The Locus Magazine site recently was infected with malware of some kind that may have infected folks who visited.
Right now, on their front page, we see this notice:
Note, 25 December: After several e-mails reporting malware attacks from this site, Locusmag’s hosting service has done a security sweep and found no abnormal processes or files. Please contact us if such problems recur — they may be connected to the servers of one of the ad banners.
#6 ::: Eileen Gunn ::: (view all by) ::: December 26, 2008, 04:05 PM:
I am one of the people who encountered a virus on the Locus site. It was probably a spyware called “XP Antivirus 2008/2009.” (This is new and particularly nasty trickware that tries to get you to download itself by popping up a message that looks like a Windows system message, telling you your computer is infected with a virus, and you need to download a fix. More here: http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008 .)
DO NOT CLICK ANYWHERE ON THE “SYSTEM MESSAGE” TO CLOSE IT.
Specifically: DO NOT CLICK ON THE “CANCEL” BUTTON IN THE MESSAGE and DO NOT CLICK ON THE X-BOX IN THE UPPER RIGHT-HAND CORNER. (It’s a trick: why would they let you cancel it? The cancel button installs it.)
Here’s what to do:
1. Hit Cntrl-alt-del to bring up the Windows task manager.
2. Find your browser in the task list (such as firefox.exe or iexplore.exe).
3. Select the browser and click the “End Process” button.
4. Make sure there is not another instance of your browser running. If there is, close that too. Do this until the message disappears. DO NOT CLICK THE MESSAGE.
5. Download and run Anti-Malware from www.malwarebytes.com, as Jim McD. suggests.
Thanks to Jim Bailey, Jeffry Dwight, and Chuck Rothman’s excellent advice about this virus in the SFWA Forum on SFF.net, I avoided downloading it, but it took me five hours of running A/V and anti-malware programs to be sure of that.
Good luck! If an advertising server is spreading this virus, you could encounter it anywhere.