They are being pretty forward about the whole thing, so I guess it isn't surprising.

I think no-one could blame them for falling for this in the first place - those scammers are clever.

I dumped Adobe Acrobat Reader a few years back because I got tired of it wanting to update itself every other day. Combined with malware risks, it was a bridge too far.

I switched to FoxIt Reader.

Which is exactly what's happening with Apple. All that bragging is going to go down the tubes real fast.

turned out i was dealing with a few rootkits in addition to about a dozen fakealert.trojans & just about everything else. combofix got me to a point where i could delete the reg keys that were disabling regedit & admin rights. from there it wasn't long before the beasts were slain!

in retrospect, if i ever run across that again, i'm just gonna do a fresh winstall.

@kexline: Yeah, I read about it's flashdrive infection habits on some forums somewhere. I made sure to enact removable storage scans on my PC's through AVG.

@katstermonster: As I have been saying, it waits, and launches in waves. Eventually, it hijacks your desktop picture, and tries to get you to pay it $49 to "remove" itself. People seem to forget the Michalanglo virus, and how it launched on a specific day. Since it hijcaks your hosts file, your browsing might have triggered it by simply accessing the file and it was the right day.

what really annoys me about IE us how easy it is to infect a system running it. If you search around you will find random forums where some people will share a exploit (many of which have reach the script kiddy stage where it tells you to unzip the contents of a file to your FTP server and copy and paste the code from the readme to the to your page then wait for a user to load the page.

some of the outdated exploits for IE6 still work on IE8

PS being in a limited account wont stop you from getting infected

at my college, they are now forced to re image the systems regularly because of the computers constantly getting infected with malware, many rogue security apps.

the imacs are also getting infected, the only OS that the college has not tried is a linux based one.

whats needed in a custom linux live OS thats placed in a internal USB port that comes preloaded with all app and setups that the college wants then is write protected that way when it becomes infected, a simple restart will fix it.

AdMuncher is not free but it's best $25 I ever spent. Imagine watching Hulu with no ads! No blank screens, simply no interruptions!

I have been add free for years now and I love it.

@kexline: I got this once, but I just open task manager after a reboot before it could run and I killed it. Took some malware bytes to remove it.

@Ursus Maritimus: You sell them to Wheel of Fortune. I hear they pay for them like cash for gold pay for gold. Sure your extra vowels are just lying around being damaged or borken. But you could sell them on craig's list for $50-75. At Wheel of Fortune they buy the vowels for $5-20.

Why do you think consumerist posts some stories that may not belong. So they can disemvowel people and sell them off.

It is also great that Gawker has made their email's available to external sources. It makes for an interesting read, and hopefully provides other blogging platforms a good example for what to look out for (so this doesn't happen elsewhere).

However, I think they have a duty to warn their customers that have been potentially effected.

Another step to try is to boot into safe mode and then access the Program Files folder so you can delete the actual location of the executable. Of course, you'll need to know that information. Depending on what's popping up (so to speak) on your system, you might need to sort the folder by date order so you can see what was recently added. Once you clean up the folder, you should be able to fully boot up and then run your Malwarebytes' Anti-Malware program.

HTH.

I knew you were joking. *shrug*

I've linked it again in case you need to review [www.xkcdb.com]

My comment was clearly made in jest, asterick and all. If you're over the age of 12 you should be able to discuss different computer operating systems without acting like it's a personal attack or turning into the Comic Book Guy character. Gizmodo is down the hall to your left.

And I wrote that on a Win7 Dell :o) *shock,horror* Nothing in life is so black and white.

The best thing to do is keep your version of the Flash player updated. And use Firefox with extensions like AdBlock or NoScript or FlashBlock.

But just recently my mother got the "PC police pro" malware on my old laptop (xp) and I had to go to her house and go through the whole riggamarole of going to the original backup point and installing everything again. Such a pain in the ass...and I never heard of the crap before.

Best to use something like NO SCRIPT on every site. No problems with that.

@mommiest: The scammer wasn't from the real Spark Communications, read the article. They registered a domain that was extremely similar and kept a Chicago phone number to fool the Gawker ad rep.

@boogermike: Well, if you read the linked article, they're incredibly open about it. It has the entire email exchange with the con man, and he's flawless. Read the emails, he sounds exactly like a real buyer from an ad agency. It's nothing like the broken english you'd expect from a Nigerian scammer. He has all the buzzwords down. I guess I see your point about putting something up in their own network about the breech, but they were really transparent with Silicon Valley Insider.

You're so right...this thread is really helpful, I feel so useful! See, I can do things other than launch sarcasm bombs at trolls and argue with conservatives!

Police Pro is the bane of my existence, I freaking hate it. All Control Panel applets disabled....AWESOME.

Here's a good tip for using flash media and not getting fucked by viruses: get a bunch of SD cards (because they can be physically locked against writing, unlike thumb drives etc.) and an SD card reader. Anytime you're transferring data TO a suspicious machine or one that isn't yours, lock the SD card. At my job, we have a Mac in the shop that we use for formatting the cards after every use (although formatting cuts down the life on SD significantly). This doesn't help much for getting data onto your machine, because I believe a virus on a locked card can still do its thing on the new prey, but it's something.

Looks like you read the later comments ... what GESD said was news to me, and will definitely affect my future behavior.

As I mentioned in another comment, I do IT for a large university, and have for 3+ years. I am capable of manually cleaning almost any virus off of almost any system. I know my shiznit. I got "XP Antivirus Pro" on my lab computer last year while I was sitting here running Matlab and checking my email, maybe surfing facebook. All of a sudden I had a popup and it was all over. I was using Firefox with Adblock running. My Windows firewall was alive and well. Symantec AV (not a great program, I know, but it's a lab computer so I didn't have a choice) was updated and running, with auto-protect enabled.

My point being: these new fake AV programs are tricky. They can infect a well-protected computer with no action from the user. It's bad.

Police Pro is the latest flavor.

Not the WALL OF FLASH ADVERTISING WITH SECURITY HOLES a lot of other sites throw at people.

Lesson learned.

You're the one bringing awkward phrases like "pwn3age" into this conversation - I referenced a bit of quote that I found humorous and topical; try not to get too worked up about it - I'm sure if you click the right things on your mac it'll take you back to a happy place where people don't point out that your comments are useless and tired.

When companies make mistakes, it is telling how they handle the aftermath. In my mind, admitting a mistake, and providing the customer with resources to remedy the situations is the best way.

Silence is never the right way, as incriminating evidence gets out quickly from other sources.

Gawker - FAIL on handling this PR nightmare effectively.

LOL @ superemvowel. I'm looking forward to the day that I read a comment so awesome that it gets extra vowels

@betsbetsbets: Ultimately, whenever you get a virus, the easiest and safest thing to do would be a format and re-install. In the end you will have a nice fresh and new operating system operating at peak efficiency, and you will have spent as much time doing the format install, update and application install as you would trying to clean out your system.

@Jakuub: Did you post the same for those suggesting Firefox ad-blocks as an alternative?

Also "pwn3age" attempts via xkcdb and the like only works on fellow geeks. In fact, I had to consult urban dictionary to remember how to write "pwn3age". It's not my scene and just doesn't have the intended effect. Know your audience.

It's funny, I rarely get my anti-virus software to detect mal-ware, but my free Spybot usually picks them up and removes them.

@Trai_Dep: It is my understanding that the website (in this case Gawker) reserves a spot on its page for an ad. When you go to the Gawker site, the Content management system builds the page for you and tells the ad sponser to insert the ad content in the designated space. The advertisement runs a script which installs malware on your system.

A similar incedent occurred to the NY Times. Information on what happened can be seen here [www.wired.com]

"I am writing from Spark Communications - a full-service media agency with a client-centric approach. We are looking to place display advertisements for some of our premium clients."

Can't we get SPARC International to sue these guys? I could easily confuse the two names! I would swear to it in court, if it would keep these two jerk-ridden companies busy. [consumerist.com]

Most of these things can be easily stoped by running WinPatrol. It's a free program that blocks anything that tries to add itself to the system.

Yet somehow, late one night, my winbox went from normal to apeshit in the space of about 90 seconds. I never saw a real Windows prompt the whole time. I didn't want to click anywhere in any of the fake windows, but somehow the attack disabled my access to the command prompt and Task Manager. I unplugged the network cable and fiddled with it for a few minutes, but ultimately had to disenplug the thing.

The only, only thing I did wrong was browse as Administrator. I am now one befuddled unix mage with a shiny new Winders install. The old partition was so trashed that I couldn't boot it if I wanted to.

BASTARDS. Thanks a lot, JEZEBEL. They get me too.

@MostlyHarmless: With all of the fake disemvowlings recently, we better watch out, Roz might come out with guns blazing a re-emvowel posts, or worse yet superemvowel posts. COuld this be one of the new features that Consumerist was promising with the move over to the CU servers? Hmmm

On the other hand, during the 5 years when I had my Windows XP machine, I never was infected with viruses/adware/spyware, and I didn't even have any of those scanners installed or running.

You would be surprised how safe you can be just using Firefox with Adblock and Flashblock. Oh and also being careful of what sites you visit.
YMMV though.

@Eldritch: "I hate malware people, why do they do this?" OK, you probably did not want an actual answer to that question, but I will give you one anyway...Money, plain and simple. If they can install malware on your machine, they can use it for sending spam or DDoS attacks.

This kind of thing happens all the time at my office. People are picking up spyware and the like from other reputable websites like CNN and The New York Times all the time. Keeps me plenty busy wiping that stuff away.

Once I figured out the cause was the served ads, I installed AdBlock and never looked back.

on the bright side, i've noticed a real difference in protection in that past few months on both my home & work computers (which use different AV suites). but the problem is definitely getting worse. 3 times in as many weeks i had to force-quit browsers that were redirected to sites looking to download this crap. & i'm a very careful internet user - i stay away from the scary back alleys as much as possible.

plugins:
Adblock Plus (as mentioned above) [addons.mozilla.org]
NoScript: [addons.mozilla.org]
Flashblock: [addons.mozilla.org]

There are common tools available to easily minimize the exposure to malware, a certain percentage of people aren't aware of them yet, but many are but yet have their bad surfing habits and refuse to change.

Add in flashblock for good measure.[addons.mozilla.org]

Many of them are good at what they do. but many of them never really learn about anything other than what they studied in college.

for me, since I first used windows xp I have never had any infections. security software doesn't keep you safe, the reason why many people today are constantly in need of support is because they feel that a firewall and other security software install and running makes them invincible. pretty much all new infections are designed with security software in mind.

simply disabling all of the startup items and windows services and pre boot items will stop probably about 90-95% if exploits and infections that install with no action on the users part. the rest are generally stopped by using a browser thats not IE.

if you look at most security updates, and security problems and exploits reported on places like security now podcast, almost all of them rely on a vulnerability in a service or part of window that the average user of the OS will never use or even know exists, microsoft just leaves it all running just in case it is ever needed to reduce support calls, the downside of this is significantly reduced security, reduced speed and performance.

and also no OS is secure if a unsecure user is using it.

the best line of security is the person using the computer. if you are not someone who actively stays safe and secure then no matter which OS you use, you will get infected by malware, it is just slightly easier on windows since it is the largest target.

eleventh hour internet victory. Hearted

@West Coast Secessionist: I haven't seen these on anything other than XP. Upgrade to Vista or 7 and you're safe... unless you've been dumb and disabled UAC.

Seriously, Vista x64 has been completely virus-free for me, and the OS hasn't been crappy for a few *years* now. It's XP that's the problem, not Windows in general.

Some people are into kinky stuff and flog themselves.

So that's what that was. Doesn't appear to have affected me, but it sure made my browser go crazy for a minute.

@Eldritch: They got me through Gawker. I used MalwareBytes and cleaned it right up.

@GitEmSteveDave_FullOfEvilClowns: Or you can browse on a Mac :oD *

*I know, I know I'm just as bad as the politicizers

It's getting nuts. In the last 6 months we've had the fake-antivirus virus on C-level executives' machines, software engineers (Really ought to know better) down to the receptionist. And every [Windows-using] friend I have has had it too.

If you want to protect yourself from this problem, make a separate account on your computer, make it an Administrator account, and demote your normal account to be a "Limited User." Only log into your Admin account when you need to install or update software. NEVER browse the web in that account other than to go directly to windowsupdate.microsoft.com . This is the only reasonably safe way to use Windows.

Alternatively you could stop using Windows but I won't list the alternatives here, because I'm not trying to judge or force something on somebody, rather I just am sick of all the crap these virus-writing thugs are perpetrating on us.

websites also load much faster since theres less crap to load.

Just as a "hear, hear!" thing:

Malwarebyte's Anti-Malware is superb. I highly recommend it to anyone experiencing system trouble. I have had multiple virus and spyware scanners fail to catch malware, but MBAM rarely ever fails to do its job fully.

Also, all the images are still being served up from cache.gawker.com

Time for Gawker to self immolate now that Consumerist is gone?

I hate malware people, why do they do this? People who do this deserve to be punished.