Malicious Toolkit Website

[indymike]

Just a heads up that one of the ads on this site is repeatedly attempting a java exploit. My Symantec Endpoint Ent has blocked and logged this each time I've visited over the last 3 days. Here's some info, hope it helps.

[SID: 24609] Web Attack: Malicious Toolkit Website 12 attack blocked.
Remote Host: TCP 72.51.47.66 80
Malicious Toolkit URL: 72.51.47.66/adsolution70x12/metrics.php?t=98&dr=(string-removed)

 

[AnthonyG]

I had removed the ads once, but Fen wanted them back, the advertiser has been notified on the issue & reports that their ad customers verified that their sites are verified as malware free, unfortunately their is nothing i can do, it can also be a false positive on your malware program because the string looks like another known malware string...

 

[Classic]

I'm getting the same message from Norton. Been using it for a long time and it doesn't usually give false positives.

 

[IndyDave1776]

Malicious Toolkit Website? I am disappointed. I was expecting to be directed to an internet vendor of specialized tools for the deletion of miscreants, not malware.

 

[Dog1]

I get the same message on all my devices, running different anti-virus and malware.

 

[william]

Getting the same thing over and over...Malicious tool kit, and some Trojan warning. Happens every time I open INGO. My Norton goes nuts

 

[Jimbovia]

Same thing

Here you go.

 

[AnthonyG]

Read post #2....

I've tried to remove the footer ads, did it once, but was told to put them back up.

If you can post up a screen shot of what ads are on the page in the footer when you get it, post it.

@Jimbovia, my Norton does NOT trigger an alert, no idea why yours is.

 

[Jimbovia]

@AnthonyG: No worries. I was only trying to help with the issue identified by multiple users.

I've blocked the IP from loading, so I'm fine.

Fix it, don't fix it, whatever loads your cartridge.

Regards,
Jim

Read post #2....

I've tried to remove the footer ads, did it once, but was told to put them back up.

If you can post up a screen shot of what ads are on the page in the footer when you get it, post it.

@Jimbovia, my Norton does NOT trigger an alert, no idea why yours is.

 

[Cameramonkey]

Read post #2....


@Jimbovia, my Norton does NOT trigger an alert, no idea why yours is.

Its probably because that server hasnt fed you the "right" ad yet. AKA just because you didnt get sick from eating at a chinese buffet doesnt mean the 5 other people with you didnt. LOL

 

[LANShark42]

And you want me to "support our sponsor by turning off your ad block add on". I DON'T THINK SO!!!!!

 

[AnthonyG]

Its probably because that server hasnt fed you the "right" ad yet. AKA just because you didnt get sick from eating at a chinese buffet doesnt mean the 5 other people with you didnt. LOL

Ive never received the attack alert from Norton since this has started 2 months ago, so yes, i would have seen all the ads served.

 

[moosebag]

I got the same warning this morning! Still not fixed.

 

[AnthonyG]

Read post #2 moosebag.

 

[Cameramonkey]

A false positive isn't likely, but somewhat feasible. If your av software is still throwing alerts make sure the definitions are current.

If they are current and you still think the ads are malicious, look into an ad blocker. I doubt the site will miss the clicks of two or three users.

Oh, and depending on what cookies are on various users' PCs could also affect who gets/doesnt get the alert. it could be somewhat targeted ads and those with Norton that DONT get the alerts visit sites that are of a different nature than those that do, causing some to see it and others not to.

 

[moosebag]

It appears that the problem has been cleaned up as the ad at the bottom (footer) of the pages was null for a few hours. Now I am not receiving the virus notices any longer. Whatever was causing it appears to have subsided and it looks like the footer ad is now new.

 

[william]

Read post #2 moosebag.

Post #2 was two weeks ago...Obviously it didn't fix it. Just happened to me again, and it seems it's happening to others too. Maybe it's time to talk to Fenway again. I understand it's not your fault, but you're the one posting here so I'm complaining to you.

 

[Cameramonkey]

Maybe its time for Fenway to look at a different ad source? if you regularly get food poisoning when you eat out, you'd switch restaurants, right?

To all those that are getting the hits: Try clearing your cookies, web cache, etc. See if that helps, at least for now. If the hostile ads are in fact somewhat targeted, it may get better as you may have cookies from certain sites/categories of sites that the malicious ads are targeting. Also, try a different browser or upgrading your browser if possible. Same with Java. Ditch java 6 entirely, uninstall it, and install the latest versions of Java 7, flash, shockwave, etc. It could be targeting certain vulnerabilities in specific versions of software on your system. (at this point I'm grasping at straws)

Also if you dont mind a tiny bit of big brother, you can switch your DNS provider to Opendns.com. They do SOME vetting of sites and help prevent certain attacks, but collect anonymous usage data. As long as you arent prone to searching for pressure cookers and/or kiddie porn, I wouldnt be too worried about what they collect.

I personally havent seen any attacks since the server move, but I did see them personally on a frequent basis up until the switch, so you arent going insane.

 

[AnthonyG]

Post #2 was two weeks ago...Obviously it didn't fix it. Just happened to me again, and it seems it's happening to others too. Maybe it's time to talk to Fenway again. I understand it's not your fault, but you're the one posting here so I'm complaining to you.

#2 doesnt say it was fixed.

 

[chezuki]

Post #2 was two weeks ago...Obviously it didn't fix it. Just happened to me again, and it seems it's happening to others too. Maybe it's time to talk to Fenway again. I understand it's not your fault, but you're the one posting here so I'm complaining to you.

I believe post #2 is politely stating that AG removed the offending ad, but the boss said no so it was put back.

Bugatti payments gotta be made and even the INGO jet is affected by current fuel prices.