Pages in topic:   [1 2 3 4] >
Nov 20 malware incident
Thread poster: Ty Kendall

Ty Kendall  Identity Verified
United Kingdom
Local time: 15:15
Hebrew to English
Nov 23, 2012

I feel like an ex just called me out of the blue..... :-/

Following the weird thing that happened earlier in the week when ProZ.com went all Typhoid Mary on us, has anyone else:

a) received this message:

"This message is to let you know about a service problem that
occurred at ProZ.com on Tuesday morning. ProZ.com's dedicated ad
server was infected with malware around 09:55 GMT. That malware
was active for about four hours, after which time ProZ.com's
banner ads were turned off. The direct effect of this malware is
that a site user who visited a page with banner advertisements
could have received content from, or could have been redirected
to, a site other than ProZ.com. This caused alerts to be issued by
some antivirus programs (such as Norton).

You are receiving this alert because the log files indicate that
you may have visited ProZ.com during the period that the malware
was active. Beyond redirects, there have not been any reports of
service interruptions or other consequences from this malware.
However, it is possible that you could have received content from
a site other than ProZ.com, and it is possible that that content
could be malicious. Therefore, in the interest of being cautious,
if you have anti-virus software, it might be a good idea to run a
scan. And if you do not have anti-virus software, you might
consider installing the free Avast anti-virus and/or the free
MalwareBytes anti-malware programs, available from
http://avast.com and http://malwarebytes.org respectively.

For more information about this incident and steps you can take,
please see http://www.proz.com/about/security

If you have any questions, please respond to this message or enter
a support ticket at
http://www.proz.com/support.php?mode=ask&type=abuse

Thank you for using ProZ.com. Please accept our sincere apologies
for any inconvenience this issue may have caused you."

and

b) Had any difficulty with malware as a result of this????

Just thought it would be prudent to compare notes. My anti-virus software is saying everything is fine, but others have told me that this malware can circumvent it.

Anyone else?

[Edited at 2012-11-23 11:21 GMT]

[Subject edited by staff or moderator 2012-11-23 15:19 GMT]


Direct link Reply with quote
 

Teresa Borges
Portugal
Local time: 15:15
Member (2007)
English to Portuguese
+ ...
I received the same message... Nov 23, 2012

... my anti-virus software is saying everything is fine, but I lost my connection to GoToMyPC (I am in Lisbon now)...

Direct link Reply with quote
 

Anna_Furman
Ukraine
Local time: 17:15
English to Russian
+ ...
Yes. Nov 23, 2012

Yea, I've received the same;). I'll check my PC for some problems later. Just now I feel no inconveniences (troubles).

Good luck!

Anna


Direct link Reply with quote
 

Ty Kendall  Identity Verified
United Kingdom
Local time: 15:15
Hebrew to English
TOPIC STARTER
My computer has been glitchty of late but.... Nov 23, 2012

....it's hard for me to judge because I'm working on an old-ish laptop (I am getting a new one for Christmas ). So I can't tell if it's glitchy because of a damned good virus or just old age.

[Edited at 2012-11-23 11:28 GMT]


Direct link Reply with quote
 

Samuel Murray  Identity Verified
Netherlands
Local time: 16:15
Member (2006)
English to Afrikaans
+ ...
Who got infected Nov 23, 2012

Ty Kendall wrote:
ProZ.com's dedicated ad server was infected with malware around 09:55 GMT. ... The direct effect of this malware is that a site user who visited a page with banner advertisements could have received content from, or could have been redirected to, a site other than ProZ.com.


Well, I don't think the infection was the type that spread to other computers.

The infection caused certain ProZ.com pages to automatically forward to another site, and such a forwarding action is recognised by anti-virus programs, but it does not actually infect the user's computer. It merely redirects to the user to another site.


Direct link Reply with quote
 

Ty Kendall  Identity Verified
United Kingdom
Local time: 15:15
Hebrew to English
TOPIC STARTER
Samuel...... Nov 23, 2012

They also say:

However, it is possible that you could have received content from
a site other than ProZ.com, and it is possible that that content
could be malicious.


And I also know for sure that someone had a problem with malware immediately following the incident. (I'm sure they'll be along to recount their experience).


Direct link Reply with quote
 

Decipherit  Identity Verified
United Kingdom
Local time: 15:15
Portuguese to English
+ ...
YES! Nov 23, 2012

However, you're the lucky one since I didn't even get this message. I suspected ProZ though. On Tuesday morning, I came to the site and was redirected to some other site giving me my ISP. I thought it was a ProZ glitch and carried on as normal, however, in no time Chrome crashed on me, followed by Word and Outlook and I kept receiving pop-ups asking if information could be relayed to HP, Google etc. I did a full virus scan - nothing, but it was clear that things weren't right. I rang McAfee, went through two technicians who couldn't fix the issue, the malware kept reproducing itself and couldn't be cleared. I had to wait 24 hours for a "senior technician" to clear the issue. It took him just under 2 hours, so 4 hours and 41 min in total spent on this and I missed 3 excellent jobs as I was reluctant to take on new work until the issue got resolved for fear of letting clients down. I do have other computers to use as back-up but time spent on the 'phone with technicians has a tendency to eat away at your schedule. Thank you ProZ!

Direct link Reply with quote
 

juliette_K  Identity Verified
Local time: 16:15
French to Italian
+ ...
One of the (many) good reasons for going Mac Nov 23, 2012

All my solidarity to PC users having hard times : (

Direct link Reply with quote
 

Shai Navé  Identity Verified
Israel
Local time: 17:15
Member
English to Hebrew
+ ...
Some suggestions Nov 23, 2012

Like Samuel, I am also doubtful that the redirection resulted in direct infection of the computer, unless the user has downloaded, installed or at least approved something from the malicious site.
However, since some users report issues immediately after that redirection, and because no more in-depth details about the infection are available, I guess that it is possible.

I suggest the following:
1) Run an AV scan from a bootable media. Developers such as Avira, Avast, AVG and others (check your AV brand of choice website to see it they made such version available) offer a version of their product that can be run "outside" the OS from a bootable media (CD or USB flash drive). This is preferable over running a scan with the existing AV because some malware can "hide" from and even disable the resident AV.
2) Run a malware scan with a designated tool such Malwarebytes antimalware and Superantispyware.
3) Run an Hijackthis scan and analyze the log in http://www.hijackthis.de/ (download the file from the top right corner of this webpage). This is mostly for browser hijacking but can also point in the direction of connectivity issues. It is a little less user-friendly than what one might expect, but recommended nonetheless.
3) Check your Firewall log for any suspicious activity, especially for unknown softwares that try to "dial home".

This is the basic first response steps that I recommend taking in case of suspicion (or just for good measure).

[Edited at 2012-11-23 12:39 GMT]


Direct link Reply with quote
 

Maria Arruti  Identity Verified
Spain
Local time: 16:15
Member (2012)
French to Spanish
+ ...
Same here Nov 23, 2012

I received that message yesterday, and afterwards I got a blue screen error twice. I hope the one has nothing to do with the other...

Direct link Reply with quote
 

Decipherit  Identity Verified
United Kingdom
Local time: 15:15
Portuguese to English
+ ...
Quite likely Nov 23, 2012

Maria Arruti wrote:

I received that message yesterday, and afterwards I got a blue screen error twice. I hope the one has nothing to do with the other...


I forgot to add that while in the throes of all these issues I re-booted in an attempt to solve the problem and I also got a blue screen.


Direct link Reply with quote
 

Tom in London
United Kingdom
Local time: 15:15
Member (2008)
Italian to English
Me too Nov 23, 2012

juliette_K wrote:

All my solidarity to PC users having hard times : (


As a Mac user, I don't get infected. In 10+ years of using Macs I've never had any form of virus. And I hear that Windows 8 is virus-free too (although I don't know if that's true).

[Edited at 2012-11-23 13:41 GMT]


Direct link Reply with quote
 

Jenny Forbes  Identity Verified
Local time: 15:15
Member (2006)
French to English
+ ...
Me too Nov 23, 2012

I got the message from Proz. The day before, like Lisa, when I went to Proz I was redirected to the ISP page. As I didn't understand what it was on about (I'm no tecchie) I just exited from the page and luckily everything seems to have been working normally since - fingers crossed.
Jenny


Direct link Reply with quote
 

Jason Grimes
Local time: 10:15
SITE STAFF
Details about the issue Nov 23, 2012

Details about this issue are available here: http://www.proz.com/about/security

At this time, the only reported problem that is known to be consequence of this issue is that some users were redirected to another site when viewing a banner ad during that 4-hour time period.

I would ask anyone who has evidence that their computer was infected with malware as a result of this issue to please submit a support ticket, including logs from an anti-virus scan.

I'm sorry for the inconvenience and alarm this has caused.

Thanks,

Jason


Direct link Reply with quote
 
opolt  Identity Verified
Germany
Local time: 16:15
English to German
+ ...
Not infected -- but watch out Nov 23, 2012

There is no infection on my computer, most likely because I'm on Linux and haven't seen a virus for at least 15 years.

But I did receive the email, and the whole story should serve as a reminder to everyone that servers can get compromised, and the data stored on them can be stolen or tampered with.

I don't know about the details, but there is always the (theoretical) risk that the password database stored on the site gets compromised too, so my advice would be to never use identical passwords for different sites. If e.g. your ProZ password gets stolen and you happen use the same on another site with critical data ... well I guess everyone is getting the point.

I don't do this (i.e. I use different passwords for different sites, storing them in an encrypted database because there are so many of them), but it is a well-known fact that some people use one and the same password across sites because they don't want to remember that many, or don't know how to handle this.

As I said this is all theoretical, but personally I'm of the opinion that given that we don't know anything about the nature of the attack and the way the servers are configured, now is the time to go ahead and change your ProZ password. I changed mine, immediately.


Direct link Reply with quote
 
Pages in topic:   [1 2 3 4] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Nov 20 malware incident

Advanced search






SDL Trados Studio 2017 Freelance
The leading translation software used by over 250,000 translators.

SDL Trados Studio 2017 helps translators increase translation productivity whilst ensuring quality. Combining translation memory, terminology management and machine translation in one simple and easy-to-use environment.

More info »
Across v6.3
Translation Toolkit and Sales Potential under One Roof

Apart from features that enable you to translate more efficiently, the new Across Translator Edition v6.3 comprises your crossMarket membership. The new online network for Across users assists you in exploring new sales potential and generating revenue.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search