... written for Panbo by Ben Ellison and posted on Oct 7, 2011
Where did all the display ads go? Well, it's a long story, really, but the important thing is that I'm now about 99.9% certain that it is safe to browse Panbo without danger of downloading some devious software. And here's a huge apology to anyone who has suffered a PC infection due to a virus on the third party ad server, though hopefully it's only the two PCs at one electronics company I already know about. But please do report any anomalies you see or that a virus scanner sees. Just email ben (at) panbo.com. I'll add more of the story if and when my blood pressure settles down.
I didn't notice anything odd virus wise, rarely do using a Mac and BlackBerry.
Posted by: Anonymous at October 7, 2011 3:38 PM |Reply
Oh that sucks. Sorry to hear that. All seems fine on my end though.
Cheers
Philipp
Posted by: Philipp at October 7, 2011 3:57 PM |Reply
Relax Ben; my plain-Jane McAffee install blocked the content and saved me from whatever there was there, twice. You can sleep tonight, no one is looking for you on MY behalf!
Posted by: Sandy Daugherty at October 7, 2011 4:02 PM |Reply
No problems here; but then I use Mac's... :^)
Posted by: fgstreet1 at October 7, 2011 4:04 PM |Reply
Just use NotScripts / Chrome or NoScript / Firefox :)
Posted by: elibit at October 7, 2011 4:40 PM |Reply
Hi Ben,
I am sure you are embarrassed, I applaud your quick response to mitigated the the damage, and to inform everyone.
I personally find this amusing. Fortunately there are simple fixes for computer viruses, not like some forms of STDs. Relax, let the blood pressure subside and enjoy an adult libation.
It is after 5PM here, I think I will have a glass of wine.
Pat
Posted by: Patrick Harman at October 7, 2011 8:15 PM |Reply
Luckily the free version of Avast blocked it for me.
Posted by: abbor at October 8, 2011 12:23 AM |Reply
Was the infection the infamous FakeAlert trojan? If so, then I was unfortunately affected -- badly. It took me 72 hours to get rid of it and recover my computer (and there are still a couple of problems, but I'm back alive). Ben, I really feel for you. I do NOT blame you or hold you responsible in any way. If anything, I'm annoyed at the antivirus/etc. software that my company installed for not catching it.
Didn't notice anything on our Mac's.
Our compliments for getting on this so fast. Hope you get the ads back soon. We need them to pay the bills for this marvellous site.
Posted by: Rick R at October 8, 2011 6:24 AM |Reply
A second for Avast (Free version). One of the best, and lightest weight antivirus packages for Windows, and its free for Non-Commercial use.
It started picking the virus up about 1 week ago when visiting your site.
Sorry I didn't let you know as I assumed it was an issue with a False Positive on Avast (which has happened to me before), but it seems there was indeed an issue.
Thanks for the support, friends, and I'm glad to report that no one has reported a virus warning since the iframe ads were taken down.
SheltieJim, some reports indicated that the ads being served onto Panbo by Mad Mariner, using OpenX software, were infected with something called "HTML:iframe-inf malware" but I think that's a virus whose job is to deliver malware to computers via an exploit of OpenX iframes. Until this morning I only had one report of PCs that might have actually caught a virus from those ads, and I don't know what virus that was, though I'll ask.
Just now I got an email that goes like this:
"While enjoying your latest entry, my Windows 7 PC suffered from a virus attack. A box appeared noting 'Hard drive running at 20% speed', 'Overheat Warning', 'Ram Fail' etc. Black desktop background only. Program files appear to be missing. Any idea of a virus removal software which I may use to repair the damage?"
Does anyone have suggestions for this Panbo reader?
Posted by: Ben E at October 8, 2011 9:45 AM |Reply
Here's another data point for Kevin (the Panbo reader with the virus) or anyone trying to help him. The IT dept at the major electronics company where two computers were purportedly infected reported that Panbo was blocked when "our Symantec Endpoint Security pop up a message with: [SID: 24089] Web Attack: Malicious Toolkit Website 9 attack blocked. Traffic has been blocked for this application: \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE"
Posted by: Ben E at October 8, 2011 10:21 AM |Reply
Possibly useful info from a regular Panbo reader (thanks, John): "On Wednesday, I got a 'Data Recovery Virus' from someone; McAfee didn't catch it, and neither McAfee nor Norton were able to remove it. I finally got rid of it via Malwarebytes, but unfortunately lost other data in the process."
More than agree, Adrian, and am working on a plan that should just about guarantee that it doesn't.
Posted by: Ben E in reply to adrian at October 8, 2011 1:23 PM |Reply
I have in my computer about 2400 warnings, I could not delete, do you have the same problem?
Antonio
Posted by: Antonio Lourenco in reply to Anonymous at October 8, 2011 1:51 PM |Reply
I have a problem in my computer, my anti-virus find about 2400 warnings, I couldn't delete.
do you have the same problem.
Antonio
Posted by: Antonio Lourenco at October 8, 2011 1:54 PM |Reply
I had a virus about 2 months ago (didn't get it here) that popped up hard drive failure warnings. It disabled anti-virus software and set attributes of every file on my drive to read only and hidden.
I was able to run Regedit in safe mode to delete its startup run key. That restored some control over my system.
There's a super strong free program called Combofix that disinfected a patched kernel file then found and deleted remnants of the virus.
--- captchas
Posted by: Charlie at October 8, 2011 5:46 PM |Reply
Symantec End Point protection caught and killed it
Posted by: Richard Holtz at October 10, 2011 5:06 PM |Reply
Thanks, Richard, and I'm happy to report that the electronics company that also uses Symantec End Point now says that Panbo tests clean.
The IT dept there said that several different malwares could have been transmitted by the third party ad server (so far unfixed), and that the first place they check for fixes is site I didn't know, though I like the URL:
Posted by: Ben E in reply to Ben E at October 10, 2011 5:31 PM |Reply
"Hope you get the ads back soon. We need them to pay the bills for this marvellous site."
Rick, thanks for recognizing the value of advertising on Panbo! And I must say that my relationship with Mad Mariner was great because they handled everything; I was as surprised as anyone by new advertisers. But actually the relationship only began well, and this virus business -- not yet fixed across the Mad Mariner Network as best I can tell -- was the last straw.
I've been extremely busy this week setting up a new ad serving service (Google's DFP, which should be very secure) and breaking in a friend and experienced ad guy (contact: ads at panbo.com).
So ads are coming "in house" to Panbo, at least for a while, but let me add a disclaimer for those who think magazines and web sites that take ads are biased: In about 12 years of writing about electronics for major boating magazines, I have never been told who to write about, or what to say. And the few times that a subject manufacturer got mad, my various editor's first impulse has been protective and truth seeking. On Panbo, where I guess I'm editor and publisher, I don't recall any advertiser ever asking for special treatment. There's a lot of mythology on this subject out there.
But this ad virus business has limited my ability to write fresh Panbo entries, which I regret. However, I'll be back!
Posted by: Ben E in reply to Rick R at October 12, 2011 8:25 PM |Reply
Very pleased to note that display ads are running on Panbo again, only now they are being served by Google's DoubleClick. If you notice any issues where the ads seem to mess up the site formatting, or come across an ad link that doesn't seem to work right, please let ads(at)panbo.com know.
Posted by: Ben E at October 18, 2011 1:57 PM |Reply
Share
at October 7, 2011 3:57 PM
I didn't notice anything odd virus wise, rarely do using a Mac and BlackBerry.