What's new

***** Malware Alert: Phishing ads on this website! *****

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@OzarkEdge Again, what "new owner" are you referring to?

At the time, I said 'new owner'... I thought this site changed hands when it started hosting crappy ads on top of content... that you were continuing as one of the moderators. I don't keep track of your affairs... I'm reporting about this site... for all I know ASUS owns or sponsors this site. You then informed me that you are the owner and that I should report to you. Well, you got my report just about as soon as I realized what was happening... this site is hosting malvertising. I felt the community should know asap.

I've heard back from my ad provider.

Edit to add: The malvertising seemed to stop after the initial commotion of this thread... perhaps after you alerted your ad provider as if they turned it OFF. I don't necessarily mean they are the culprit, but I can imagine them deciding to take a particular 'ad source' offline/out of the mix... one they know to consider or have concerns abouts... one of their shadier dealings. My feeling in response to events.

OE
 
Last edited:
I wrote my post because your post specifically quoted "Mr. SmallNetBuilder no more...", and also because you referred to "your website" - people tend to refer to forums as "these forums" rather than as a website. Just making sure everyone were discussing the same thing.

I was ticked off about being counseled how to report malvertising on this website, so I replied formally to the name and title that was in front of me as I replied... even included a colon.

Now I'm being counseled on how to refer to this website.

OE
 
Here is further information from my ad provider. I have been working with this company for many years and they have no “shady” dealings.

Hi Tim,

I want to give you the most direct answer possible, but it is a bit more nuanced than "yes" or "no" so bear with me.

SNBforums currently runs "adhesion" or "anchor" units, which some people think are popups. Adhesion/Anchor units stick to the bottom of the page as users scroll. They are also known as "sticky" ads. Here's some random demo page unrelated to us, look at "sticky" ads. (https://clickio.com/ad_formats/)
Some users who see adhesion/sticky/anchor ads will call them "popups", but officially they are not popups. It's not just semantics, popups are an entirely different category of ad, but adhesions/sticky ads do "look" like popups to some users.
Real "popups" are not being run on snbforums, but bad actors might try to have popups inserted into legitimate ads. We call this malvertising. It is not intended, and we do not want it at all. Users are right to point it out when they see it.
I think its best if the user can give a bigger screenshot showing more of the screen so I can determine if its an ad unit that should be showing up.

from the sound of it though this is malvertising.

About anti-malvertising efforts:

We pay for real time ad monitoring of malvertising and bad actor ads. This works by scanning every single ad as it is deployed, and blocking any that have malvertising signatures. It's like a realtime virus scanner. No work is required on yours, mine, or the visitors' part for it to work and it blocks almost all malvertising.
Sometimes, malvertising breaks through the scanner. The scanner service has tools that automatically detect this and mitigates those after the fact. So what happens is there are some popups that might show up for a few minutes and then suddenly disappear when the scanner figures out it is malvertising.
A third layer of protection is that the malvertising scanner is aggregating data across its entire client base. So if another site is experiencing malvertising and that gets mitigated on that site, then if the malvertising tries to roam to your site it is already blocked right away because the signature is already known
A fourth layer of protection is that the service has engineers that manually identitfy and block signatures. This is a bit of a whackamole.
Finally, the last layer, if malvertising gets through, is to ask the person who sees it all the questions I gave in the last email, and then we forward that to the engineers, and the will try to reproduce and block that bad actor.
Once we get that information we'll ask their team to do a deep dive, and after that we'll also see whether any additional steps are needed.
 
Here is further information from my ad provider. I have been working with this company for many years and they have no “shady” dealings.

Yeah, it's malvertising on your website... good luck with it.

OE
 
From my MS Edge History page showing 8 malvertising phishing attempts by *secured* while browsing here (Edge Search added the yellow highlighting):

1733510121382.png


OE
 
Last edited:
One day, someone will invent a tool to block unwanted ads on websites.

Here we go again... blame the victim. :rolleyes:

The owner of this website wants ads. I honor that whether I like it or not.

OE
 
The owner of this website wants ads. I honor that whether I like it or not.
You did the honorable thing for the longest time, I’m sure. You’re a better visitor than me. But you’ve been burned and you should put your shields up until the investigation is over.
 
You did the honorable thing for the longest time, I’m sure. You’re a better visitor than me. But you’ve been burned and you should put your shields up until the investigation is over.

Good advice! If malvertising is the new thing, I'll have to to protect my users. I had never seen it before.

OE
 
Just got another one, 7:29PM CST.

1733534984277.png


Crappy ads, crappy website.

OE
 
Anyone else seeing this while browsing this forum logged in... it pops up and smells like an ad...

All due respect to @thiggins - this is why I block ads....

I get it, constant battle, etc - the adsevers are low hanging fruit for hacking with a broad target on the other side...
 
All due respect to @thiggins - this is why I block ads....

I get it, constant battle, etc - the adsevers are low hanging fruit for hacking with a broad target on the other side...

Yeah, but... I've been regular here since 2018... 6.5 years and no malvertisng until now. Edit: Let me restate that... I've been on the public Internet since the '90s... no malvertising until here and now.

Sure, ads can be blocked but that does not solve the problem. This site will die quickly if malvertising is its new norm.

OE
 
Last edited:
Yeah, but... I've been regular here since 2018... 6.5 years and no malvertisng until now.

Sure, ads can be blocked but that does not solve the problem. This site will die quickly if malvertising is its new norm.

Ad Servers have been low-hanging fruit for a long time - it's not @thiggins job to police them once they contracted...

@OzarkEdge - it's noble to not block ads I suppose, but I think you're in the minority here...

There are ad-blockers that have a threshold - Ghostery is a good example of allowing a subset of allowable ads from trusted providers...


Would be nice to find a middle ground at some point...
 
I run uBlock Origin and SNB Forums is included form about a year.
 
From my MS Edge History page showing 8 malvertising phishing attempts by *secured* while browsing here (Edge Search added the yellow highlighting):

View attachment 62838

OE
Who is even using MS Edge in these days ?
MS Edge has always been a target of malware and even Firefox is better in these days.

I run uBlock Origin and SNB Forums is included form about a year.
Using uBlock Orgin since years now with Firefox, best AdBlocker also included in the Mullvad Browser wich is free 👍
 
They all seem to be from the same site. More info on that particular case:


That link is already in post5 above.

It feels like this malvertising came in with a particularly basic crop of ads. And I've posted previously about the ads here then that disrespect women. (Merry Christmas, @L&LD!) Collectively, I've been referring to these ads as crappy... they are distasteful ads which I don't see on every website, now with phishing malware.

This site needs a sticky post instructing every visitor how to protect themselves from it. A sad state of affairs.

OE
 
Last edited:
Who is even using MS Edge in these days ?

Windows users. The malvertising is not in Edge; it's being hosted on this website through its ads. ASUS is as much to blame here as anyone... they sponsor and use this website and Asuswrt-Merlin to support and aid their business. Think about it.

OE
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top