I have confirmed archive.ph, which archive.today redirects to, has malicious code which attempts to spam gyrovague.com with requests.
-
I have confirmed archive.ph, which archive.today redirects to, has malicious code which attempts to spam gyrovague.com with requests. The code I independently verified matches the code in the Hacker News post.
Behind CloudFlare:
https://tria.ge/260116-d3jafadj81/behavioral1Do not use archive.today, archive.is, and archive.ph. By accessing these websites, you are donating your bandwidth to a botnet of unknown origin and purpose.
Original source:
https://social.coop/@eb/115902323900229756An emergency update to the Malicious Website Blocklist has been made to counter this threat. An emergency update is currently in the works to fix the emergency update as it is in the wrong place (I want to link to this toot in the update, so waiting to commit until I post).
@iampytest1 Did you report that to Google Safe Browsing?
Given the fact it's enabled to default in most browsers, it those sites gets blocked there, they would effectively be blocked Internet-wide (almost same as domain seize).
UPD: I reported those domains as well. -
I have confirmed archive.ph, which archive.today redirects to, has malicious code which attempts to spam gyrovague.com with requests. The code I independently verified matches the code in the Hacker News post.
Behind CloudFlare:
https://tria.ge/260116-d3jafadj81/behavioral1Do not use archive.today, archive.is, and archive.ph. By accessing these websites, you are donating your bandwidth to a botnet of unknown origin and purpose.
Original source:
https://social.coop/@eb/115902323900229756An emergency update to the Malicious Website Blocklist has been made to counter this threat. An emergency update is currently in the works to fix the emergency update as it is in the wrong place (I want to link to this toot in the update, so waiting to commit until I post).
I'm a bit concerned. Last night before I shut down my computer, and this morning when I turned it on, a popup from archive dot today appeared on my screen. I have no idea where it came from, but I didn't open it. Should I be worried or not?? I've used archive dot is many times in the past.
-
I'm a bit concerned. Last night before I shut down my computer, and this morning when I turned it on, a popup from archive dot today appeared on my screen. I have no idea where it came from, but I didn't open it. Should I be worried or not?? I've used archive dot is many times in the past.
@Bette what kind of popup?
The malicious code on archive[.]today runs within your browser; it doesn't infect your computer with malware.
-
@Bette what kind of popup?
The malicious code on archive[.]today runs within your browser; it doesn't infect your computer with malware.
It's not like a regular pop up. It goes from the top of the screen to the bottom and is centered on the screen and at least five inches wide. It encourages me to visit archive today.
-
It's not like a regular pop up. It goes from the top of the screen to the bottom and is centered on the screen and at least five inches wide. It encourages me to visit archive today.
@Bette that is very strange. I'm not sure what that is.
Would you mind taking a screenshot of it? -
@iampytest1 honestly a pretty reasonable response to a doxing attempt
@whitequark@social.treehouse.systems @iampytest1@infosec.exchange yeah I'm honestly a bit confused by the audacity to just put that out there for no reason
doesn't excuse this of course, but damn -
@Bette that is very strange. I'm not sure what that is.
Would you mind taking a screenshot of it?The next time it happens, sure. I quit my browser and opened it again, hoping to be able to do that, but it failed to appear (of course). It was a stand-alone, btw, it was the only thing on the screen, the browser wasn't open yet.
-
@iampytest1 what's the Malicious Website Blocklist?
@kitten It is a small blocklist I created and maintain of malware, phishing, scams, and other threats.
https://github.com/iam-py-test/my_filters_001/blob/main/antimalware.txt
-
@iampytest1 Did you report that to Google Safe Browsing?
Given the fact it's enabled to default in most browsers, it those sites gets blocked there, they would effectively be blocked Internet-wide (almost same as domain seize).
UPD: I reported those domains as well.@tapafon I did not, but I did inform the maintainers of some very popular ad-blocking lists, and one (AdGuard) has added a filter to protect their users.
-
N nocci@punk.cyber77.de shared this topic
-
@creaturr Both of them have the malicious script.
-
The next time it happens, sure. I quit my browser and opened it again, hoping to be able to do that, but it failed to appear (of course). It was a stand-alone, btw, it was the only thing on the screen, the browser wasn't open yet.
Do you have this browser extension installed?
https://addons.mozilla.org/en-US/firefox/addon/archive-page/
It received an update in the last couple of days and it probably opens a changelog when your browser gets around to updating it.
-
Do you have this browser extension installed?
https://addons.mozilla.org/en-US/firefox/addon/archive-page/
It received an update in the last couple of days and it probably opens a changelog when your browser gets around to updating it.
Ding, ding, ding! That seems to be the case. I'll be turning that off now. Thank you so much!!
-
I have confirmed archive.ph, which archive.today redirects to, has malicious code which attempts to spam gyrovague.com with requests. The code I independently verified matches the code in the Hacker News post.
Behind CloudFlare:
https://tria.ge/260116-d3jafadj81/behavioral1Do not use archive.today, archive.is, and archive.ph. By accessing these websites, you are donating your bandwidth to a botnet of unknown origin and purpose.
Original source:
https://social.coop/@eb/115902323900229756An emergency update to the Malicious Website Blocklist has been made to counter this threat. An emergency update is currently in the works to fix the emergency update as it is in the wrong place (I want to link to this toot in the update, so waiting to commit until I post).
As someone pointed out in the comments, this is not limited to archive[.]ph. Other archive.today domains have the malicious code.
I don't want to update the initial post as that will send a ping to every single person who liked or boosted it. -
As someone pointed out in the comments, this is not limited to archive[.]ph. Other archive.today domains have the malicious code.
I don't want to update the initial post as that will send a ping to every single person who liked or boosted it.@iampytest1 I do like the update/toot-edit pings
you're doin' just fine 
-
I have confirmed archive.ph, which archive.today redirects to, has malicious code which attempts to spam gyrovague.com with requests. The code I independently verified matches the code in the Hacker News post.
Behind CloudFlare:
https://tria.ge/260116-d3jafadj81/behavioral1Do not use archive.today, archive.is, and archive.ph. By accessing these websites, you are donating your bandwidth to a botnet of unknown origin and purpose.
Original source:
https://social.coop/@eb/115902323900229756An emergency update to the Malicious Website Blocklist has been made to counter this threat. An emergency update is currently in the works to fix the emergency update as it is in the wrong place (I want to link to this toot in the update, so waiting to commit until I post).
@iampytest1 Is the malicious traffic being triggered from JavaScript or CSS? Something else?
-
@iampytest1 Is the malicious traffic being triggered from JavaScript or CSS? Something else?
@lufthans JavaScript.
The code is here: https://social.coop/@eb/115902412468711646 -
I have confirmed archive.ph, which archive.today redirects to, has malicious code which attempts to spam gyrovague.com with requests. The code I independently verified matches the code in the Hacker News post.
Behind CloudFlare:
https://tria.ge/260116-d3jafadj81/behavioral1Do not use archive.today, archive.is, and archive.ph. By accessing these websites, you are donating your bandwidth to a botnet of unknown origin and purpose.
Original source:
https://social.coop/@eb/115902323900229756An emergency update to the Malicious Website Blocklist has been made to counter this threat. An emergency update is currently in the works to fix the emergency update as it is in the wrong place (I want to link to this toot in the update, so waiting to commit until I post).
@iampytest1 I have never trusted the archive.* sites. Too much weirdness involving high entropy DNS queries and both mail[.]ru and google scripts when I looked into it. But nothing like this in the past.
-
S skorpy@chaos.social shared this topic
