Jump to content

Recommended Posts

  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Same exact website came up for me, except with a different 'key' (I'm guessing it assigns each new pc to a randomized key). A little bit unnerving, as it says qwindowsdefender.nl
nl is what, netherlands? And there's the 'q'. Most likely some phishing site or malware of some sort. It actually came up with a-

500 Internal Server Error

nginx

for me. If an actual page came up for you, try doing a quick scan of your computer.

Anyone know of anywhere I could possibly report this to, by the way? Perhaps someone at Windows?

 

Link to post
Share on other sites

I have also gotten this, you are not alone. It rather unnverves me, but has caused no visible damage. I have ran a normal scan and an anti-rootkit and nothing appears. Hopefully this is solved :/

Question to anyone having this error: Do you have skype? From a little digging, this may have something to do with skype.

 

On another note: I did have a 500 error when it sent me there.

Link to post
Share on other sites

Created an account here to say that this looks like an entirely skype-related issue, starting just recently.  Apparently, there's a chance you'll get a malicious ad that pops up your browser and directs you to to that site.  Happened to me the moment I started Skype.  Here are a couple of threads on their forums.

 

http://community.skype.com/t5/Windows-desktop-client/Recently-been-experiencing-quot-Pop-up-quot-Ads-Plus-Fake-quot/td-p/2896637http://community.skype.com/t5/Windows-desktop-client/Popup-Advertisements/td-p/2896167
Link to post
Share on other sites

Yes, this is definitely related to Skype, and I had the same thing.

 

Did MBAM and MBAR scan, had MBAE running, and everything comes up clean.

 

I closed Internet Explorer, without clicking anything. I am curious if this delivered an undetectable payload to our PC's or if it's an unsophisticated attack, that depends on clicking it.

 

Any chance someone can analyze that site?

Link to post
Share on other sites

I got an 500 internal server error when it opened, so apparently whatever I was redirected to was already shut down.  But others have spoken of agressive advertisements regarding "YOUR COMPUTER IS INFECTED!!!!  Download and install our tools to clean your computer now, before all your porn gets deleted!" scam malware. 

 

It looks like a hacked ad service.  All these big sites and programs outsource their ads to other companies, and sometimes a malicious ad can get hacked into the lineup.  The skype people have to scream at their ad provider, they have to find the corrupted ad and remove it.  Looks like the payload was DOA, the server might have been shutdown before the hacked ad went into effect.  There are so few people complaining about this issue so I'm guessing it was a regional ad that was corrupted.  Does anyone else here live in the midwest?

 

I've run Kaspersky, malwarebytes and Spybot S&D scans, nothing malicious found.  Looks like a lot of us dodged the bullet on this one.  Skype should be ashamed of themselves.

Link to post
Share on other sites

I got an 500 internal server error when it opened, so apparently whatever I was redirected to was already shut down.  But others have spoken of agressive advertisements regarding "YOUR COMPUTER IS INFECTED!!!!  Download and install our tools to clean your computer now, before all your porn gets deleted!" scam malware. 

 

It looks like a hacked ad service.  All these big sites and programs outsource their ads to other companies, and sometimes a malicious ad can get hacked into the lineup.  The skype people have to scream at their ad provider, they have to find the corrupted ad and remove it.  Looks like the payload was DOA, the server might have been shutdown before the hacked ad went into effect.  There are so few people complaining about this issue so I'm guessing it was a regional ad that was corrupted.  Does anyone else here live in the midwest?

 

I've run Kaspersky, malwarebytes and Spybot S&D scans, nothing malicious found.  Looks like a lot of us dodged the bullet on this one.  Skype should be ashamed of themselves.

Yes actually I do live in the Midwest, more specifically MN. Anyone else in this area with this problem?

Link to post
Share on other sites

What does that mean about the Java unpacker?

 

I have MBAM Pro with heuristics and filesystem integrity checking enabled, as well as MBAE installed, Java disabled in browsers, and I got no warnings from any of them. I am still worried that there was some sophisticated payload in there that was designed to look like a standard rogue antivirus. Hopefully I'm just being paranoid.

 

Has someone done an in depth analysis of the code?

Link to post
Share on other sites

Skype basically became malware when Microsoft bought it. If you look through your MBAM logs, you'll see how many malicious incoming attempts it blocks from Skype. The only thing I use it for is screen sharing, as it's free and works reasonably well. I guess I can't even do that anymore.

 

My Nvidia display drivers just crashed and recovered a few minutes ago, so I'm getting more and more suspicious of my computer now(although it could have been Planetside 2 being a piece of junk. Just about ready to smash the hard drive and install a new one though.

Link to post
Share on other sites

Skype is NOT malware.

Skype is NOT malicious.

 

I see see too much FUD in this thread and ZERO supporting facts.

 

One must realize that Skype is a Peer to Peer (P2P) software where one communicates to another over TCP/IP using both Sound and Video.

 

Since it is a P2P software the IP addresses Skype may communicate may be within IP networks, sub-nets or addresses that may have been flagged.

 

As such anti malware software *MAY* flag said sites of communication.  This does not mean Skype is malware or to be inferred that Skype is acting maliciously.

Link to post
Share on other sites

in addition ...

the site is also linked to a java "unpacker" .

a google search turned this up ... it is embedded in a script source .

Makes sense.  Got prompted to update Java on my wife's laptop earlier, and she got this after that update.  No use of Skype in a long time.  Any idea how to report that to whoever owns Java updates now?

Link to post
Share on other sites

http://arstechnica.com/security/2013/05/think-your-skype-messages-get-end-to-end-encryption-think-again/
Sorry David its not FUD. Skype apparently serves up malware in ads, but it also opens links you send to supposedly check them for malware. They open your https links since they already have all the plaintext, but I guess they're too busy checking what users say to actually check their own ads for malware. Its certain that Skype is pretty insecure and since it goes through supernodes its no longer really P2P.

I dont communicate with anyone in China or Moldova and MBAM blocks tons of incoming attempts from IP addresses in both places. Supernodes in Moldova or China? Sure lol.

Link to post
Share on other sites

No, it is FUD.  That URL does NOT support your stance it is about TLS/SSL stream encryption.

 

Assuming that an advertisement serves up malware (aka; malvertisements) that doesn't mean Skype is malware or is acting malicious.  Many legitimate organizations have used legitimate advertisers who in turn use unscrupulous programmers and sub-contractors that have inserted malicious, rotating, Flash.  That is a Flash advertisement is rotating to different ads and one of them can be malicious.  Sometimes it is a IFrame to an advertiser that may insert a malicious or quasi-malicious ad.  The company web site that uses advertisement is more often than not also a victim to these situations. The company who owns the web is not deliberately doing the advertisements.

 

Like any Instant Messaging (IM) application or Peer to Peer (P2P) application, it is possible to get malware from a "peer" connection.  That still doesn't make Skype malware or malicious just like AOL IM, Yahoo IM, SameTime, etc, aren't malicious either.

Link to post
Share on other sites

http://arstechnica.com/security/2013/05/think-your-skype-messages-get-end-to-end-encryption-think-again/
Sorry David its not FUD. Skype apparently serves up malware in ads, but it also opens links you send to supposedly check them for malware. They open your https links since they already have all the plaintext, but I guess they're too busy checking what users say to actually check their own ads for malware. Its certain that Skype is pretty insecure and since it goes through supernodes its no longer really P2P.

I dont communicate with anyone in China or Moldova and MBAM blocks tons of incoming attempts from IP addresses in both places. Supernodes in Moldova or China? Sure lol.

 

So, since Internet Explorer, Firefox, Google Chrome, Maxthon, Green Browser, Opera, and every other browser that can be used to view websites graphically on the web also

 

apparently serves up malware in ads

 

because thos ads are on a particular website, does that mean that those programs are malware as well?

 

And since there are a variety of webservers out there, like Apache, IIS, etc., and those are the actual programs serving you that malicious advertising, are they, too, to be considered malware?

 

You're confusing the term Malware with programs that can be used as transport agents for malware,  Not the same thing at all.

 

Further consideration.  Once certain types of malware infect a Windows computer, they are programmed to go out and replicate.  Does that makes Windows also malware?  How about MacOS and *nix?  Android? iOS? BeOS? BSD? Solaris?

 

Skype itself, the program, and even the methods it uses for keeping people connected, are not malware.  The can be used by malware in the interest of self-propagation, but are not malware themselves.  Period.

Link to post
Share on other sites

http://urlquery.net/report.php?id=9200380
here is a link with more info on the attack the OP and I experienced.

With regard to Skype, I was referring to how it opens links from within Microsoft and apparently makes it really easy to get user communications after they changed their infrastructure. I know thats true of all big tech companies that aren't voluntarily shutting down but thats a different topic.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.