WARNING: Chess.com has a malware-redirect script in it's ads! This is very serious!

WindowsEnthusiast
WindowsEnthusiast
Jan 21, 2010, 4:14 PM |
14

Chess.com (unwittingly presumably) is hosting a script that redirects your Chess.com page request to a malware server!

This malware is a variant of MS Antivirus, for more info go to http://en.wikipedia.org/wiki/MS_Antivirus (here it shows up as System Security, but it is still the same)

The malware affects ALL users of Windows. Allowing the page to load triggers the following: 1.A scripted window appears saying that you have malware on your computer and you need to scan now.

2.No matter whether you click Cancel, OK, or simply close the window, you are directed to this page that has an appearance that resembles the Windows XP My Computer interface but is adapted for "anti-virus."

3.It "scans" your computer and says you have malware. It then tries to scare you into getting the "full version" that is a malware download link.

4.If you try to click Back or navigate away from the page, you will get another popup (scripted window) that says you are still infected and begs for you to stay on the page (and to allow the infection).

5.If you just do nothing, a fake window (which is really embedded in the page HTML) appears for you to try to download. It tries to woo you into downloading. If you click ANY part of that window you will get the malware.

I have verified it is malware.

The best prevention would be to block the website from loading.

Like the Lasker Trap and the Kienner Trap in chess it is very easy to fall for since it looks very authentic.

Typically (according to Wikipedia) this software evades most security software and edits your Windows registry to make it start immediately upon system boot-up. It even disables AVG and McAfee.

The unscrupulous website hosting this page is a-ntyvirusonline.net.

I was on a public library computer when this happened. It has happened for like three times now.

erik, look for any script on Chess.com's HTML pages containing the server name (or it's IP address).

Chess.com should know better than to not watch it's ads.