And this also:
http://www.theregister.co.uk/2012/05/17/wikipedia_click_fraud_malware_warning/
On Tuesday 15 May 2012 12:47:13 PM IST, Srikeit wrote:
Thanks! Already spreading the word :)
Regards
On Tue, May 15, 2012 at 1:26 AM, Erik Moeller e...@wikimedia.org
mailto:e...@wikimedia.org wrote:
There are something like 50 blog posts that pingback to ours, so this is
definitely getting some play, particularly in industry blogs.
pb
___
Philippe Beaudette
Director, Community Advocacy
Wikimedia Foundation, Inc.
415-839-6885, x 6643
phili...@wikimedia.org
On Fri, May 18,
Thanks! Already spreading the word :)
Regards
On Tue, May 15, 2012 at 1:26 AM, Erik Moeller e...@wikimedia.org wrote:
We've got an advisory up now:
https://blog.wikimedia.org/2012/05/14/ads-on-wikipedia-your-computer-infected-malware/
Please don't hesitate to respond to tweets complaining
We've got an advisory up now:
https://blog.wikimedia.org/2012/05/14/ads-on-wikipedia-your-computer-infected-malware/
Please don't hesitate to respond to tweets complaining about ads with
a link to this blog post.
--
Erik Möller
VP of Engineering and Product Development, Wikimedia Foundation
On Tue, May 8, 2012 at 10:04 AM, wheredevelsd...@hotmail.com wrote:
I believe Aditya sent one when this thing first cropped up on this list.
Philippe is referring to the page source, not the screenshot.
___
Wikimediaindia-l mailing list
Hi,
I finally got hold of the source that caused this problem. There is an
extension called I Want This in chrome which does this evil work.
As per my investigation, this extension is not installed by the user. Maybe
we should notify Google that extensions are been installed without
permissions.
Thanks Nischyan for locating the js file!
I had a preliminary look, and it is not a 'general ad injector' - it
injects ads only into Mediawiki rendered pages (looks for #mw-panel
div), so I suppose this could be called a malware targeted at
Wikipedia.
I'm unsure of how we can proceed - perhaps
Lovely.
The JS loads this
https://d15gt9gwxw5wu0.cloudfront.net/ssa/175/?zoneid=
Which happens to mention the server...
http://www.rubiconproject.com/
which looks like
https://en.wikipedia.org/wiki/Rubicon_Project
On Tue, May 8, 2012 at 10:19 PM, Nischay Nahata nischay...@gmail.com wrote:
Also mentions ads2srv.com, a quick googling of which shows that it is
used quite extensively in malware.
On Tue, May 8, 2012 at 6:05 PM, John Vandenberg jay...@gmail.com wrote:
Lovely.
The JS loads this
https://d15gt9gwxw5wu0.cloudfront.net/ssa/175/?zoneid=
Which happens to mention the
On Tue, May 8, 2012 at 6:04 PM, Yuvi Panda yuvipa...@gmail.com wrote:
I'm unsure of how we can proceed - perhaps contact amazon and see if
we can take down the cloudfront setup used to serve the ads? But I
think that's us entering into a cat and mouse game with malware
authors...
May be we
On Tue, May 8, 2012 at 10:19 PM, Nischay Nahata nischay...@gmail.com wrote:
Hi,
I finally got hold of the source that caused this problem. There is an
extension called I Want This in chrome which does this evil work.
As per my investigation, this extension is not installed by the user. Maybe
Yuvi, I also recall seeing it in Firefox.
I'll try and get a copy of the source when I visit a Cyber cafe this week..
Only those ads were using this: http://www.conduit.com/
On Tue, May 8, 2012 at 6:22 PM, John Vandenberg jay...@gmail.com wrote:
On Tue, May 8, 2012 at 10:19 PM, Nischay Nahata
Hi folks -
I'm going to pass this along to Tim Starling.
pb
___
Philippe Beaudette
Director, Community Advocacy
Wikimedia Foundation, Inc.
415-839-6885, x 6643
phili...@wikimedia.org
On Tue, May 8, 2012 at 6:54 AM, Srikanth Ramakrishnan
parakara.gh...@gmail.com wrote:
On Mon, May 7, 2012 at 12:56 PM, Debanjan Bandyopadhyay debast...@gmail.com
wrote:
Ok then can we not make the default version the https one like say google
does.
This will not be a permanent solution, I'm afraid.
anirudh
___
Wikimediaindia-l
Hmmm...that maybe true but what else can we do, I mean, Inkfruit has to be
involved somewhere in this right? Think about it, if you were an ad
injecting virus, why would you randomly inject ads that too of inkfruit?
For people who face these ads, are the ads appearing only on wikipedia or
other
What if the malware specifically look for wikipedia browsing? From the user
point of view it can easily fool us thinking that it is not appearing on
any other sites but wikipedia.
On May 7, 2012 1:21 PM, Debanjan Bandyopadhyay debast...@gmail.com
wrote:
Hmmm...that maybe true but what else can
On Mon, May 7, 2012 at 1:21 PM, Debanjan Bandyopadhyay
debast...@gmail.comwrote:
Hmmm...that maybe true but what else can we do, I mean, Inkfruit has to be
involved somewhere in this right? Think about it, if you were an ad
injecting virus, why would you randomly inject ads that too of
The ads don't show up on https, ONLY on http.
It doesn't matter which browser you use, IE or Chrome. I use IE, Opera and
I see no ads, but several cyber cafes I use have these ads EVEN on Firefox,
and Chrome.
Inkfruit, probably doesn't have anything to do with this, I suggest you all
take a good
Hi,
Next time when anyone gets such ad, please take a screenshot and also
view the source of the page and save it.
That source will help find the source of the ads.
HTH
-Sudhanwa
On Mon, May 7, 2012 at 7:45 PM, Srikanth Ramakrishnan
parakara.gh...@gmail.com wrote:
The ads don't show up on
I've been trying to get a copy of that source for months, so please send it
my way as well. :)
___
Philippe Beaudette
Director, Community Advocacy
Wikimedia Foundation, Inc.
415-839-6885, x 6643
phili...@wikimedia.org
On Mon, May 7, 2012 at 10:57 AM, Sudhanwa Jogalekar
I believe Aditya sent one when this thing first cropped up on this list.
From: phili...@wikimedia.org
Date: Mon, 7 May 2012 11:03:02 -0700
To: wikimediaindia-l@lists.wikimedia.org
Subject: Re: [Wikimediaindia-l] Ads Injected into Wikipedia?
I've been trying to get a copy of that source
I think we should now recommend increased use of the secure server
link for browsing wikipedia. Hopefully that will help.
Ashwin
On Sun, May 6, 2012 at 9:46 PM, Srikeit srik...@gmail.com wrote:
A friend of mine found similar ads inserted (screenshot attached). I've
asked her to run malware
It would good to know whether using https instead of http stops the ad
injection. I'm not sure that it will help.
To help find the problem, we need to know what Internet Explorer
add-ons have been installed on their computer.
The screenshot shows that the person is using Chrome so I don't think the
IE point stands here.
The ads also seem to be intermittent, my friend cannot see them anymore.
Usage of https may resolve the problem, but looking for a solution with the
normal Wikipedia may be necessary as several people
srik...@gmail.com
Sender: wikimediaindia-l-boun...@lists.wikimedia.org
Date: Mon, 7 May 2012 08:18:52
To: Wikimedia India Community listwikimediaindia-l@lists.wikimedia.org
Reply-To: Wikimedia India Community list wikimediaindia-l@lists.wikimedia.org
Subject: Re: [Wikimediaindia-l] Ads Injected
Sorry Srikeit! I did assume it was Internet Explorer because I
foolishly didnt believe that Google Chrome allows ad injection!?
apparently it does...
http://stackoverflow.com/questions/9960350/inject-advertisements-in-pages
however they must be clearly marked.
ads must be outside the page's
Hi,
One of my friend also reported seeing Ads of Jabong on Wikipedia. Some
extension in the user's browser is most likely the source of injection for
such Ads. Finding out which extension(s) does this will be in good interest
of everyone.
On Thu, Mar 22, 2012 at 5:51 PM, Swaroop Rao
Hi Nischay,
We're looking into this one. If your friend can spot the extension and
send us relevant code, it would be helpful.
pb
___
Philippe Beaudette
Director, Community Advocacy
Wikimedia Foundation, Inc.
415-839-6885, x 6643
phili...@wikimedia.org
On Tue, May 1, 2012
Hi Philippe,
I would personally try to find out the extension and look into the HTML
code it plays with but that will take a while (I am busy for few days and
we have to see if the Ad shows up again). I will reply back in this thread
as soon as I have something that can help.
On Tue, May 1, 2012
One can also see
http://en.wikipedia.org/wiki/Wikipedia:FAQ/Readers#Why_do_I_see_commercial_ads_at_Wikipedia.3F
for clarification.
Swaroop Rao
(MikeLynch http://en.wikipedia.org/wiki/User:MikeLynch)
On Sun, Mar 11, 2012 at 23:09, Anirudh Bhati anirudh...@gmail.com wrote:
Business Insider
mostprobably adware in his machine. A smiliar report in portugese wikipedia
is here:
Interesting- a virus that injects ads directly into the DOM.
On Sun, Mar 11, 2012 at 19:03, Bala Jeyaraman sodabot...@gmail.com wrote:
mostprobably adware in his machine. A smiliar report in portugese
wikipedia is here:
No, now that you mention him, even a friend of mine in Pune told me that
Wikipedia had started ads, to which I dared him to show me and in fact made
a bet. He failed to show me when I asked him to, so I took it as a singular
even, perhaps, some sort of mistake he made. However, since other people
I just saw that screenshot and remembered, even my friend said, it was by
the same site, inkfruit. Some common issue??
On Sun, Mar 11, 2012 at 8:12 PM, Debanjan Bandyopadhyay debast...@gmail.com
wrote:
No, now that you mention him, even a friend of mine in Pune told me that
Wikipedia had
Definitely Adware/Malware/Spyware/etc.
Notice in the Screenshot, it says Ads Not By This Site.
It should've been a clue.
Do scan your system with a good antivirus [Free or paid doesn't matter].
If your system is infected by anything, your data might be at risk.
--Cheers,
On Sun, Mar 11, 2012 at
I'm not sure Inkfruit is even aware the DOM injection campaign is even
happening. Possibly a rogue advertising agency; or perhaps the writer of
the virus is using a regular ad-network's API. I'll wait for Kashyap to
comment though, he may be able to identify which agency/network is running
that
Could be, but it wouldn't hurt to do a scan of your system and find out if
anything is wrong with it.
On Sun, Mar 11, 2012 at 8:25 PM, Debanjan Bandyopadhyay debast...@gmail.com
wrote:
I'm not the techie here, but I don't think its a malware on a system per
se. Reason being being, two
37 matches
Mail list logo
