Intrusion attempts when trying to D/L images

[Tom Slick]

For the last week or so, almost every time I try to D/L images (from any image host) via VEF or Planetsuzy, my Norton Internet Security software warns me:

An intrusion attempt by iflvp.com (192.241.136.22) was blocked.
Fake App Attack: Misleading Application Website
Severity=High

My Norton & Malwarebytes scans are clean.

If anyone can tell me what's happening here, it would be appreciated. As it stands now, I'm afraid to D/L anything, and looking at thumbnail images just isn't much fun.

Thanks for any help/advice you can offer.

[exfarmer]

How are you downloading the images? Right click and save as or using a program?

[ConstantOgler]

Quote:

Originally Posted by Tom Slick

For the last week or so, almost every time I try to D/L images (from any image host) via VEF or Planetsuzy, my Norton Internet Security software warns me:

An intrusion attempt by iflvp.com (192.241.136.22) was blocked.
Fake App Attack: Misleading Application Website
Severity=High

My Norton & Malwarebytes scans are clean.

If anyone can tell me what's happening here, it would be appreciated. As it stands now, I'm afraid to D/L anything, and looking at thumbnail images just isn't much fun.

Thanks for any help/advice you can offer.

I think there is a good chance this is about intruding, rogue sites that the hosts are allowing rather than any virus in the site itself or the images. This has come up before, & by "allow" I mean their policing of what their advertisers are doing is lax or ineffective.

I never use anti-virus s/w. Recently when I click to view on imagebam (maybe ivenue also), usually w/ Chrome, a completely new site opens in a new tab. And oc it is on top. Might be porn, but sometimes straight. This is in addition to the poop-up in the host itself. Not abt D/L but just trying to view. I just close them & proceed to view, have done some D/L & no resulting troubles. It makes sense that the rogue intruders would not pass a sniff test. The real question is whether the image host does, if you can test that separately.

I am just going to continue in my "no condom" mode [disease free after many years ] & will give a shout if necessary. OC, your mileage may vary.

Indicate your O/S, browser, & whether you use adblockplus and noscript .
Provide just one post in vef that you tried that created the Norton intrusion notification.

[Tom Slick]

Quote:

Originally Posted by exfarmer

How are you downloading the images? Right click and save as or using a program?

As an example, I went to this post:
http://vintage-erotica-forum.com/sho...postcount=1220

Next, right click image & "open in new tab OR window". My browser (FF 29.0.1) opens the new tab/window with the DL image, and ALSO tries to open an additional tab/window hosted by the attacking computer at iflvp.com.

No harm no foul if this only happens once in a while, but when it happens with such regularity it scares the hell out of me. Since the attack always comes from the same URL & IP, perhaps I can configure my browser to block those addresses permanently.

Thank you. Even though I probably won't sleep tonight after seeing your disturbingly hilarious avatars.

[Tom Slick]

Quote:

Originally Posted by ConstantOgler

I think there is a good chance this is about intruding, rogue sites that the hosts are allowing rather than any virus in the site itself or the images. This has come up before, & by "allow" I mean their policing of what their advertisers are doing is lax or ineffective.

I agree. The malicious parties would seem far more likely to be linked to the advertisers than to the image hosts or VEF themselves. Image hosts generate ad windows/tabs all the time, it's not a stretch to imagine that a "bad apple" gets into their advertising pipeline at times.

This may be a moot point as long as Norton blocks the malicious content, but the regularity of these intrusion attempts has me somewhat unnerved and reluctant to use VEF. If I can find a way to block this URL/IP from being accessed by my browser, that option would surely provide peace of mind. Wouldn't be a bit surprised if there's a Firefox browser plug-in that will do that.

Thank you for your thoughts, I appreciate it!

[Tom Slick]

Quote:

Originally Posted by jjjukemd

Indicate your O/S, browser, & whether you use adblockplus and noscript .
Provide just one post in vef that you tried that created the Norton intrusion notification.

Win7, Firefox 29.0.1. I don't use those plugins (though perhaps I should).
This post gives me the Norton warning whenever I open the image in a new browser tab/window:
http://vintage-erotica-forum.com/sho...postcount=1220

As ConstantOgler postulated, this rogue attacker probably is connected to some advertiser. I'm glad my Norton software is doing its job and preventing the malicious content from running, but constantly seeing these warnings has me pretty well spooked. Have been using VEF (and Norton) for many years and have never encountered anything like this before.

Thanks.

[luddite]

I tried that image with AdBlock and I clicked on "open blockable items" but I don't see iflvp.com

you should use AdBlock, you can add sites that you don't want to see if they aren't already on their list

to get AdBlock click on FF at the top right, then click Add-ons, then click Get Add-ons

[Tom Slick]

Quote:

Originally Posted by luddite

you should use AdBlock, you can add sites that you don't want to see if they aren't already on their list

Adblock Plus 2.6 for FF seems both highly rated and popular! 5 stars in 4233 reviews is pretty impressive. If users can configure it to block specific URLs & IPs, it sounds like a great way to address this problem. I've seen dozens of recs for Adblock, and you're the 2nd person in this thread to mention it.

Thank you!

[lagerlout]

I managed to use Adblock to stop those damn pop-unders from mediafire that nothing else seemed to catch, admittedly had to block each one as it popped up but finally don't see them any more