For the last four days, my anti-virus software has been blocking a possible virus when I visit some popular news sites. The URL flagged as a virus is a subdomain of eclampsialemontree.net that has a long string of random characters and looks highly suspicious. A report on VirusTotal indicates two anti-virus providers are blacklisting that domain as a malware site.

The latest site where I encountered this virus alert was a story on Stars and Stripes. I'm not embedding a link for obvious reasons, but it has the headline "Veteran, one of 4,200 mistakenly declared dead by VA, feels 'resurrected.'"

In the Google Chrome developer console, I can see that when the story is read, the URL is being loaded in an XmlHttpRequest by this JavaScript code on the news page:

<script src="http://s.ppjol.net/lightbox/pp4.js"></script>
<script>
if (!navigator.userAgent.match(/StripesApp/i)) {
  var pp = { client: { config: { 'zone':"-jmtl7NTsKXjcoZnYuS2qB", 'mode':"universal", 'debug':0, 'precheck': function(){ return 1; } } } };
}
</script>

This code is provided by Press Plus, a company that manages newspaper subscription paywalls. I think the purpose of the script is to superimpose a box above the story that urges a reader to subscribe to the site.

The script does not have any reference to eclampsialemontree.net, so I don't know why it is attempting to make a connection to one of its subdomains.

I've encountered this 24 times on different news sites. I'd like to figure out why it's happening. I post a lot of links to news stories on the Drudge Retort and I can't link to a site I believe might have been compromised by a virus.

-- Rogers Cadenhead

Comments

Happens to me too. Newsinc.com , a site with sensationalist news/media that my 10yr old has visited is hosting frame content from eclampsialemontree.net


 

I'm getting the same behavior when I visit www.DallasNews.com. I'm using Eset NOD32. If I try to visit their sports page, sportsday.DallasNews.com, I get a popup telling me I've used up my free visits.


 

Hello Roger!

You should activate moderation or spam check on your blog cause it seems that spammers are getting through.

Best regards,
a reader.


 

Maintain the excellent work and delivering in the crowd!


 

Good Webpage, Maintain the wonderful job. Thanks for your time!|


 

Basically want to state Now i am ecstatic I stumbled in your site!|


 

I love the details on your website. Thanks a ton!
fodboldtr?jer www.crimsontee.com


 

Hey, good online site you have got going here.
fotballdrakter barn www.travelstobhutan.com


 

Especially educational looking forward to coming back again.


 

Hi-ya, tidy web page you have there.
maglie calcio a poco prezzo www.synchronizationofus.com


 

Thanks, this site is very practical.
fotbollskl?der www.afterglowvp.com


 

I like this site - its so usefull and helpfull.
fotballdrakter barn www.nottheitgirls.com


 

Wow because this is excellent work! Congrats and keep it up.


 

Incredible....such a beneficial online site.
billige fotballdrakter www.nottheitgirls.com


 

Truly, such a useful websites.
maglie calcio poco prezzo www.glivytech.com


 

The tips is incredibly interesting.


 

You have probably the greatest web-sites.
fotbollstr?jor barn www.tampabaygoodliving.com


 

Thanks regarding supplying these kinds of fantastic data.


 

Particularly educational looking forth to coming back again.


 

Add a Comment

These HTML tags are permitted: p, b, i, a, and blockquote. A comment may not include more than three links. Participants in this discussion should note the site's moderation policy.