62 replies to this topic

[BakaBaka11]

Wonder if its the same thing that happened to me months ago.

[1Suspect]

[Equips-Tin-Foil-Hat]

 

Although impossible to prove, it's plausible that this was orchestrated by the people in charge of the recent Japanese anti-piracy push; Likely out of frustration due to their inability to do anything.

 

[/Unequips-Tin-Foil-Hat]

[Tgirl]

I'm one of the MT victims, but that site had a very old unused password so I think I'm fine. I changed my passwords right after that event anyways.  ....   Oh gosh.  This was quite a small scare. D:   The flashback of the MT hack is still fresh in my mind. 

 

I have a good anti-malware program so I will run my phone and computer through them just to be safe. (But Grumpy says this is a fairly new malware so....., maybe, that won't really help..?) 

 

Thanks for keeping us updated on this.  

[Ookami-San]

According to avgthreatlabs.com this website was infected with NeoSploit Exploit Kit.

 

http://www.avgthreatlabs.com/website-safety-reports/domain/batoto.net/#analytics

[Tsukumo Yuma]

Does virus infect the computers of people who have been on this site?

[Kannade]

I cleaned out the infection, but later decided to nuke the entire skin as there may be more lingering pieces.

[...]
 
I've been scouring the logs for last few hours...

Dang you work too hard grumpy senpai, I would have just scrapped the entire site and then I would have pretended babobo never existed #lazy

[Sir Flash™]

Just to be safe I will turn my ad-guard back on for this site...

[samo]

Will the deluxe skin be put back again at some point??? cause i really liked it.

[Bogo]

so I guess im safe (?) used Sylo skin and bookmark  

Edited by Bogo, 21 August 2014 - 10:29 PM.

[ragamuphin]

Just wanna say I was using Blood skin/theme and my chrome is set to open to last open tabs. When I opened chrome and had a tab open to batoto it started downloading something. The first time I cancelled it, the file was called 12. The second time it was called 7 and i couldn't stop it. It was a small "file" not an application or picture. I scrubbed my computer clean but I'm not sure it's gone. This happened like two days ago.

Edited by ragamuphin, 21 August 2014 - 11:18 PM.

[Tsukumo Yuma]

For the past few days untill today, evertime I went to this site, it said something about...

Chrome would like to gain access to you confedential infromation, by pressing ok you agree to let chrome use this information to *something i dont remember* please click ok.
I press cancel.

I tried going to the site through fire fox, a bunch of adds popped up as soon as I went to the site, and that computer has been acting buggy ever since.

PS. I am not using it now, it is to buggy, and I don't want whatever it is that's doing that to get my passwords.

A bunch of anime and manga sites, even nico nico dougas american branch has been hit with malware and hacking, it is going on all over the net recently.

Edited by Tsukumo Yuma, 22 August 2014 - 12:20 AM.

[Grumpy]

I got the message when visiting directly from chrome or firefox.

 

So do I have to worry about having been infected or not grumpy? (because like I said, I ignored the warning on chrome to visit before you fixed the issue) It seems from what you said, no, but I want to make sure.

Everyone gets that message independent of the virus actually being present. It's a warning that it might be there placed by Google.

 

Wonder if its the same thing that happened to me months ago.

...What happened months ago? We never had any similar issue in the past.

 

[Equips-Tin-Foil-Hat]

 

Although impossible to prove, it's plausible that this was orchestrated by the people in charge of the recent Japanese anti-piracy push; Likely out of frustration due to their inability to do anything.

 

[/Unequips-Tin-Foil-Hat]

Uh... no. All they would have to do is send an email. Sounds a lot easier than hacking a site.

 

According to avgthreatlabs.com this website was infected with NeoSploit Exploit Kit.

 

http://www.avgthreatlabs.com/website-safety-reports/domain/batoto.net/#analytics

That's interesting that avg saw something... But that virus description is so vague that it practically applies to any kind of js injections...

 

Does virus infect the computers of people who have been on this site?

I believe that is the intent.

 

Just to be safe I will turn my ad-guard back on for this site...

Ad block/guard is unrelated to this issue. It won't protect you by using it, nor affect it in anyway unless you manually add the bad site url into its rules. This is not caused by the ads.

 

Will the deluxe skin be put back again at some point??? cause i really liked it.

If it does... I'll have to reinstall completely.

 

Just wanna say I was using Blood skin/theme and my chrome is set to open to last open tabs. When I opened chrome and had a tab open to batoto it started downloading something. The first time I cancelled it, the file was called 12. The second time it was called 7 and i couldn't stop it. It was a small "file" not an application or picture. I scrubbed my computer clean but I'm not sure it's gone. This happened like two days ago.

Hmm... That shows a virus-like behavior. But the days don't line up...

 

For the past few days untill today, evertime I went to this site, it said something about...

Chrome would like to gain access to you confedential infromation, by pressing ok you agree to let chrome use this information to *something i dont remember* please click ok.
I press cancel.

I tried going to the site through fire fox, a bunch of adds popped up as soon as I went to the site, and that computer has been acting buggy ever since.

PS. I am not using it now, it is to buggy, and I don't want whatever it is that's doing that to get my passwords.

A bunch of anime and manga sites, even nico nico dougas american branch has been hit with malware and hacking, it is going on all over the net recently.

I have never heard of such behavior until now. I would also suggest you to run a full virus scan on your computer.

If you are talking about the java install malware that was infecting large number of ad networks (also ones we don't use), it has been resolved for us already, and has been a while since it has.

[Tsukumo Yuma]

I am not talking about that virus, I am talking about a newer one going around.
And I did run a full virus scan, but it picked up nothing at all, all the files, aplications, and the browsers, they all came back saying they were clean.

I googled the problem, and other viruses, I found something about a virus that is one going around that was barelly detected by only one virus scan software, but no way to get rid of it.

As I said, there have been large scale malware and hackings going on even within just this week.

Edited by Tsukumo Yuma, 22 August 2014 - 12:59 AM.

[Grumpy]

Well... a rather strange development in google safe browsing...

http://www.google.com/safebrowsing/diagnostic?site=chinkoki.com/

Listing that site as no longer suspicious when that is the site which was injecting the virus on us...

[sidzero]

I like this skin better anyway.

[ragamuphin]

 

Hmm... That shows a virus-like behavior. But the days don't line up...

 

I don't remember the exact days.I believe the first time it happened 3-5 days ago, and the next time it was 2-4 days ago. It started downloading with no prompt, managed to stop the first from finishing,etc.

[Sogno-]

Thanks for the tldr; helps out us computer noobs

[keane14]

Does having notscript(chrome version of noscript), http switch board and ublock mean that I'm safe from this?

[Last Phantom]

Wait, so the malware can get through IE? Damn... Chrome completely blocked me out of Batoto, so I used IE to get past...

...

Time to fire up the old Norton... I hate Norton.

[themis]

I don't know if this has anything to do with it, and I will freely admit not reading all the previous posts... but last week Every title page of kuroshituji was directing me to update my viewer. It would auto roll to the ad page if you didnt click over to the next page fast enough. It hasnt happened this week, but then again I'm UTD on that series now.

 

Oh yeah I was on Firefox at the time.

Edited by themis, 22 August 2014 - 03:42 AM.