2 Replies Latest reply on Jan 28, 2013 5:54 AM by Hayton

    Is my pc infected? (Visited a suspicious website)

      Hello,

       

      I visited a suspicious website by accident (wowhea.com). While browsing I meant to type wowhead.com to go to a world of warcraft website; I accidentally typed wowhea.com and upon visitting I got forwarded to several websites and eventually ending up on a site called skooble.com. I went to check the McAfee site advisor and the site wowhea.com is flagged with a yellow !. The advisor says 1 of the irritations is a pop up. What does this mean exactly? Is my pc at risk?

       

      I tried scanning all the sites wowhea.com forwarded me to, but most of them display as unknown sites.

       

      Kind regards,

       

      Outeu

        • 1. Re: Is my pc infected? (Visited a suspicious website)
          exbrit

          You are most likely OK if you didn't install or download anything from them.

           

          Run Stinger and Malwarebytes Free, both linked in my signature below - the last line.

           

           

           

          .

           

          Message was edited by: Ex_Brit on 27/01/13 5:24:12 EST PM
          • 2. Re: Is my pc infected? (Visited a suspicious website)
            Hayton

            It's a typical typosquatting site. Server in Dallas, site registered through a shady outfit in Panama, makes money every time some unfortunate lands on the site by redirecting them to various other site laden with advertisements. The site owner gets a small cut from the advertising revenue. This sort of site can sometimes be extremely malicious.

             

            Edit - the giveaway here is skooble.com : its shady affiliations have been noted by WOT (see HERE) even though SiteAdvisor says it's Green. Another reason to install WOT as a backup for SiteAdvisor. And see also the report for skooble.com from Google Safe Browsing HERE.

             

            2nd edit - yeah, TrustedSource marks wowhea.com as a Parked Domain and therefore Suspicious. Good ol' Firefox blocked the site from automatically redirecting to the next website in the chain. The redirection string is extremely long but the first part of it says "otn (dot) dsparking (dot) com".

             

            3rd edit (this is going a bit deeper) - see the WOT report on dsparking-dot-com (HERE) : "fake domains redirecting to pay-per-click scam sites". Pretty much what I said.

             

            Message was edited by: Hayton on 28/01/13 11:54:12 GMT