ShyLittleGuy a bot?

peet · Post by **peet** » Thu Dec 15, 2011 1:20 pm

digi-check dot ru, and some variants are known drive by virus installers. It often gets redirected to from a random websites.

Those random redirectors often get deleted quickly because people will complain. Hence the warning disappears.

If someone links an image from a redirector site, which ends at digi-check on e.g. an alleg signature, you get this alert in e.g. Chrome and Firefox.

Clear your browser cache after the "problem is gone" helps.

Sample

Alleg forum user -> reads some user post with image -> some-blahblahblah.com (clean site) pulls image from -> digi-check (evil site) -> browser whines -> digi-check tries to install viri on alleg forum user if you are unpatched

If you have an old browser or unpatched windows, check for viri.

To make it even more complex, some sites behave different depending on the ip address of the visitor.

Hence the poor Alleg admins can search for ever.

MrChaos · Post by **MrChaos** » Fri Dec 16, 2011 12:26 am

MrChaos translation of Peet's post:

Raum was watching porn and got the ick

raumvogel · Post by **raumvogel** » Fri Dec 16, 2011 2:52 am

Lies!

Phalanxe · Post by **Phalanxe** » Fri Dec 16, 2011 4:06 am

raum do u have avast?

peet · Post by **peet** » Fri Dec 16, 2011 8:46 am

I see this kind of topics more and more. I think as long as smart people from a poor area can make money with this trick, why should they stop?

A typical event is a "famous website" with those little ad banners. People rent or hack an ad, let it point to an "drive by virus installer" website. "Famous website" gets the blame and is automatically bing blocked.

Recommend to keep your stuff updated, it helps. There are a zillion of free tools to block ads, TLD's and evil websites. That helps a lot.