CrownBariDad Posted May 6, 2016 Share Posted May 6, 2016 Whenever I access the Forums using MSIE, Norton notifies me of the following threat. This usually happens only the first time I access the Forums. Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description 05/06/2016 11:59:58,High,An intrusion attempt by uitbrullenaanzette.findreview24.com was blocked.,Blocked,No Action Required,Web Attack: Angler Exploit Kit Website,No Action Required,No Action Required,"uitbrullenaanzette.findreview24.com (85.93.93.74, 80)",uitbrullenaanzette.findreview24.com/parWnWVlYG/UjHzbgejh/qUSkxQV-TNzedF/,"MY COMPUTER (MY IP, 24142)",uitbrullenaanzette.findreview24.com (85.93.93.74),"TCP, www-http" Network traffic from <b>uitbrullenaanzette.findreview24.com/parWnWVlYG/UjHzbgejh/qUSkxQV-TNzedF/</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>. I get the following every time I access a page on the Forums. Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description 05/06/2016 12:02:23,High,An intrusion attempt by www.drumcorpsplanet.com was blocked.,Blocked,No Action Required,Web Attack: Malicious Image Request 2,No Action Required,No Action Required,"www.drumcorpsplanet.com (96.30.48.241, 80)","www.drumcorpsplanet.com/dcpadserver/www/delivery/lg.php?bannerid=4&campaignid=4&zoneid=3&loc=http://www.drumcorpsplanet.com/forums/index.php/forum/3-dci-world-class-corps-discussions/&referer=http://www.drumcorpsplanet.com/forums/index.php/topic/164120-trombones-2016/page-13&cb=af3464a223","MY COMPUTER (MY IP, 24388)",www.drumcorpsplanet.com (96.30.48.241),"TCP, www-http" Network traffic from <b>www.drumcorpsplanet.com/dcpadserver/www/delivery/lg.php?bannerid=4&campaignid=4&zoneid=3&loc=http://www.drumcorpsplanet.com/forums/index.php/forum/3-dci-world-class-corps-discussions/&referer=http://www.drumcorpsplanet.com/forums/index.php/topic/164120-trombones-2016/page-13&cb=af3464a223</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>. I think the "Malicious Image Request" has something to do with images in iFrames that Norton doesn't like. I think the "Angler Exploit Kit" is a bit more serious. It seems to only happen with MSIE and not with Chrome even though I'm using the same computer with the same instance of Norton Internet Security running. Any ideas? Quote Link to comment Share on other sites More sharing options...
MikeN Posted May 6, 2016 Share Posted May 6, 2016 DCP got blocked today by my corporate security team as a "compromised website." Sadly, I can't get any other details that that, other than I'm on I.E. 11. I'm guessing something in the Google ads? Mike Quote Link to comment Share on other sites More sharing options...
CrownBariDad Posted May 6, 2016 Author Share Posted May 6, 2016 DCP got blocked today by my corporate security team as a "compromised website." Sadly, I can't get any other details that that, other than I'm on I.E. 11. I'm guessing something in the Google ads? Mike Yep -- my thoughts, too. I noticed this happening a few days ago. Hopefully, someone will supply some answers soon. Quote Link to comment Share on other sites More sharing options...
JohnZ Posted May 6, 2016 Share Posted May 6, 2016 I recall two security issues related to the Google Ads: one or two where there was a problematic ad that could be identified and blocked, and several where the ads were related to the member's web browsing activities which was beyond our control. the code above might be helpful, but - and it is a long shot - if it happens again and you can get a screenshot of the advertisement on the page at the time of the error, that would be great. We'll take a look . Quote Link to comment Share on other sites More sharing options...
CrownBariDad Posted May 7, 2016 Author Share Posted May 7, 2016 I'll see what I can do. Thanks! Quote Link to comment Share on other sites More sharing options...
CrownBariDad Posted May 10, 2016 Author Share Posted May 10, 2016 Here are some screenshots of the issue. I noticed it occurs just about anywhere there are banner ads. Here's one from the news page. It also showed the same Norton popup, but I wasn't quick enough to capture it. It was the same error. I did find it ironic that on one of the pages showing the error was an ad from Symantec (Norton's parent company). Please let me know if you have any questions or need more information. Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.