Banner on webpage

davehc · Apr 14, 2016

Did anyone get this today? I'm suspicious. It doesn't come up in the normal update window.

It is, of course, in Edge.

Mike · Apr 16, 2016

davehc said:
My conclusion is that it is probably harmless. But someone (a member) has definitely hacked into the site to plant the script.

Hello. I am currently in a moving process. There is no hacking going on. I added the script (two actually) to notify you when your browser is out of date. This was done quite awhile ago, to ensure compatibility for people using IE6 and IE7 as well as outdated versions of other browsers.

kemical · Apr 14, 2016

Hmm I just looked and nothing there for moi..

bochane · Apr 14, 2016

davehc said:
Did anyone get this today? I'm suspicious. It doesn't come up in the normal update window.

View attachment 32251 It is, of course, in Edge.

Yes I saw it too. It must be malware.
Where does it come from? Nothing has been installed.
Where can it hide in Edge?

kemical · Apr 14, 2016

Henk's right, it's malware:

I just ran Malwarebytes Pro and nada, nothing... Time to investigate!

kemical · Apr 14, 2016

I just noticed that the banner only appears when you come to this website. If I then click another link the banner disappears. Is anyone else seeing the same thing or am I going nuts?

davehc · Apr 14, 2016

Me too

I don't think it is a virus, as such, but probably spam or a Trojan. (Still troublesome)
But when I first saw it, I X'" it. It didn't come back.

bochane · Apr 14, 2016

It looks like it disappeared. Has somebody found something?

Has this webpage been infected?

kemical · Apr 14, 2016

I did send a pm to Mike about it but whether the change is down to something he's done I'm unsure?

Neemobeer · Apr 14, 2016

Well its a Javascript widget located at the bottom of the main page.
Here's the source

HTML:

<script type="text/javascript">(function(u){var s=document.createElement('script');s.async=true;s.src=u;var b=document.getElementsByTagName('script')[0];b.parentNode.insertBefore(s,b);})('//updatemybrowser.org/umb.js');</script>

It's from Link Removed

davehc · Apr 15, 2016

My conclusion is that it is probably harmless. But someone (a member) has definitely hacked into the site to plant the script.
You can have a look at the page. It is harmless to go that far, and have a read. The page also includes the script:

Update your Browser - Browser-Update.org

Neemobeer · Apr 15, 2016

It's actually been there for a few months at least. It is harmless, it simply tells you if your browser is out of date. It does have one black list hit, but its probably a false positive

davehc · Apr 15, 2016

That's interesting? I am on this site a couple of times a day, but only saw it yesterday for the first time. I wonder why it was suddenly triggered.
I only use Edge, on forums, and the only real source for updates is through MS channels.

There are some fascinating paths on the site I linked, which all lead back to a german "Project"

Neemobeer · Apr 15, 2016

It won't trigger when your browser is current, I noticed it around Chrome 48 or 49 release

Neemobeer · Apr 15, 2016

I doubt many people could hack a website so I doubt that is the case. To the admins, sorry I was auditing the site if you get alerts on scans and such I did find the admin login and some potential users. No harm intended.

davehc · Apr 15, 2016

Neemobeer said:
It won't trigger when your browser is current, I noticed it around Chrome 48 or 49 release

As I said, I only use Edge, which is current. And can, at its present early stage, only be updated by MS.

davehc · Apr 15, 2016

Neemobeer said:
I doubt many people could hack a website so I doubt that is the case. To the admins, sorry I was auditing the site if you get alerts on scans and such I did find the admin login and some potential users. No harm intended.

What do you mean by "Auditing the site" and "finding the admin log
"Not too happy with that.

Neemobeer · Apr 15, 2016

I meant site admin login page, I was just curious how hard it would be to locate. I didn't really do anything beyond that.

Mike · Apr 16, 2016

davehc said:
My conclusion is that it is probably harmless. But someone (a member) has definitely hacked into the site to plant the script.

Hello. I am currently in a moving process. There is no hacking going on. I added the script (two actually) to notify you when your browser is out of date. This was done quite awhile ago, to ensure compatibility for people using IE6 and IE7 as well as outdated versions of other browsers.

davehc · Apr 17, 2016

Thanks for the response, Mike. The popup did not reoccur. The exchange regarding the Admin log was a little concern, on my part, that a member was deliberately opening some of the more confidential parts of the site.

Neemobeer · Apr 17, 2016

admin login page and its not exactly a secret page

Banner on webpage

Essential Member

Windows Forum Admin

Excellent Member

Windows Forum Admin

Windows Forum Admin

Essential Member

Excellent Member

Windows Forum Admin

Cloud Security Engineer

Essential Member

Cloud Security Engineer

Essential Member

Cloud Security Engineer

Cloud Security Engineer

Essential Member

Essential Member

Cloud Security Engineer

Windows Forum Admin

Essential Member

Cloud Security Engineer

Similar threads