Possible malware via ads

I just saw this screen pop-up in place of my chess.com "home page":

https://eichuartfulhome.net/4571227591819/22329b45285411e07653498f24720820/67293708ad57f5a7f0ec0a4255abfd8b.html

It is possible that came from somewhere else. You may want to run a malware scan.

That said, you can also open a ticket so staff can check things.

https://support.chess.com/customer/portal/emails/new

No, it definitely came from the chess.com ad rotation server. I was sitting at my computer looking at my current chess game, and the chess.com window was replaced by that web page.

I use both Malwarebytes.com and Webroot SecureAnyWhere for real time / active protection for all the computers on my network.

 Just for grins, I ran scans for both programs. After 2 minutes, no threats found.

Same graphic warning page showed up this morning, but from a different web page. I could see my home page on chess.com refreshing with "Your Move", then I got this

https://nuriuek-online.net/5441227591819/80e5b6de3cba2c80092fec62fb53ba8e/9dab36abff2f63756f078ae5f41ef43b.html

When i hover the mouse over the button, the hyperlink points to some javascript:

https://nuriuek-online.net/5441227591819/1490186841436089/firefox-update.js

I downloaded the javascript, but could not make heads or tails of it.

You might also try clearing your cache. Did you open a ticket about it?

 Martin; I can't find it now but, didn't the site have a policy some time back that if you found a legitimate flaw, they would give you a diamond account for 1 yr?

Probably not from chess.com as this Google search turned up a lot of info about this or similar issues. Sounds like a browser hijacker that has been around for a while.

https://www.google.com/search?q=critical+firefox+update+malware&oq=critical+firefox+updatde&aqs=chrome.4.69i57j0l5.8419j0j7&sourceid=chrome&ie=UTF-8

If it was just from chess.com I don't think all these people would be ahving it.

But as @Martin_Stahl said, you can open a  ticket.

I found a discussion about this particular "fake update" at the main Firefox site:

https://support.mozilla.org/t5/Problems-with-add-ons-plugins-or/I-found-a-fake-Firefox-update/ta-p/37696

I am sending a note to support right now .

It was most likely part of a bad ad. It may or may not be related to one from this site, that is why I suggested opening a ticket.

The cache suggestion was to make sure a cached version of the script is not being triggered.

@RonaldJosephCote I don't know if that is still the offer but I guess it might be, if you can point to the ad that causes it.

https://www.chess.com/forum/view/community/reward-earn-diamond-membership-by-finding-and-reporting-bad-ads

That's the one thank you.  (Jesus, I must be getting old, why can't I find things anymore?)

There is a new Firefox version out (52.0.1) dealing with a critical vulnerability that was the result of the Pwn2Own contest. But you SHOULD get the update directly from Mozilla.

https://www.mozilla.org/en-US/firefox/all/

I do get the routine Firefox updates - almost every week.

As a general interest item, I just watched a podcast which included a short discussion about misbehaving ads. Discussion starts at about the 1 hr, 49 min mark and ends at about 2 hr, 3 min. To download the podcast, click on the "Download Options" button.

https://www.twit.tv/shows/security-now/episodes/604?autostart=false#download-options

The article that prompted the discussion is:

https://medium.com/@stevecoug/how-to-fix-the-problem-with-malicious-and-misbehaving-ads-6c175df055ff#.c9yeipamo

I must be the ONLY one getting these ads delivered through my chess.com page. A different one appeared after dinner today:

After dinner?  What did you eat? (It might be relevant, believe it or not.)

I keep sending notifications to the chess.com folks (via HELP), but they are not able to track down the source of the problem.

One fact is clear - Chess.com management is NOT going to protect you from malvertising attacks. There are at least two solutions to the problem - One recommended by management (upgrade to not see ads), and one that they never mention. :)