Why does the PDGA discussion board deliver malware?

What is the PDGA going to do to clean up it's image in dealing with cyber threats?

What is the PDGA going to do to compensate members who have financial information compromised by malware served from this site?

The details:
Google Chrome & Firefox can no longer be used to visit this site.

IE may throw the following error when malware is attempted to be delivered: "Internet Explorer has closed this webpage to help protect your computer. A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage."

Google reports the following:
"Of the 138 pages we tested on the site over the past 90 days, 26 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-04-11, and the last time suspicious content was found on this site was on 2011-04-10.
Malicious software includes 7 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine."

19% of the PDGA discussion pages that get served deliver zero-day malware:
http://en.wikipedia.org/wiki/Zero-day_virus

If you viewed 10 messages on the discussion board with Internet Explorer (32 bit), then you have an 88% chance of currently owning an infected computer.

After 37 messages, then the odds statistically round to 100%.

Yeah, the site has been flagged as a Malware/badware delivery portal.

This is what pops up when you go to the PDGA homepage in google Chrome. I got a similar page last week when I went to the discussion board in firefox.


Safe Browsing
Diagnostic page for pdga.com

What is the current listing status for pdga.com?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 5 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 647 pages we tested on the site over the past 90 days, 79 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-04-12, and the last time suspicious content was found on this site was on 2011-04-12.
Malicious software includes 37 trojan(s), 4 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 9 domain(s), including thegiken.com/, yourgisay.com/, rimconline.com/.

This site was hosted on 2 network(s) including AS14618 (AMAZON), AS31815 (MEDIATEMPLE).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, pdga.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.


I don't know a lot about it, but my guess is it's an advertiser link, and an advertiser is the one serving up the Malware when players click on their site.

I also, would like to know what caused the problem and how it was fixed.

Firefox 3.6.16

This is how I disabled it:
Tools - Options - Security

Deselect: Block reported attack sites

Firefox 3.6.16

This is how I disabled it:
Tools - Options - Security

Deselect: Block reported attack sites

Seriously? Did you turn off all your firewalls too, so the malware has free reign? Wait ... don't bother, the malware probably took care of that for you!

Here is the list of bugs fixed by the 3.6.17 release:
https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2:.17-fixed

What are the odds that some one has already served you zero day on your 3.6.16 version?

Seriously? Did you turn off all your firewalls too, so the malware has free reign? Wait ... don't bother, the malware probably took care of that for you!

Here is the list of bugs fixed by the 3.6.17 release:
https://bugzilla.mozilla.org/buglist.cgi?quicksearch=ALL%20status1.9.2:.17-fixed

What are the odds that some one has already served you zero day on your 3.6.16 version?

LOL! Oh no...I don't rely on a browser to protect my system. ;)
I updated to Firefox 4.0, and the issue is still there.
So, is there an issue with pdga.com being a malware distributor?

i had problems accessing the discussion board,
but could see the home page with no dificulty.
i called D Gentry and left a message, letting him know of my problems.
the next day i was able to access this board with no issues.


i use firefox

So, is there an issue with pdga.com being a malware distributor?

Well, I have an issue with visiting a web site that delivers malware ;).

When Google states "79 page(s) resulted in malicious software being downloaded and installed without user consent. ", they obviously mean that malware was installed due to content distrubuted directly or indirectly from the site! I would LOVE to know what browsers were actually affected.

Personally, I plan to no longer use the PDGA to pre-register for any tournaments. I have not figured out how I will register for the PDGA next year; because I do not trust the PDGA with my credit card information.

I agree that "MOST LIKELY" the PDGA is using a "third rate" ad server company. I suspect that this company is trying to vet ads that it delivers to ensure that they are malware free; however, that job is really difficult! My guess is Google is doing a better job of vetting the ads. However, that is a guess. AFAIK, the PDGA may not even be capable of accessing their security risks.

I thought that perhaps the PDGA would immediately terminate the ad content based on being called out. However, my system is still getting zero day thrown at it. I hope that they at least look into the legal requirements of reporting security breaches.

BTW, if you think your anti-virus program is keeping you safe, then you would be wrong. (http://www.techs-on-call.biz/blog/post.cfm/study-antivirus-software-not-effective-at-stopping-malware)

You should also be aware that in the past many people knew immediately when they had malware installed due to browser redirects or "Fake Anti-Virus" software getting installed. However, there is a big shift to "silent malware" that just steals your personal data (http://arlingtonvacomputerrepair.com/blog/2010/04/22/viruses-that-target-banking-information-are-on-the-rise/).

I sent an email to the pdga Sunday about this when it first popped up for me, but have received no response. The reported Attack Site now pops up for pretty much all of the pdga.com domain now. Ugh! I'm not willing to risk it until it's cleaned up. Of course reading this discussion board through lynx is painful, but at least I don't have to worry about any malware this way.

Ugh! I'm not willing to risk it until it's cleaned up. Of course reading this discussion board through lynx is painful, but at least I don't have to worry about any malware this way.

Lynx ... nice one!

From former PDGA Memberships Manager Addie Isbell's Twitter / Facebook account:

Over the weekend a previously unknown security vulnerability in the adserver used on PDGA.com (http://pdga.com/) was exploited. This lead to Google listing the website as malicious. The vulnerability has been corrected & Google is currently reviewing the website. We expect this process to be completed within the next 24 hours.

Thank you to all the concerned members who called to report the issue.

As per usual, this is all much ado about nothing.

From former PDGA Memberships Manager Addie Isbell's Twitter / Facebook account:

Over the weekend a previously unknown security vulnerability in the adserver used on PDGA.com was exploited. This lead to Google listing the website as malicious. The vulnerability has been corrected & Google is currently reviewing the website. We expect this process to be completed within the next 24 hours.

As per usual, this is all much ado about nothing.

Questions:

Was the adserver serving malicious software?
As posted in this thread Google reported malware detected on 4/10 and separately on 4/12.
Therefore I believe that the PDGA was servering malware for at least two days!
I personally saw IE throwing exceptions on 4/12.

How many people own compromised computers due to this breach?
Unfortuneatly, this is a question the PDGA can not answer. As I post this there are 1102 users of the board (72 members and 1030 guests). However, IMHO the PDGA should disclose any information they have about the duration of the breach, and should at least contact users who were logged in during the breach. Remember that based on the math after 37 page views you had 100% chance of being infected!

Much ado about nothing?
You seem to imply that now that the issue is fixed, everyone is safe! I can guarantee you that if visitors of the board now own an infected computer, that their issue has NOT been resolved!

What is the safety of our personal information?
I additionally received a call about the problems with the pdga site and my concern about possible leakage of credit card information. It was a much more practical call, and I can confirm the following:
1) The PDGA.com is owned by the PDGA, uses domain servers from easydns.com, and hosts the site on Amazon EC2.
2) pdgastore.com is owned by the PDGA, but uses domain servers from BREINERLOGISTICS.COM, and hosts the site at a different server on the IP space from Global Net Access.
3) pdgasignup.com is owned by BREINER ENTERPRISES, INC., uses domain servers from BREINERLOGISTICS.COM, and hosts the site on the same IP address as the pdgastore.com.

The pdgastore.com & pdgasignup.com do NOT use any external adservers for their content (Thank you guys!!!)!

Therefore, if I go directly to the pdgastore.com & pdgasignup.com I can reasonably expect that my information is safe, and I will do that for future sign ups and event registrations.

HOWEVER, if you are a user of the PDGA site or the PDGA discussion group, and you use the same password and account information for both the discussion group and the store, then you should be concerned! (They are separate accounts, and personally I use different passwords so I am not that concerned.)

The PDGA goes public:

http://www.pdga.com/recent-attacks

I can guarantee you that if visitors of the board now own an infected computer, that their issue has NOT been resolved!

Dan, you seem to imply that anyone viewing the PDGA DISCussion Board during this period is guaranteed to be infected. Your "What is the PDGA going to do to compensate members who have financial information compromised by malware served from this site?" question seems to imply that all passwords and sensitive financial information have 100%, with certainty, been released.

Yes, the threat of malware is a serious concern and folks should be taking the necessary precautions (http://www.pdga.com/recent-attacks) to make sure they were not infected. But Dan, you are automatically jumping to conclusions and assuming the worst. The whole tone of your posts in this threads, including the "What is the PDGA going to do to clean up it's image in dealing with cyber threats?" question from your initial post, is seemingly designed to put the PDGA and the PDGA IT Manager in the worst possible light.

This isn't about "towing the company line" - it's about how to go about handling life's situations. Were you one of those who called the PDGA Office to report the problem? That would have been the high road. This thread (and especially your tone in it) seem to me like the low road, which is sadly all too common these days. That's just like, my opinion, man.

Dan, you seem to imply that anyone viewing the PDGA DISCussion Board during this period is guaranteed to be infected. Your "What is the PDGA going to do to compensate members who have financial information compromised by malware served from this site?" question seems to imply that all passwords and sensitive financial information have 100%, with certainty, been released.

Yes, the threat of malware is a serious concern and folks should be taking the necessary precautions (http://www.pdga.com/recent-attacks) to make sure they were not infected. But Dan, you are automatically jumping to conclusions and assuming the worst. The whole tone of your posts in this threads, including the "What is the PDGA going to do to clean up it's image in dealing with cyber threats?" question from your initial post, is seemingly designed to put the PDGA and the PDGA IT Manager in the worst possible light.

This isn't about "towing the company line" - it's about how to go about handling life's situations. Were you one of those who called the PDGA Office to report the problem? That would have been the high road. This thread (and especially your tone in it) seem to me like the low road, which is sadly all too common these days. That's just like, my opinion, man.

By my count the PDGA website has been defaced twice, and has been used to deliver malware twice. I looked for any public documentation about those incidents, and found none. After reading bravo's response to a phone call, I personally was very glad that I did not just call about the issue. People who visited pdga.com via Internet Explorer would otherwise have no indication that they may have been exposed to such a large risk.

I will admit that I forgot that the PDGA site, and the PDGA store and PDGA signup websites were run by a different organizations. I currently believe that the PDGA store and PDGA signup websites are appropriately protected. I hope that this incident is a wakeup call for the PDGA to protect its site equally well.

Transparency in computer security breaches is the high road. Anyone that tries to downplay the threat or sweep the consequences of a breach under a rug is taking the low road.

I am sure you are aware that the latest trend in malware (http://searchsecurity.techtarget.co.uk/news/1510769/Symantec-Internet-threat-report-highlights-botnet-malware-trends) is to infect a system and steal personal and banking information. This new malware gives you no indication that it is installed and is designed to evade most anti-virus and anti-malware detection products.

I just want people to find out about this breach before their bank accounts are emptied ;).

Just wanted to provide a heads up that more than one PC user has reported problems with a virus coming from the PDGA website in the past 2 days.

Probably would be more helpful to post details about the virus, like the name or what it does. You know, something for the PDGA website folks to look into, and for the rest of us users to keep an eye out for.

For the record, not saying there isn't a virus issue to investigate, but I have accessed PDGA.com from three different PCs running either XP or Windows 7, with both IE8 and Firefox 13 in the last 48 hours and have encountered zero problems.

This time of the year, it's probably just an allergy and not a virus. :p

The virus has shown up for me the last few times I've entered the site. I'm not sure about any of the details involved, but I know the virus alarm has sounded.