For the last four days, my anti-virus software has been blocking a possible virus when I visit some popular news sites. The URL flagged as a virus is a subdomain of eclampsialemontree.net that has a long string of random characters and looks highly suspicious. A report on VirusTotal indicates two anti-virus providers are blacklisting that domain as a malware site.

The latest site where I encountered this virus alert was a story on Stars and Stripes. I'm not embedding a link for obvious reasons, but it has the headline "Veteran, one of 4,200 mistakenly declared dead by VA, feels 'resurrected.'"

In the Google Chrome developer console, I can see that when the story is read, the URL is being loaded in an XmlHttpRequest by this JavaScript code on the news page:

<script src="http://s.ppjol.net/lightbox/pp4.js"></script>
<script>
if (!navigator.userAgent.match(/StripesApp/i)) {
  var pp = { client: { config: { 'zone':"-jmtl7NTsKXjcoZnYuS2qB", 'mode':"universal", 'debug':0, 'precheck': function(){ return 1; } } } };
}
</script>

This code is provided by Press Plus, a company that manages newspaper subscription paywalls. I think the purpose of the script is to superimpose a box above the story that urges a reader to subscribe to the site.

The script does not have any reference to eclampsialemontree.net, so I don't know why it is attempting to make a connection to one of its subdomains.

I've encountered this 24 times on different news sites. I'd like to figure out why it's happening. I post a lot of links to news stories on the Drudge Retort and I can't link to a site I believe might have been compromised by a virus.

-- Rogers Cadenhead

Comments

Happens to me too. Newsinc.com , a site with sensationalist news/media that my 10yr old has visited is hosting frame content from eclampsialemontree.net


 

I'm getting the same behavior when I visit www.DallasNews.com. I'm using Eset NOD32. If I try to visit their sports page, sportsday.DallasNews.com, I get a popup telling me I've used up my free visits.


 

Hello Roger!

You should activate moderation or spam check on your blog cause it seems that spammers are getting through.

Best regards,
a reader.


 

I live in usa and life is worth living comfortably for me and my family now and really have never seen goodness shown to me this much in my life as I am a mother who struggles with three children and I have been going through a problem as seriously as my husband found a terrible accident last two weeks, and the doctors states that he needs to undergo a delicate surgery for him to be able to walk again and I could not pay the bills, then your surgery went to the bank to borrow and reject me saying that I have no credit card, from there i run to my father and he was not able to help, then when I was browsing through yahoo answers and i came across a loan lender MR TONY HARTON, offering loans at affordable interest rate and i have been hearing exactly so many scams on the internet but at this my desperate situation, I had no choice but to give it an attempt and surprisingly it was all like a dream, I got a loan of $ 50,000 and I paid for my husband surgery and thank God today is good and you can walk and is working and the burden is longer so much on me more and we can feed well and my family is happy today and i said to myself that I will mourn aloud in the world of the wonders of God to me through this lender GOD fearing MR TONY HARTON and I would advise anyone in genuine and serious need of loan to contact this God-fearing man on financialhome34@outlook.com through .. and I want you all to pray for this man for me
Thanks


 

Add a Comment

These HTML tags are permitted: p, b, i, a, and blockquote. A comment may not include more than three links. Participants in this discussion should note the site's moderation policy.

:
:
: