Join for FREE
It only takes a minute!
Experience the Great Outdoors. New Zeiss Terra ED Binoculars. Visit our online shop to find out more!

Welcome to BirdForum.
BirdForum is the net's largest birding community, dedicated to wild birds and birding, and is absolutely FREE! You are most welcome to register for an account, which allows you to take part in lively discussions in the forum, post your pictures in the gallery and more.

Reply
 
Thread Tools Rating: Thread Rating: 1 votes, 5.00 average.
Old Wednesday 28th July 2010, 22:48   #26
twildmedia1
Registered User

 
Join Date: Feb 2008
Location: Norfolk
Posts: 9
I think this is little bit late. It cost us 58.00 so will not be rushing back. The stats are totally misleading anyway as the counter only records a percentage of hits to page visits so i think probably not worth the hassle of three hours lost work trying to solve problem
twildmedia1 is offline  
Reply With Quote
Old Thursday 29th July 2010, 01:25   #27
Howard_Hopkinso
Malware Removal

 
Join Date: Jun 2005
Location: Padiham, lancashire, England
Posts: 454
I feel sorry for both the owners of the website in question and it's users. The rise of the drive by infection really is the most worrying trend. Often, the owners of the site are not aware that anything is wrong, until their members start letting them know.

These types of attacks can happen to anyone unfortunately.

The best advice I can give is until the site is classed as safe, don't visit it.

In the mean time, if you think your computer is infected, please read this thread HERE and post the requested log files once done.
__________________
Marvelous Artworks
Howard_Hopkinso is offline  
Reply With Quote
Old Thursday 29th July 2010, 07:39   #28
Ashley beolens
Breeding the next generation of birders.
 
Ashley beolens's Avatar

 
Join Date: Jan 2003
Location: Milton Keynes, Bucks, UK
Posts: 1,174
To reply too twildmedia1 on behalf of Fatbirder... As soon as they were first alerted to the problem Fatbirder went to work to find the problem - at a great deal more cost than 58! This was an attack through an adserver - a third party piece of kit - a particularly stupid and vicious bit of very complex malware. Fatbirder replied to ALL those individuals from whom he recieved mails about the problem. While this is all very unfortunate and took a deal of effort to resolve there is a greater lesson... ALL internet users should be running up to date anti malware software... and a quality browser - which cost around 30 a year for a subscription (many are free). To re-iterate Google didn't bother to inform any of the website owners of the problem so thanks are due to alert Birding Top 1000 and Fatbirder members.
__________________
Ashley Beolens
http://www.viewsfromanurbanlake.co.uk/ - Local patch blog
http://www.mothininthegarden.co.uk - Moth Blog
Ashley beolens is offline  
Reply With Quote
Old Thursday 29th July 2010, 07:49   #29
NicoleB
Nature addict
 
NicoleB's Avatar

 
Join Date: Jul 2009
Location: TX
Posts: 1,826
Blog Entries: 15
Quote:
Originally Posted by Ashley beolens View Post
Rest assured normal service will shortly be resumed! Fatbirder wishes to thank all those people who let him know about the problem and gave their support against this abuse of the WWW - love the Fatbirders son ;-)
Thanks! I wasn't even sure if I should post it, since I didn't know if this was a 'Middle East joke' again or whatnot.

Glad it could be solved!

Quote:
Originally Posted by Ashley beolens View Post
PS This particular malware is widespread and is delivered by the same software that many sites use to carry their Google Ads!
You mean, google would give a Site warning about a Site containing Malware due to google ads?
Ain't that ironic
__________________
My ventures in nature
NicoleB is offline  
Reply With Quote

BF Supporter 2009 Support BirdForum With A Donation

Old Thursday 29th July 2010, 07:52   #30
MarcellC
Registered User
 
MarcellC's Avatar

 
Join Date: Jun 2006
Location: Peru
Posts: 353
I still got the malware warning on Google Chrome this morning on a site that had the Fatbirder counter - as well as the African Bird Club website.

If I understand you correct Ashley, this warning is now just because Google haven't reviewed the site again?
__________________
Marcell Claassen
BirdingBeyondSunset (blog)
Birding in Rwanda (blog)
MarcellC is offline  
Reply With Quote
Old Thursday 29th July 2010, 07:56   #31
NicoleB
Nature addict
 
NicoleB's Avatar

 
Join Date: Jul 2009
Location: TX
Posts: 1,826
Blog Entries: 15
Quote:
Originally Posted by MarcellC View Post
If I understand you correct Ashley, this warning is now just because Google haven't reviewed the site again?
I think, that's the case. As far as i 'know' google, it might take a while :(
__________________
My ventures in nature
NicoleB is offline  
Reply With Quote

BF Supporter 2009 Support BirdForum With A Donation

Old Thursday 29th July 2010, 08:02   #32
MarcellC
Registered User
 
MarcellC's Avatar

 
Join Date: Jun 2006
Location: Peru
Posts: 353
Thanks Nicole - "lucky" or otherwise, my Mac seems to have 'survived' any malcontent.
__________________
Marcell Claassen
BirdingBeyondSunset (blog)
Birding in Rwanda (blog)
MarcellC is offline  
Reply With Quote
Old Thursday 29th July 2010, 08:06   #33
NicoleB
Nature addict
 
NicoleB's Avatar

 
Join Date: Jul 2009
Location: TX
Posts: 1,826
Blog Entries: 15
@Marcel - My machine seems to have survived too. Am scanning right now, but so far so good.
I really didn't take it that serious.... *bbrr.......*



I am glad too when Fatbirder is back.
I like the little Top 1000 tool AND I love the Info they provide.
__________________
My ventures in nature
NicoleB is offline  
Reply With Quote

BF Supporter 2009 Support BirdForum With A Donation

Old Thursday 29th July 2010, 08:41   #34
MarcellC
Registered User
 
MarcellC's Avatar

 
Join Date: Jun 2006
Location: Peru
Posts: 353
lol neither did I. will be scanning too
__________________
Marcell Claassen
BirdingBeyondSunset (blog)
Birding in Rwanda (blog)
MarcellC is offline  
Reply With Quote
Old Thursday 29th July 2010, 09:59   #35
jeff
Registered User
 
jeff's Avatar

 
Join Date: Oct 2002
Location: Coventry
Posts: 2,252
Quote:
Originally Posted by Ashley beolens View Post
To re-iterate Google didn't bother to inform any of the website owners of the problem so thanks are due to alert Birding Top 1000 and Fatbirder members.
Curious, why would you think Google would inform you about this?
jeff is offline  
Reply With Quote
Old Thursday 29th July 2010, 10:17   #36
NicoleB
Nature addict
 
NicoleB's Avatar

 
Join Date: Jul 2009
Location: TX
Posts: 1,826
Blog Entries: 15
@Marcel
Do you still have the Fatbirder widget on your blog?
Can't access it - Malware alarm.... :(

I could access my blog right away, after removing the widget the warning was gone.
__________________
My ventures in nature
NicoleB is offline  
Reply With Quote

BF Supporter 2009 Support BirdForum With A Donation

Old Thursday 29th July 2010, 10:53   #37
twildmedia1
Registered User

 
Join Date: Feb 2008
Location: Norfolk
Posts: 9
I am amazed that we did not receive a email advising of the problem from fatbirder and cannot understand why they didn't take down there sites. It may have been fixed at their end but the malware attached itself to widget so does that mean 100's of sites will still be affected.

We are protected but malware was a direct download from widget so impossible to stop as once clicked it was too late.

I could not obtain telephone number for fatbirder and was not prepared to visit their site at risk of more damage

It would be nice to at least have an apology


www.robwilsonphotos.co.uk
twildmedia1 is offline  
Reply With Quote
Old Thursday 29th July 2010, 11:53   #38
MarcellC
Registered User
 
MarcellC's Avatar

 
Join Date: Jun 2006
Location: Peru
Posts: 353
Thanks for reminding me Nicole - totally forgot I still had that widget there. I've removed it now and it seems fine.
__________________
Marcell Claassen
BirdingBeyondSunset (blog)
Birding in Rwanda (blog)
MarcellC is offline  
Reply With Quote
Old Thursday 29th July 2010, 11:54   #39
NicoleB
Nature addict
 
NicoleB's Avatar

 
Join Date: Jul 2009
Location: TX
Posts: 1,826
Blog Entries: 15
@Marcel
Dooh You're welcome :)
__________________
My ventures in nature
NicoleB is offline  
Reply With Quote

BF Supporter 2009 Support BirdForum With A Donation

Old Thursday 29th July 2010, 12:10   #40
MarcellC
Registered User
 
MarcellC's Avatar

 
Join Date: Jun 2006
Location: Peru
Posts: 353
haha Nicole, pretty much what I said to myself as well
__________________
Marcell Claassen
BirdingBeyondSunset (blog)
Birding in Rwanda (blog)
MarcellC is offline  
Reply With Quote
Old Thursday 29th July 2010, 14:47   #41
Marcus Conway - ebirder
Registered User

 
Join Date: Aug 2005
Location: Highlands
Posts: 5,211
Hi Ash, thanks for taking the time to respond and put your head above the parapet on a public forum.

Clearly you are not entirely responsible for third party attacks on your widgets and well done you for getting things sorted so quickly. However, the most disconcerting thing is that we only found out when contacted through our website and then via Birdforum we got the details. Others found out because malicious attempts were made to get money out of bank accounts or when their computers died. Given that you knew about this for a while it would have been helpful to have an email in the same way you contact us when there is an update to the ticker widget.

If just one of the visitors to our website had been affected by the trojan we would have gone to great lengths to follow up and apologise and try and sort things out.

Hopefully it's gone for good and fatbirder can get back to being a good resource for birders.

Cheers, Marcus

Last edited by Marcus Conway - ebirder : Thursday 29th July 2010 at 16:30.
Marcus Conway - ebirder is offline  
Reply With Quote

BF Supporter 2006 Support BirdForum With A Donation

Old Thursday 29th July 2010, 17:58   #42
Ashley beolens
Breeding the next generation of birders.
 
Ashley beolens's Avatar

 
Join Date: Jan 2003
Location: Milton Keynes, Bucks, UK
Posts: 1,174
A brief explanation of the issue: Fatbirder uses an open source ad server (one use by a large number of internet webmasters to host ads - openX) anyone using the same resource would have been targeted with the same malicious attack (ie not just fat birder or birding top 500), and have been. As soon as Fatbirder found there was an issue, the adservers were taken down and the malicious code removed, once this was done there was no longer a threat from either site.

Bo attempted to send a mail out last night, to inform people but while the site was blocked his email adresses were also blacklisted so no mail was able to be sent until this morning (when one was sent)

No infection would have gone through the birding top 500 widget, so this will not have inffected other sites. Bo will be sending messages to all members when Google has revisited the top 1000 site, and passed it (although it is clean so no need to worry). for sites blocked by google it is what are called cross-site warnings. Due to birding top 500/1000 having the issues.

To Jeff: When google blocks a page for malware their site claims they inform the webmaster of said site. Unfortunately they did not do this, so until I myself saw the issue with fatbirder.com Bo knew nothing about the problem.

Hope this keeps you all as upto date as poss.

To anyone using OpenX as an ad serve for their sites make sure you have the up to date version, or you may suffer similar issues.
__________________
Ashley Beolens
http://www.viewsfromanurbanlake.co.uk/ - Local patch blog
http://www.mothininthegarden.co.uk - Moth Blog
Ashley beolens is offline  
Reply With Quote
Old Friday 30th July 2010, 19:50   #43
Delia
Registered User

 
Join Date: Jul 2008
Location: Norfolk
Posts: 116
Hi, I have also been infected.
Can anyone advise me what to do the files were found on virus scans and appear to be in my virus vault my virus scan is AVG free V 8.5
What happened -brief description was sent to FATBIRDER via link after looking for info on birding for Wales Google had it as a green tick. As soon as I clicked the link a command promt opened I immediately closed this down I then got a warning via AVG to say a Trojan horse had been detected. I clicked heal infection.
Scans since on AVG show VIRUS FOUND C:\WINDOWS\Temp_ex.08exe
HKLM\Software|microsoft\windows\CurrentVersion\run \\sniffer
INFECTION Trojan horse Back Door. Generic12.CBAH
Trojan horse cyptic. APF

I am also getting lots of tracking cookies which are new compared with usual scans including
Yieldmanager
Liveperson

The only difference to my computer is explorer is frequently crashing,
As a non "techy lady" can anyone advise me what to do, this is my first VIRUS-THANK YOU FAT BIRDER!

P.S I am about to go and check my bank details, I am guessing the safest thing is on a different computer!
Regards
Delia is offline  
Reply With Quote
Old Friday 30th July 2010, 20:04   #44
njlarsen
Opus Editor
 
njlarsen's Avatar

 
Join Date: Mar 2004
Location: Portsmouth, Dominica
Posts: 19,559
Quote:
Originally Posted by Delia View Post

P.S I am about to go and check my bank details, I am guessing the safest thing is on a different computer!
Regards
Hopefully AVG did catch everything bad that was downloaded. I would definitely at this time use a different computer for checking on the bank.

Look back at post no 27 in this thread by Howard, click on the link he provided, so that you can be taken to a page with advice on how to handle your computer. It will look daunting at first, but do things one step at a time and you should end up getting through.

Cheers
Niels

PS: could you tell us when you experienced this? Today, a couple of days ago, or when?
__________________
Support bird conservation in the Caribbean: BirdCaribbean
njlarsen is offline  
Reply With Quote

BF Supporter 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 Support BirdForum With A Donation

Old Friday 30th July 2010, 20:09   #45
delia todd
Moderator but....... If I say the wrong thing put it down to Senior Moments
 
delia todd's Avatar

 
Join Date: Dec 2004
Location: Perthshire
Posts: 198,468
Quote:
Originally Posted by njlarsen View Post
Hopefully AVG did catch everything bad that was downloaded. I would definitely at this time use a different computer for checking on the bank.

Look back at post no 27 in this thread by Howard, click on the link he provided, so that you can be taken to a page with advice on how to handle your computer. It will look daunting at first, but do things one step at a time and you should end up getting through.

Cheers
Niels

PS: could you tell us when you experienced this? Today, a couple of days ago, or when?
Howard's link isn't working for me... I've sent him a PM about it.

D
__________________
In between goals is a thing called life, that has to be lived and enjoyed

2006 63, 2007 52, 2008 46, 2009 32, 2010 31, 2011 27 Total 81

Latest Patch tick: Magpie

The only true wisdom is knowing you know nothing - Socrates
delia todd is online now  
Reply With Quote

BF Supporter 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 Support BirdForum With A Donation

Old Friday 30th July 2010, 20:43   #46
njlarsen
Opus Editor
 
njlarsen's Avatar

 
Join Date: Mar 2004
Location: Portsmouth, Dominica
Posts: 19,559
Looks like his entire site is down at the moment

Niels
__________________
Support bird conservation in the Caribbean: BirdCaribbean
njlarsen is offline  
Reply With Quote

BF Supporter 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 Support BirdForum With A Donation

Old Friday 30th July 2010, 22:07   #47
Grousemore
Senior Member
 
Grousemore's Avatar

 
Join Date: Feb 2003
Location: Florida, USA
Posts: 3,581
I know he always recommends Malwarebytes, so wouldn't hurt to download and scan with that free software until Howard's back. Don't forget to update it first.

http://www.malwarebytes.org/mbam.php
__________________

Grousemore is offline  
Reply With Quote

BF Supporter 2004 2005 2006 2007 Support BirdForum With A Donation

Old Saturday 31st July 2010, 08:51   #48
Delia
Registered User

 
Join Date: Jul 2008
Location: Norfolk
Posts: 116
Quote:
Originally Posted by njlarsen View Post
Hopefully AVG did catch everything bad that was downloaded. I would definitely at this time use a different computer for checking on the bank.

Look back at post no 27 in this thread by Howard, click on the link he provided, so that you can be taken to a page with advice on how to handle your computer. It will look daunting at first, but do things one step at a time and you should end up getting through.

Cheers
Niels

PS: could you tell us when you experienced this? Today, a couple of days ago, or when?
Thanks Niels
I would think it was about 5 days ago.
All the bank stuff seemed OK when I checked on another PC I had made a credit card transaction on my laptop post the problems but so far no problems when I checked this online also
Thanks
Delia is offline  
Reply With Quote
Old Saturday 31st July 2010, 13:56   #49
Cyclops
1 eyed tree hugging nature nut!
 
Cyclops's Avatar

 
Join Date: Apr 2007
Location: Darlington,County Durham
Posts: 535
Fatbirder widget?? I was on their site the other day as a link from Punkbirder, no problems! (Win XP+Firefox)
But whats this 'widget'?
__________________
Latest lifers-Gannet;Razorbill,Scarborough July '06


A 3D guy living in a 2D world....
Cyclops is offline  
Reply With Quote
Old Saturday 31st July 2010, 14:07   #50
NicoleB
Nature addict
 
NicoleB's Avatar

 
Join Date: Jul 2009
Location: TX
Posts: 1,826
Blog Entries: 15
Quote:
Originally Posted by Cyclops View Post
But whats this 'widget'?
It's a little tool that tracks the count of visitors on your Site (when installed) and gives your Site a ranking in the Fatbirder's Top 1000 List.

__________________
My ventures in nature
NicoleB is offline  
Reply With Quote

BF Supporter 2009 Support BirdForum With A Donation

Advertisement
Reply


Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fatbirder Virus timwootton Wildlife Art 5 Wednesday 28th July 2010 22:07
Sea Bird Concerns Robin Edwards Live Bird News from around the World 0 Friday 12th March 2010 11:48
Fatbirder Pluvius Computers, Birding Software And The Internet 2 Wednesday 14th June 2006 13:08
Is Fatbirder having a laugh? Ben O Birds & Birding 23 Thursday 28th July 2005 11:12
Digi-scoping Concerns! tracker The Birdforum Digiscoping Forum 12 Tuesday 17th February 2004 17:21

{googleads}

Fatbirder's Top 1000 Birding Websites

Help support BirdForum

Page generated in 0.20218897 seconds with 34 queries
All times are GMT. The time now is 13:55.