www.alltagcloud.info and webcam bait

[Coaster]

ok, so along with the back button issue i keep getting hung up on www.alltagcloud.info for minutes when loading this site. i did some investigating in my logs and it appears harmony central is employing www.alltagcloud.info as well as something called "webcam bait" and a host of other items that sound less than scrupulous.

 

i'll add all these items to peerblocker along with the currently existing host of others this forum attempts to load, but really unless harmony central has been hacked by malware then i am quite disappointed that this site would choose to employ such trashy measures.

 

i eagerly await an official response, but rather i am sure i will be met with a host of finger pointing and name calling about conspiracy theories instead.

 

its quite easy to see what sites attempt to load, and some of it is quite appalling.

[Philter]

I got hung on alltagcloud.info myself (couldn't get harmony central to load because of it), so I dropped the entire domain into adblock. Farewell, whatever it was.

[stomias]

encountered this too this AM.............. WTF

[Anderton]

Yes, Jon Chappell noticed this too, and has alerted the IT people to find out what's going on. It's news to us.

 

FWIW we have been DELUGED by spam posts. You don't see them because they enter the queue as moderated posts, meaning they've already been flagged by others as spam. For example, I just killed about 40 of them in the Yamaha stage piano pro review - they've been hitting the pro reviews particularly hard. Maybe there's a correlation.

[Coaster]

it doesnt seem to be doing it anymore at least right now. i am thrilled that HC did not do this intentionally.

 

it is too bad there are people that do these things in this world, i guess there will always be selfish people who put themselves before others and make poor choices.

[MikeRivers]

Huh? What are you guys talking about? I know what spam is, but what's this alltagcloud.info and webcam bait? I haven't noticed any recent changes in the way I read and post here.

[blue2blue]

 

Huh? What are you guys talking about? I know what spam is, but what's this alltagcloud.info and webcam bait? I haven't noticed any recent changes in the way I read and post here.

Yeah... I hadn't had any problems when I saw this post and investigated a little farther (there's another post in the amp forum, I think, on the same topic) but not long after, I did have all my attempts to access HC hang for a brief period.

 

I have no idea if the call in the page code to a php script on that alltagcloud.info server is a normal part of this BB code implementation or if it was the result of a SQL injection or other hack, but I have certainly heard of malware hacks that have calls to scripts on offsite servers with 'innocent' sounding names like icons.php.

 

(I also posted in the HC 'back office' forum about this topic so the PTB should be in the loop.)

[Jon Chappell]

 

(I also posted in the HC 'back office' forum about this topic so the PTB should be in the loop.)

 

 

We are investigating as we speak--checking the logs, etc. We have had an inordinate amount of spam coming in lately, and we don't know if this unusual behavior was related (and malicious) or not yet. But though the problem has apparently ceased, we are still tracing it.

[Jeff da Weasel]

 

Huh? What are you guys talking about? I know what spam is, but what's this alltagcloud.info and webcam bait? I haven't noticed any recent changes in the way I read and post here.

 

 

Mike, after you load a page here, take a look at your Activity window in your browser. These are bits of code that are coming in with each page view. Hard to know exactly what they're doing.

[blue2blue]

DO NOT go to the URL in that snippet of code.

[Coaster]

DO NOT go to the URL in that snippet of code.

 

oh that makes me really want to go there . did you go there?

[MikeRivers]

 

Mike, after you load a page here, take a look at your Activity window in your browser. These are bits of code that are coming in with each page view. Hard to know exactly what they're doing.

 

 

You're way ahead of me. I didn't know my browser (Firefox) even had an Activity window. Is that the progress bar at the bottom of the browser window that indicates when there's data still being loaded? I occasionally see that light up after I see enough of the page to start reading, but I just figured that was dynamic or animated ads doing their thing. I've never been aware that there was any code or links that I could see there.

 

Guess I'll just keep my head in the sand about this one.

[blue2blue]

oh that makes me really want to go there . did you go there?

Yes, I did, and, though I didn't stick around any longer than enough to figure out its a traditional malware vector (pron), I did run a malware scan after I got done. (Clean. But I'm all patched up and my security is notched up pretty good. I didn't expect anything. Others might not be so lucky.) Anyhow, suffice it to say, that it's a bit of code that has no place in this BB. I've further updated the powers that be on its nature.

[blue2blue]

You're way ahead of me. I didn't know my browser (Firefox) even had an Activity window. Is that the progress bar at the bottom of the browser window that indicates when there's data still being loaded? I occasionally see that light up after I see enough of the page to start reading, but I just figured that was dynamic or animated ads doing their thing. I've never been aware that there was any code or links that I could see there. Guess I'll just keep my head in the sand about this one.

Don't feel bad on that one, Mike. I didn't either. And I scoured Firefox, Chrome, and Safari. There is a 'media' window in the FF CP interface that shows various media components that load with a page, and similar features in the others, I think. Maybe the weasly one is running a diagnostic plugin?

[Jeff da Weasel]

 

Guess I'll just keep my head in the sand about this one.

 

 

It's probably nothing you need be concerned with, Mike. Coaster did the right thing in letting the admins know, and they're on it.

 

The long story short & simple: a web page is a bunch of code that gets interpreted by your browser to display in some graphic format you can see on your screen. However, there can be other sections of code that you do not see doing various things. Mostly it's good stuff, like allowing a menu to drop down so you can navigate around a site. But sometimes, it's malicious code that does things like tracking your movements around the Internet away from the site you're on, or trying to access your computer's data, and so on. Often, it's just advertising code that tries to serve you ads in various ways. Have you ever gone to another site and seen ads for something you were looking at on a different page? That's how those work.

 

How would code like that get into a benign site like Harmony Central? It could have been added unknowingly to a banner ad that is served at the top of this page, for example. Or someone could have hacked HC specifically to leave this code there.

 

In any case, the admins should be able to trace its origin. I am seeing it right now in Safari using the Activity menu (I'm not sure of the FireFox equivalent). But the suspect code is built right into the source code of the page. Looks like this...

 

 

 

 

 

 

So, I'm sure they'll figure out what the deal is. Chances are we don't need to worry about coming here and being infected... hopefully.

[MikeRivers]

Thanks for the further info. I guess if there's something that needs to be taken care of on the HC end, it will happen eventually. I'm concerned about the kind of malware that steals my passwords but not really about what tracks where I go. It's stuff like that which makes access to the useful information free, so let 'em know that I'm not going to their ads. I don't care.

[Jeff da Weasel]

I'm concerned about the kind of malware that steals my passwords but not really about what tracks where I go.

 

Most of us feel the same. The problem is that there's really no way of knowing from just a glance at the code what it's actually doing. Anyway, Craig and Jon and gang seem to be on top of it.

[Coaster]

i'm glad this is working out for the best. i am also glad my faith in HC is restored, and faith is not something i have much of these days. it has become really difficult to see who "the bad people" are anymore, and i am a little ashamed that i thought HC was likely employing these measures rather than having been hacked.

 

its real hard to tell who to trust anymore, and that is just sad.

[blue2blue]

The most important thing you can do to stay safe -- no matter what OS/platform you're on -- is to make sure your OS and web-accessing apps (that includes browsers, of course, but also media players and other programs that can access the web) are properly up-to-date and the OS firewalls are properly implemented.

 

Update support on the Windows side goes back to XP.* With OS X, updates are more restrictive, but Apple supports the latest OS X version with daily updates when necessary (as it was during the height of the Mac Defender problem).

 

I, personally, do not run background resident anti-malware programs because they tend to miss the latest threats but also, crucially, because they tend to suck down an enormous amount of resources while running in background. However, they can provide some extra protection in some cases, particularly in the case of things like email scanning (for those of you who just can't pass by an email attachment from a stranger without opening it or clicking those 'suspicious links.' )

 

I do, from time to time, use on-demand scans from outfits like Trend Micro's House Call or MS' Malware Removal Tool and some of their other services -- and I make sure to have a copy of MalwareBytes Anti-Malware on my machine. (If you do get a successful intrusion, many malwares will try to block your access to Trend Micro, Windows Update/Malware Removal, and anti-malawre sites like MalwareBytes.)

 

 

*MS continues to provide security patches to XP (introduced in 2001) but Vista and Win 7 have architectural features that make them more secure still. In fact, no less an authority than MacWorld said a few months ago that, "Windows 7 is actually more secure than OS X." http://www.macworld.com/article/160098/2011/05/macdefender.html