DON'T PANIC -- Regarding "Warning - visiting this web site may harm your computer!"
We have managed to identify the 3rd party, who is well known to be trusted, as the source of the script. They have been contacted about the compromise, and have removed the malicious script being served to not only Curse, but possibly everyone with whom they work. They are still investigating the breach.
Curse takes security extremely seriously, and has removed all 3rd party ad partners until the investigation is complete. We will keep you informed of the outcome of this investigation. In the meantime, we recommend you run a malware scan on your computer. You can run a free scan at http://www.malwarebytes.org/. We sincerely apologize for this inconvenience.
At no time was any information in our databases compromised - your logins, user info, and all other personal information is safe and sound! We will continue to monitor the situation, just to be on the safe side.
No. AdBlock and NoScript don't really work this way. Well, NoScript might. AdBlock however just doesn't render the ads. As far as I know, the ads themselves and the scripts they run are still downloaded and cached to the disk by the browser itself.
Avast never freaked out and nothing strange happened. (and i have ADblockplus)
Damn : / I guess I'll disable JavaScript on minecraftforum.net for now.Though another thing I'm wondering about is wether the infected ads were viewed in germany since an ad for let's say wallmart wouldn't make any sense in germany... Plus I didn't get a warning from Chrome/AVG and neither did AVG or MBAM find any malicious files other than 1 tracking cookie which is certainly nothing special.
Disabling Javascript will make the forum unusable. The advertisements have been removed and you're now safe to use the forum. If malwarebytes found nothing then you're most likely clean!
Thanks! I'll probably keep JS disabled until everything's back to normal though
It's bad enough being bombarded by trash when visiting the Curse site, and bad enough that the ads slow down the free version of the Curse client so that it sometimes becomes unusable. But when it turns out that these ads aren't even checked, and can represent a security risk to Curse users and their computers, that's ridiculous. I hope Curse management has learned something from this, and will change their policy regarding third-party ad material in the future, to keep their visitors safe.
I'm not involved with the advertising side of the company so I'll try and get a full answer for you, but I believe it's because it's simply not possible to do this.
Anyways, I never visited the site, so yayyyy!
Besides, it's not like the ad providers aren't motivated to keep this sort of thing from happening. Having a problem like this means they loose out on all those views on their ads on a rather high volume site. That's money they didn't make as it's clicks and views they didn't get. It's in an ad feed's best interest to not drive people away from a site they advertise on.
Get your towels here!
Free towels!
Make sure you know where you towel is!
Just a single example: http://www.macrumors.com/2010/10/27/new-java-based-malware-targets-mac-os-x-but-threat-level-disputed/