ATS is installing viruses on my computer? That is what McAfee just told me

an ATS ad tried to put a trojan on my computer, and a friends computer when i tried to link them here.

This is definitely not good business if you want to be seen in any kind of mainstream light.

The message from McAfee:

exitexchange.com may cause a breach of browser security.

Then my control panel opened and told me that a trojan had been removed.

I would like assurances that this will be rectified, as i cannot put mine or others computer at risk because of shady advertisements.

Mcafee is stupid.
Though recently there has been allot of DNS injection attacks-which domains are substituted and malware viruses CAN be done. Just because mcafee says so doesnt make it true.

It sends false positives all day long.

Do you have the full report from mcafee?

Companies like McAfee and Norton make all the computer viruses themselves, for you buy their software. $$$

It's a conspiracy

Here ya go...

The antivirus software conspiracy

reply to post by lordtyp0


yes, but it is a corporate laptop. I can't send it.


It says that the adware was trying to make registry changes to my computer. I have gotten it a few times.

I would like to add that if it is happening to me, it is happening to other users (as in the person that i tried to send a link to, who now won't touch any links to this site).

It creates a bad perception. ATS needs to fix it, conspiracy or not. Unless credibility is no issue.

Does it list what 'trojan' it is?

i will look up the log on it when i get back to work tomorrow morning. It was on my desktop system at work.

Here is what the friend recieved:

exitexchange.com may cause a breach of browser security.
Why were you redirected to this page? When we tested, this site attempted to make unauthorized changes to our test PC by exploiting a browser security vulnerability. This is a serious security threat which could lead to an infection of your PC.

View detailed site report
Back to previous page
How to override this warning

There is a link to view the detailed site report:

www.siteadvisor.com...

If i follow a link on that page, here is a write up describing a browser exploit by exitexchange.com:

www.benedelman.org...

Got the same thing, BFFT.

Hmm, does the advertiser owe us reparations now?

The pain, the pain...

Bind has some vulnerabilities to name injections that have been making rounds. If your company uses Bind (named variants), and isnt patched you could get infected from any site. It isnt related to say ATS or CNN or any domain per se as the DNS server that tells your computer where to find the domains.

The following link will test your DNS server for this type of man-in-middle vulnerability:

www.doxpara.com...

If your work uses bind, its a fast fix. If they need help let me know. More patched servers = my life is easier.
(edit with additional info)
Because I know someone would ask: Which is better to do a local hijack on? www.cnn.com or the advertisements that display on cnn, nytime, ATS and thousands of others by snagging the advert domain names (linkexchange etc. etc.). With the later millions of systems could be infected. Hence the danger of this MIM attack.

[edit on 17-8-2008 by lordtyp0]

I have Sophos anti virus and every time Im on ATS it picks up stuff. I thought it was a coincidence but now Im not so sure. I now have 6 trojons I cant remove and various Adware stuff. Its slowing my computer down so much, I really would like to think its not from ATS.

This topic is so old. Do a search on ATS people instead of creating ten posts!

www.abovetopsecret.com...

this thread might have some answers. peace

I've only been notified twice while here and one was on some link from one post and another was yesterday after I opened a thread here.

Maybe it also takes awhile to open sometimes anyway?

The one I had wasn't the same and was an old virus from 2005. I suppose it could have been from a questionable DVD I watched on my computer for the first time yesterday also? Many ads here bump me off the site it seems. I've had warnings before clicking on news and health links also.

I guess it shows that it's working.

Rule#1 Only surf the web with Firefox

Rule#2 Dont waste money buying antivirus software, download AVG, its free and does just as good a job

Originally posted by TallWhites
Rule#1 Only surf the web with Firefox

Rule#2 Dont waste money buying antivirus software, download AVG, its free and does just as good a job

Rule#3 Do Rule#1

i monitor very closely what comes through the internets, and on ATS i have blocked these sites:

google analytics, quantcast.com, quantserve.com, maybe one of those is trying to hijack your machine...

The rule to end all rules, #1, and dl the plug ins to block everything...

Originally posted by TallWhites
Rule#1 Only surf the web with Firefox

Rule#2 Dont waste money buying antivirus software, download AVG, its free and does just as good a job

Add Adblock Plus and NoScript to Firefox and the experience will be even better.

We perform a significant amount of proactive management on our servers and site code. I can assure you, without any doubt, that nothing within the ATS code base or servers is initiating any activity on our user's computers that may be categorized as harmful in any way. We do regular audits of our code to ensure we're not vulnerable to exploits, and our contract security firm performs weekly analysis of our servers to conform there have been no server-level exploits.

That being said, it's an increasingly common occurrence to encounter one of the following:

1 - Attempts to exploit banner campaigns: From time to time, we have experienced one or two advertisers that have either had their ads exploited, or are running ad campaigns that have "been sneaked" into the normal rotation of the networks that may contain malicious code.

2 - Over-active virus software: We've encountered several situations were members misunderstand over-active virus scans, and the inappropriate classification of "cookies" as malicious "adware."

If you have some detailed logs, we'd like to see them, so please send me what you can via U2U.

We are not using exitexchange.com, nor are we using any pop-ups/unders on ATS. If you're seeing something from exitexchange.com, it is most like an advertiser that inappropriate attached pop-up/under code to one of their banners... and again, if you can help identify which one, we'll fix it.

But in any event, exitexchange.com is a reasonably well-regarded provider of that type of advertising, and is not generally known to be malicious... so your virus alert is perhaps overly aggressive.

That exitexchange sounds like it has something to do with the ads... in which case, it is most likely the banner ads on the site rather than the site itself. If the ad is trying to execute or ask permission for something, antivirus programs may flag it falsely as a trojan or virus.

And I definately agree that there is a antivirus company conspiracy... I would say 90% are made by the companies themselves and maybe 10% (at most) are lunatics or phishers.

Use another browser besides IE (such as Opera, Foxfire, Mozilla, etc) and as long as you don't visit any shady sites (porn, torrents, warez), you really don't even need an anti-virus program. I personally don't use one. If anything I would recommend a free program like AVG. Norton and McAffey are basically just huge drains on your computer's resources. IE does have massive security holes though so that is the biggest thing to be safe online... get another browser.