This came from a site rated as extremely safe by WOT.
Minding my own business, too.
(Second topic)
Yesterday I came across some sort of java script installer at hxxp://www.261.com Home page loaded without incident, but when I clicked the latest news page a java installation dialog box popped up, was written in some foreign language I could not read, and was very persistent, always reappearing after the box was closed. I was not able to view the news section as this box prevented me from entering and behaved similarly to one of those floating ads (very annoying) right in the center of the viewing area, and remained there no matter whether I scrolled the page I was on up or down.
Could not view so left the site.
Odd thing was, there is no java on the site anywhere that I could see.
Visited just now, and the java thing is gone. I assume the site is clean ATM.
Next time I see one of these critters, I’ll grab a screenshot and post it here.
Avast! had nothing to say about this intrusion. Sorry, I did not think to do it when I had the chance.
But you mention that when you clicked the latest news page, a java popped up. There is no script to be loaded when the “Latest News” is selected, so it must have come from the “Latest News” page. (See Attachment #2)
So, we can assume that this 261 site either had a conflict with one of the sites it cross-sites to, or the site was hacked and cleaned up in an effort to keep customers.
So, we can assume that this 261 site either had a conflict with one of the sites it cross-sites to, or the site was hacked and cleaned up in an effort to keep customers.
Seems that was what happened. I was fortunate FF was sandboxed at the moment this happened. ;D
As I noted, the very next day, when I visited again, with the intention of capturing the java box, it was gone.
Was the site cross-site linked or hacked? Probably the latter, as this was a dialog box in a foreign language. Could not read it.
Thanks for doing the work. Alas, I could’ve helped Avast! users had I been thinking.