At my job, we have a Mac in the shop that we use for formatting the cards after every use (although formatting cuts down the life on SD significantly). This doesn’t help much for getting data onto your machine, because I believe a virus on a locked card can still do its thing on the new prey, but it’s something.

      • xredgambit says:

        @kexline: I got this once, but I just open task manager after a reboot before it could run and I killed it. Took some malware bytes to remove it.

        • GitEmSteveDave_Right: 1 Wrong: ∞ says:

          @xredgambit: It eventually disables the task manager through some reg key editing. That’s when it’s advanced. It does infect in stages.

          @kexline: Yeah, I read about it’s flashdrive infection habits on some forums somewhere. I made sure to enact removable storage scans on my PC’s through AVG.

          @katstermonster: As I have been saying, it waits, and launches in waves. Eventually, it hijacks your desktop picture, and tries to get you to pay it $49 to “remove” itself. People seem to forget the Michalanglo virus, and how it launched on a specific day. Since it hijcaks your hosts file, your browsing might have triggered it by simply accessing the file and it was the right day.

    • mommiest says:

      @Trai_Dep: This happened to me once when I opened a site from google–I did not click on an ad, just opened a site. I have a Mac, so it did not affect me, but my husband spent more than a month getting the same kind of malware junk off his PC. All he could talk about for a month was hunting the malware makers down and killing them. He has a firewall.

      • kexline says:

        @mommiest: Honestly, I don’t believe in cleaning Windows and haven’t for years. I keep my data on a separate partition or drive so that I can blow out the OS whenever I feel like it.

    • Rachacha says:

      @Trai_Dep: It is my understanding that the website (in this case Gawker) reserves a spot on its page for an ad. When you go to the Gawker site, the Content management system builds the page for you and tells the ad sponser to insert the ad content in the designated space. The advertisement runs a script which installs malware on your system.

      A similar incedent occurred to the NY Times. Information on what happened can be seen here [www.wired.com]

    • krispykrink says:

      @Trai_Dep: Many malware and spyware scripts only need to be viewed in an open browser in Windows, most often in IE and you’re infected. No user interaction needed at all.

    • LatherRinseRepeat says:

      @Trai_Dep:
      Unfortunately, recent versions of malware are being delivered through Flash and cross scripting attacks through web browsers. Also, pop-up windows can be invoked through Flash. Real pain.

      The best thing to do is keep your version of the Flash player updated. And use Firefox with extensions like AdBlock or NoScript or FlashBlock.

  13. theblackdog says:

    Social Engineering at its finest.

  14. FDCPAGuy says:

    Also if you do become infected with a fakealert.trojan it’s not always from a banner ad. I’ve noticed Rootkit.TDSS acting as a loader for lost of malware lately!

  15. theSuperman says:

    One of the many benefits of running Linux is the peace of mind you get from not having to worry about spyware/adware/viruses, although proof of concepts do exist.

    On the other hand, during the 5 years when I had my Windows XP machine, I never was infected with viruses/adware/spyware, and I didn’t even have any of those scanners installed or running.

    You would be surprised how safe you can be just using Firefox with Adblock and Flashblock. Oh and also being careful of what sites you visit.
    YMMV though.

    • nstonep says:

      @theSuperman: True with linux; though I have had no problems with xp even without the service packs installed.

      But just recently my mother got the “PC police pro” malware on my old laptop (xp) and I had to go to her house and go through the whole riggamarole of going to the original backup point and installing everything again. Such a pain in the ass…and I never heard of the crap before.

    • jparadise says:

      @theSuperman: You do realize, though, that if everyone listens to you and gets Linux, the hckrs will start making malware for Linux.

      Which is exactly what’s happening with Apple. All that bragging is going to go down the tubes real fast.

  16. hi says:

    Most of these things can be easily stoped by running WinPatrol. It’s a free program that blocks anything that tries to add itself to the system.

  17. mommiest says:

    Whoa, wait a minute:

    “I am writing from Spark Communications – a full-service media agency with a client-centric approach. We are looking to place display advertisements for some of our premium clients.”

    Can’t we get SPARC International to sue these guys? I could easily confuse the two names! I would swear to it in court, if it would keep these two jerk-ridden companies busy. [consumerist.com]

    • secret_curse says:

      @mommiest: The scammer wasn’t from the real Spark Communications, read the article. They registered a domain that was extremely similar and kept a Chicago phone number to fool the Gawker ad rep.

  18. betsbetsbets says:

    I spent most of my 2008 Thanksgiving weekend trying to dismantle the mess Antivirus 2009 made of my PC. It blocked me from accessing sites such as Malwarebytes, Norton, Kaspersky, etc. It was a nightmare. Ultimately, the computer had to be refomatted and even then never worked right. Finally, in a spasm of grief, I let the poor thing out of its misery, consigning it to my husband’s workshop (think the Jawas and their stock of disabled, obsolete droids). If I ever come face to face with these scammers, there will be blood. Oh yes. There will be blood.

    • Rachacha says:

      @betsbetsbets: Ultimately, whenever you get a virus, the easiest and safest thing to do would be a format and re-install. In the end you will have a nice fresh and new operating system operating at peak efficiency, and you will have spent as much time doing the format install, update and application install as you would trying to clean out your system.

    • GitEmSteveDave_Right: 1 Wrong: ∞ says:

      @betsbetsbets: As long as you have a 2nd PC, you should have no problem pinning it down. You can download the programs from there, install on a CD or flashdrive, and then fight it.

      • katstermonster says:

        @GitEmSteveDave_Right: 1 Wrong: ∞: The newest versions of Police Pro and similar fraudulent AV are now preventing a lot of those programs from running, specifically MBAM. Started about last week, I think.

        Police Pro is the bane of my existence, I freaking hate it. All Control Panel applets disabled….AWESOME.

        • FDCPAGuy says:

          @katstermonster: @GitEmSteveDave_Right: 1 Wrong: ∞: @betsbetsbets:
          Yes the latest variants lock down a lot when in normal windows. Hit F8, go into safe mode with networking and you should be able to go and get MBAM from malwarebytes.org without a problem. I have yet to see one of these which locks you down while in safe mode. If such a thing did exist let me know and I can send ya a bootable disk (BartPE) with MBAM on it.

          • katstermonster says:

            @FDCPAGuy: But you can’t install in safe mode (without messing around with the registry, obvi, but that’s not a plan for the average user). And the virus blocks the installer from running in normal mode, even if it’s been downloaded. I’ve seen it personally. Nothing a solid manual clean can’t solve, but that is a painnnnnn.

            • FDCPAGuy says:

              @katstermonster:
              I’ve installed MBAM in safe mode several times… 5-6 times this past weekend for sure. So I don’t get why you were having issues installing it in safe mode with networking but I’m telling ya it works.

          • mac-phisto says:

            @FDCPAGuy: i dealt with one (actually a slew of them all on one machine) a couple weeks ago that completely disabled safe mode. regedit & admin access were locked down. don’t ask me how b/c i have never encountered that before, but what a bitch.

            turned out i was dealing with a few rootkits in addition to about a dozen fakealert.trojans & just about everything else. combofix got me to a point where i could delete the reg keys that were disabling regedit & admin rights. from there it wasn’t long before the beasts were slain!

            in retrospect, if i ever run across that again, i’m just gonna do a fresh winstall.

            • FDCPAGuy says:

              @mac-phisto:
              yeah with those severely infected machines with restrictive registry HIVES, disabled modes, hosed services, BITS/AU hosed, dependencies hosed, etc a fresh Windows install is the way to go.

        • GitEmSteveDave_Right: 1 Wrong: ∞ says:

          @katstermonster: You can boot into safe mode, and then rename the file/program. That should allow you past it’s block. And you can install under safe mode, as long as you are the Admin or run the installer as the Admin.

    • nstonep says:

      @betsbetsbets: Hmmm…it’s only a software issue. If you reformatted the drive it should work fine. Maybe your computer was just fubar before that.

    • friendlynerd says:

      @betsbetsbets: I have yet to be disappointed by Smitfraudfix. It’s worked every time for me.

  19. trujunglist says:

    I figured there would be a lot of bickering between Mac users and PC users (with an occasional Linux geek thrown in for good measure), but all I see is people offering helpful advice! WTF people? I need my flame wars now! Macs > PCs! 360 > PS3! Apples > Oranges! Everything does not taste like chicken, chicken tastes like everything!

    • katstermonster says:

      @trujunglist: Clearly kiwi is the bestest fruit.

      You’re so right…this thread is really helpful, I feel so useful! See, I can do things other than launch sarcasm bombs at trolls and argue with conservatives!

  20. boogermike says:

    It is interesting to me that Gawker doesn’t seem to be acknowledging the breach on their blogs. In particular, I would expect a warning post on Lifehacker at a minimum.

    When companies make mistakes, it is telling how they handle the aftermath. In my mind, admitting a mistake, and providing the customer with resources to remedy the situations is the best way.

    Silence is never the right way, as incriminating evidence gets out quickly from other sources.

    Gawker – FAIL on handling this PR nightmare effectively.

    • secret_curse says:

      @boogermike: Well, if you read the linked article, they’re incredibly open about it. It has the entire email exchange with the con man, and he’s flawless. Read the emails, he sounds exactly like a real buyer from an ad agency. It’s nothing like the broken english you’d expect from a Nigerian scammer. He has all the buzzwords down. I guess I see your point about putting something up in their own network about the breech, but they were really transparent with Silicon Valley Insider.

      • boogermike says:

        @secret_curse: You are right. This was certainly a well crafted scam, and very well done from the scammers.

        It is also great that Gawker has made their email’s available to external sources. It makes for an interesting read, and hopefully provides other blogging platforms a good example for what to look out for (so this doesn’t happen elsewhere).

        However, I think they have a duty to warn their customers that have been potentially effected.

    • drjayphd says:

      @boogermike: They did. I saw a warning on Gizmodo earlier, and I believe Lifehacker posted about it as well. Pretty sure Deadspin had something up too.

      • boogermike says:

        @drjayphd: Good for them. I didn’t see the warnings, and I looked.

        They are being pretty forward about the whole thing, so I guess it isn’t surprising.

        I think no-one could blame them for falling for this in the first place – those scammers are clever.

  21. allstarecho says:

    Firefox plus ad-block add-on, FTW!

  22. katstermonster says:

    Look at me, being all useful and not obnoxious/sarcastic/ragingly liberal!

  23. nstonep says:

    For that “Police pro” stuff (it’s called different names)…pretty much you have to reboot your computer from a previous backup point if you have one. It even blocks sites through your browser that tell you how to remove it (which is a p.i.t.a. anyway).

    Best to use something like NO SCRIPT on every site. No problems with that.

  24. nybiker says:

    Another step to try is to boot into safe mode and then access the Program Files folder so you can delete the actual location of the executable. Of course, you’ll need to know that information. Depending on what’s popping up (so to speak) on your system, you might need to sort the folder by date order so you can see what was recently added. Once you clean up the folder, you should be able to fully boot up and then run your Malwarebytes’ Anti-Malware program.

    HTH.

    • GitEmSteveDave_ThatChickRockingKicks says:

      @nybiker: It also installs a completely random .dll and the such into your windows directory, so just deleting the file doesn’t help. In fact, in my experience, it makes it panic and try to stop you.

  25. AgitatedDot says:

    Just one more reason to block ads. Using AdMuncher and Firefox with AdBlock add on. Trust me it’s a completely new experience!

    AdMuncher is not free but it’s best $25 I ever spent. Imagine watching Hulu with no ads! No blank screens, simply no interruptions!

    I have been add free for years now and I love it.

  26. lhfan04 says:

    Thankfully nothing happened to me even though I frequent Gizmodo and Lifehacker very often. I had Avast as my antivirus and apparently it took care of it. Malwarebytes didn’t find anything malicious :).

  27. fgarvin says:

    What I want to know – why the heck is a piece of software intended to read PDF files susceptible to malware?

    I dumped Adobe Acrobat Reader a few years back because I got tired of it wanting to update itself every other day. Combined with malware risks, it was a bridge too far.

    I switched to FoxIt Reader.