Malware warning?Follow

I just got what appeared to be a windows malware warning while I was on the main page of an FFXI forum. It made me suspicious because it said "User at IP address blah blah has gained control of your computer and has accessed your credit card information." It also said that I did not have all my Windows Security stuff activated, when I know for a fact that our work PCs are locked up tighter than Fort Knox. (Hell, all cookies are frickin deleted every time we boot up!)

I suspect I rolled over an ad which is masquerading as an offical Windows security warning. I don't mind pop ups, but this particular ad took me away from the Alla page I was on and jumped me over to an entirely different website so that I had to hit the back button. (I'll admit, it gave me the jumps too before I realized that it made NO SENSE.)

If it happens again I'll try to grab a screenshot.

Here is another similar one I just got:

http://www.catwho.net/images/fake.jpg

Very annoying.

If it wasn't I'd be in serious trouble with my company XD Every reboot it goes through and deletes all cookies (means I get to log into Alla fresh every day, woo), runs a complete virus check, and scrubs itself down, before I'm even allowed on the network. About the only thing it's due for is a good defrag, and that would have nothing to do with spam-ads.

The only places I surf at work are here, livejournal (paid account, no ads), my linkshell forum's website (private server, no ads), occasionally Killing Ifrit, and Scientific American. I somehow doubt that the Hitachi or HP websites have spyware tool ads on it. This sort of thing only comes up on Allakazham, and as you can see IE7 did a nice job of popping whatever blockup was trying to install itself.

I get some pretty wacky advertisements. Right above my post as I'm typing this, the banner ad didn't even load. It's a white box of nothing. Usually I just ignore them; once in a while I'll even click em if it's something worth looking at. ("You are the 999,999th visitor! Click here for a free Playstation 3" is NOT. That was an old tactic before the .com bubble burst!)

I know better than to click the links ;)

Virus scan on the work box came up clean. I can't run SpyBot or AdAware as I'm forbidden from installing software at all.

We'll keep looking into this, but so far we've been unable to reproduce the problem. Are you in North America?

In north america, forced to run on IE7 against my will due to company policy. :(

I had something similar happen yesterday. I clicked Alla from bookmarks, clicked on the server forums link and an Ad for Malware cleaning popped up. It had Yes and No option buttons. I clicked No and it began downloading. I closed out of everything asap, then ran my virus, and spyware programs. Luckily everything came up clean, so I must have been fast enough. I run Firefox, I have firewalls, and I use pop-up blockers. This was the first time this had happened on the Alla or any site.

I can support what he is saying.

Back before I got premium again(About 2 months now?), Alla window shut and it came up with a small pop up, like a normal error popup. It said that my system needed a scan, and click here to install some file to check my computer for viruses.

I don't have a screenshot as I thought nothing of it. I run the latest version of Firefox and alla was and is the only window i have open while viewing the forum.

I'm in the Netherlands, and it took me 30 seconds to reproduce the problem.

Firefox 2.0.0.9
1. Turn of Adblock so tribalfusion scripts are no longer blocked.
2. Refresh this page x3 (no premium so ads will load)
3. Third refresh closed the browser and showed a fake popup from doctorfix.com

The ads are localized for their audience, so I wouldn't be surprised if they can prevent the malware from showing on the domains that show the ads, or even to avoid regions that could take legal action against them.

These 'ads' are highly intimidating and are designed to bully people into installing their fake software. Once installed, a fake scan will reveal a load of 'problems' but you have to pay for the registered version to 'clean' your pc. If you don't pay, countless popups will haunt you everytime you try to use the pc. They will go away once you pay... until the version expires...

Every adserver that allows them will go into my banlist, and I would suggest anyone doing the same.

I didn't, but there's nothing to learn there. I already explained that without ads (premium or adblock) these ads don't show, while browsing a few forum pages with ads enabled will trigger the scam ads sooner or later.