Posted on 06/24/2008 11:03:26 AM PDT by andy58-in-nh
Is anyone aware of an attack on the American Spectator web site?
Upon attempting to access the site (using Windows 2000NT with a Firefox 3 browser) I received the following warning:
Looking up the site in Google, I found the following at the top of the entry list:
I have sent an email to the editor's attention, but was curious as to whether anyone else has had the same problem. I wonder whether the Kos Kids or the MoveOn Morons have been at work here....
I had a virus warning yesterday and had to exit IE.
No problems here..
That’s basically what I was being told by my browser - that the Spectator site was reported to harbor malicious software, which having been a frequent visitor for many years, I tend to doubt.
Unless it has been compromised.
I just tried out the site and I got right in using firefox.
I’ve noticed that I get blank ad windows popping up on that site the past few days, which I’ve never had before. The IE popup blocker does block something, but not these blank ad windows.
Do you run No-Script? Maybe you should. I am seeing 4 scripts running there, only one of them is originating from that site.
I flushed my browser cache and tried again - with the same result. I even put the site in my “whitelist” and it still gave me the warning. (Again, I’m using FF 3.0, which has a whole new malicious code blocking scheme). What really made me suspicious was the Google result. BTW, the Spectator has an alternate site address (http://www.americanprowler.com), which works just fine for me.
It is possible that an ad did it, or, hopefully not, a listing with the bad domain names triggered it (I say this because someone in a forum could have put that in their post and Google’s bots may not have understood that such a reference was not executable). The two domains listed as the referred ones have apparently infected Sears.com.mx, which is Sears for Mexico, along with a number of other sites.
Looking at the listing, it appears that someone posted a link, possibly as a response, that triggered the site advisory. I use a DNS blacklist that blocks most malicious sites, but still, it appears to be a valid trigger. The domain holder can follow the tools available to have the site re-scanned and cleared once the content that was detected is removed.
Malicious content was found hosted though links on the spectator.org site on the following... Malicious software is hosted on 4 domain(s), including h25.6600.org, chinabnr.com, dns5.8866.org.
I would expect that the American Spectator could run through their code or filter out those referred domains and when Google reevaluates the site, it will be fine again.
I do run NoScript, and it is showing me only one script running and that is the one that’s blocked.
Must be a 3.0 thing because I am having no problems on my 2.whatever it is.
Good information: thanks, guys.
Works on IE7. Maybe you just need a better browser.
That’s strange. I am seeing them scripts for...
spectator.org
fastclick.net
zedo.com
brnadw.com
Blasphemy!
No, thanks. I find Firefox to be much faster and offers better malware protection tools and numerous other nice add-ons that Microbloat can’t match.
Spectator.com made my computer go into hourglasses and “not responding” and I had to pull the plug.
This has happened twice and I am at least glad to know there is a cause.
But you know, at the time I was thinking, “There go those liberals and their love of free expression, again!”
So I did a quick whois on it and got:
Domain Name: BNRADW.COM Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.xinnet.com Name Server: NS1.BNRADW.COM Name Server: NS2.BNRADW.COM Name Server: NS3.BNRADW.COM Name Server: NS4.BNRADW.COM Status: ok Updated Date: 19-jun-2008 Creation Date: 19-jun-2008 Expiration Date: 19-jun-2009
I don't know if AmSpec knows what is being served through its pages, but I would suspect they should make some major changes really quickly. I know I wouldn't want any javascript or activeX controls from any chinese company served through my webpages.
It would be interesting to see what that javascript does, but I'm not going to mess with it.
The ‘Attack Site’ blocking on Spectator.org is particular to the new Firefox 3.0 browser. It has built in security for checking potentially malicious sites. Not sure why the Spectator site is kicking out this message, or why the alternate ‘Prowler’ URL is free of this message. Perhaps the web-geeks at Spectator.org will figure it out and make corrections.
For those using Firefox 3.0 who wish to override this feature, you can go to ‘Tools / Options / Security’ and uncheck the item indicated with the following text:
“Tell me if the site I’m visiting is a suspected attack site.”
Hope this proves helpful or informative.
What I eventually did was to change my bookmark to point to the Spectator’s alternate address site at: http://www.americanprowler.org.
Works fine now.
My Firefox version is only 2.0.0.15 on this machine, although it does have the 'Attack site' blocking selection in the security menu though.
However, it wasn't the Spectator.org site that made the browser krap™ out, it was the "b.js" script from the bnradw.com site which did it. Browser worked fine on the page until it hit and loaded (apparently) that jscript. Then is when it died. I know this because after I did the whois, I tried to go to the bnradw.com site and look at the b.js script and that's what killed the browser again.
Fortunately, I don't usually go to or read the spectator.org site and only went there to check out the problem reported by the other poster. Now that I know they harbor all kinds of js and activeX krap™, I'm not going to go there at all and probably will put it in my hosts file so that even if I forget, my computer won't let me access it. [evil grin]
Like I said in my original post, if the guys at spectator.org wanna put that kinda krap™ on their webpages, they won't get hits from me. If more people refused to go to websites with potentially 'malicious' code on them, then the people who write this krappy™ code would maybe just make do with simple html and xhtml and forego trying to screw their viewers over with this kinda stuff.
But thanx for your concern and input though. #8^D
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.