Thursday, February 28, 2008

February 28, 2008
Remember this post? Well it's that time again.

It appears that all IGE media sites which use Right Media for their advertisements, are currently spreading a trojan virus.

The virulent advert will appear in the form of a browser highjack which grabs your front window and resizes it to fake a warning dialog. A common tactic which has been popping up on thott and allakhazam quite regularly.

If you know how to edit your hosts file, add this url to your block list :

Known sites affected :
* thottbot
* wowhead
* allakhazam

Get a mac or get firefox.


Kyrilean said...

Thank you! Wondered wth was going on!!

Gwaendar said...

And once again, the Affinity Media sites are going to swear their hands are totally clean in this, and that they have severed all ties to IGE, promise.

In the sense of consistency, I'd recommend taking off any links you have to these, and stop giving them traffic.
The stench of gold selling coming from them is just too much to bear

bbr said...

I'm certainly considering it, and might soon. Perhaps others will as well.

It's a good thing wowdb is available now, as it's the only real alternative to the 3 owned indirectly by IGE.

Vashti said...

Really, I didn't know that.

I'm going to have to check out wowdb.

Anonymous said...

This is Malgayne from Wowhead. I know this is totally inexcusable. If I had my way we'd have shut down all ads on the site already, but unfortunately I don't handle the advertising directly.

I can tell you with assurance that this has nothing to do with Affinity Media. Our Director of Ad Ops has been staying up until all hours of the night desperately trying to find which of our ad networks is causing the problem, and has been for days. But i've seen this exact same redirect on lately.

These ads come in through banners that appear to be totally innocuous, unfortunately. Even the ad network that's showing the banner doesn't know it. And Right Media doesn't narrow it down as much as we'd like, since Right Media is an exchange platform that all of our ad networks use at one point or another--nearly every ad network in the business does. =/

mathanos said...

The least Wowhead could do is to provide a guide how to get rid of this trojan that people get because their just browsing their site.

Anonymous said...

Failure to understand the nature of trojans is part of the problem.

Would it have done any good for the residents of Troy to get rid of the empty horse after its payload had already been deployed inside her gates?

There is no "guide hot to get rid of" it. Format and re-install everything from original install discs. Once you've been breached by a program that can "phone home", there can be no guarantee that any anti-virus company will EVER see the special little hell these scum have installed on your machine. And thanks to some of the toolkits out there, what they install on your machine could be completely different from what they install on someone else's machine even if both infections started with the same trojan.

Anything short of a full format/re-install is merely playing the odds.