Newegg appears to be infected with some kind of social engineering hack

R-T-B · Nov 15, 2015

UPDATE: As of Oct 14th 9PM PST this seems fixed.

Old Post below:

What the title says. Someone appears to have uploaded a script to newegg that tries to trick you into downloading a fake flash player. Please be very careful.

I admit, it could just be my machine and browser, but... I tried it on several remote ones and every browser I could think of and got the same result. So I'm posting a warning.

Offending link example:

http://www.newegg.com/Product/Product.aspx?Item=N82E16820147466&cm_re=950_pro-_-20-147-466-_-Product

Screenshot:

@Newegg_Service

R-T-B · Nov 15, 2015

Offendng file it offers to download virus total, from a linux box:

https://www.virustotal.com/en/file/...153213290962021cca4ec5bf/analysis/1447555584/

As newegg appears to have been compromised, I would not order a thing from them until this is sorted out and a statement made.

jboydgolfer · Nov 15, 2015

doesnt happen when i go to link. Hmmm . but thanks just the same

hat · Nov 15, 2015

I just did a little browsing there, and nothing like that comes up on my end.

R-T-B · Nov 15, 2015

jboydgolfer said:
doesnt happen when i go to link. Hmmm . but thanks just the same

It takes roughly 15 seconds of browsing to display. Also it only appears on certain product pages.

Reddit confirms it:

https://www.reddit.com/r/Newegg/comments/3suni0/when_i_go_to_neweggs_website_it_tells_me_my_flash/

EDIT: Perplexing that some people aren't seeing it. Is it perhaps ISP or regional? It's definitely more than just me and my machines.

Please post if you see it as well.

Solaris17 · Nov 15, 2015

nothing over here.

whats that shield icon to the left of your URL box? it looks familiar.

R-T-B · Nov 15, 2015

Solaris17 said:
nothing over here.

whats that shield icon to the left of your URL box? it looks familiar.

Firefox tracking protection. (well cyberfox, but same damn source code. 64-bit recompile essentially).

jboydgolfer · Nov 15, 2015

makes me nervous.

R-T-B · Nov 15, 2015

Yeah, it's weird.

You guys running an ad or javascript blocker by chance? I'm not trying to scare people and I'll feel like such a dunce if it's my end.

jboydgolfer · Nov 15, 2015

i do run adblock

Jetster · Nov 15, 2015

Its not Newegg. I been on Newegg all day and no blocker. I forget when you live maybe you have been redirected by a virus on a server somewhere

Solaris17 · Nov 15, 2015

R-T-B said:
Yeah, it's weird.

You guys running an ad or javascript blocker by chance? I'm not trying to scare people and I'll feel like such a dunce if it's my end.

I was. I disabled it and did a shift+F5 a few times and couldn't reproduce.

jboydgolfer · Nov 15, 2015

nope , cant reproduce. east coast north america.

appreciate the heads up though.

Solaris17 · Nov 15, 2015

I'm going to be straight with you RTB I think your browser is infected and you should look in your programs list and in firefox for default search engine/extension tampering.

Jetster · Nov 15, 2015

I think adobe has a web site to check your flash player

https://www.adobe.com/software/flash/about/

blunt14468 · Nov 15, 2015

No issues for me ....

R-T-B · Nov 15, 2015

Solaris17 said:
I'm going to be straight with you RTB I think your browser is infected and you should look in your programs list and in firefox for default search engine/extension tampering.

I really am going to feel like a moron if that's the case. But I'm pretty sure it's not because I've done everything including logging into a BSD server in Seattle via VNC (it hillariously offers me the same exe).

Plus there is a reddit thread on this. Pretty fresh.

https://www.reddit.com/r/Newegg/comments/3suni0/when_i_go_to_neweggs_website_it_tells_me_my_flash/

I think it's honestly something on west coast comcasts end at this point. My appologies if it can't be reproduced. Better safe than sorry, I figure.

jboydgolfer · Nov 15, 2015

i see in the pic in your OP that your page is Still loading, its on "sellpoints" , if it took 15 seconds for that popup to appear and your page is still loading, i have to think that isnt normal for newegg...mine always loads in 2-3 seconds..

Solaris17 · Nov 15, 2015

R-T-B said:
I really am going to feel like a moron if that's the case. But I'm pretty sure it's not because I've done everything including logging into a BSD server in Seattle via VNC (it hillariously offers me the same exe).

Plus there is a reddit thread on this. Pretty fresh.

https://www.reddit.com/r/Newegg/comments/3suni0/when_i_go_to_neweggs_website_it_tells_me_my_flash/

I think it's honestly something on west coast comcasts end at this point. My appologies if it can't be reproduced. Better safe than sorry, I figure.

sh if thats the case it might be a forwarding problem for an add in comcasts root DNS servers. It happened in my zone a few weeks ago. I would get redirected to all sorts of shit. Called up the ISP and they too were freaking out. It was a good 12 hours. All of my domain controllers were poisoned.

R-T-B · Nov 15, 2015

Solaris17 said:
sh if thats the case it might be a forwarding problem for an add in comcasts root DNS servers. It happened in my zone a few weeks ago. I would get redirected to all sorts of shit. Called up the ISP and they too were freaking out. It was a good 12 hours. All of my domain controllers were poisoned.

Yeah well haphazard as this warning may have been, looks like it's at least an isolated incident to my region.

If it's not newegg's fault, I seriously apologize if I hurt their sales any over this, heh. Just being cautious.

jboydgolfer said:
i see in the pic in your OP that your page is Still loading, its on "sellpoints" , if it took 15 seconds for that popup to appear and your page is still loading, i have to think that isnt normal for newegg...mine always loads in 2-3 seconds..

Yeah it's definently not normal behavior for me. Or those reddit users. What's weird is it's only newegg... seems like if I was poisoning a DNS it would be everyone.

newtekie1 · Nov 15, 2015

I can confirm, it just happened to me. Using Chromium w/ Adblock enabled. It definitely isn't just you R-T-B.

R-T-B · Nov 15, 2015

newtekie1 said:
I can confirm, it just happened to me. Using Chromium w/ Adblock enabled. It definitely isn't just you R-T-B.

Maybe browser cache? I clear my cache on exit. Maybe they have to wait for their cache to expire/flush to see it.

Jetster · Nov 15, 2015

Okay Mine just did it too

Where do you live?

R-T-B · Nov 15, 2015

Jetster said:
Okay Mine just did it too

And you guys had me thinking it was just me, lol.

I'm looking through the page source and trying to find where it loads, but it's code soup. I suspect it's an infected .js file.

Jetster · Nov 15, 2015

So I clicked on it and Kasperski blocked the link

System Name	Pioneer
Processor	Ryzen 9 9950X
Motherboard	MSI MAG X670E Tomahawk Wifi
Cooling	Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory	128GB (4x 32GB) G.Skill Flare X5 @ DDR5-4200(Running 1:1:1 w/FCLK)
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64, other office machines run Windows 11 Enterprise

System Name	Pioneer
Processor	Ryzen 9 9950X
Motherboard	MSI MAG X670E Tomahawk Wifi
Cooling	Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory	128GB (4x 32GB) G.Skill Flare X5 @ DDR5-4200(Running 1:1:1 w/FCLK)
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64, other office machines run Windows 11 Enterprise

System Name	Americas cure is the death of Social Justice & Political Correctness
Processor	i7-11700K
Motherboard	Asrock Z590 Extreme wifi 6E
Cooling	Noctua NH-U12A
Memory	32GB Corsair RGB fancy boi 5000
Video Card(s)	RTX 3090 Reference
Storage	Samsung 970 Evo 1Tb + Samsung 970 Evo 500Gb
Display(s)	Dell - 27" LED QHD G-SYNC x2
Case	Fractal Design Meshify-C
Audio Device(s)	on board
Power Supply	Seasonic Focus+ Gold 1000 Watt
Mouse	Logitech G502 spectrum
Keyboard	AZIO MGK-1 RGB (Kaith Blue)
Software	Win 10 Professional 64 bit
Benchmark Scores	the MLGeesiest

System Name	Starlifter :: Dragonfly
Processor	i7 2600k 4.4GHz :: i5 10400
Motherboard	ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling	Cryorig M9 :: Stock
Memory	4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s)	PNY GTX1070 :: Integrated UHD 630
Storage	Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s)	Onn 165hz 1080p :: Acer 1080p
Case	Antec SOHO 1030B :: Old White Full Tower
Audio Device(s)	Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply	FSP Hydro GE 550w :: EVGA Supernova 550
Software	Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores	>9000

System Name	Pioneer
Processor	Ryzen 9 9950X
Motherboard	MSI MAG X670E Tomahawk Wifi
Cooling	Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory	128GB (4x 32GB) G.Skill Flare X5 @ DDR5-4200(Running 1:1:1 w/FCLK)
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64, other office machines run Windows 11 Enterprise

Newegg appears to be infected with some kind of social engineering hack

R-T-B

R-T-B

jboydgolfer

hat

Enthusiast

R-T-B

Solaris17

Super Dainty Moderator

R-T-B

jboydgolfer

R-T-B

jboydgolfer

Jetster

Solaris17

Super Dainty Moderator

jboydgolfer

Solaris17

Super Dainty Moderator

Jetster

blunt14468

R-T-B

jboydgolfer

Solaris17

Super Dainty Moderator

R-T-B

newtekie1

Semi-Retired Folder

R-T-B

Jetster

R-T-B

Jetster

System Name	RogueOne
Processor	Xeon W9-3495x
Motherboard	ASUS w790E Sage SE
Cooling	SilverStone XE360-4677
Memory	128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s)	MSI SUPRIM Liquid 5090
Storage	1x 2TB WD SN850X \| 2x 8TB GAMMIX S70
Display(s)	49" Philips Evnia OLED (49M2C8900)
Case	Thermaltake Core P3 Pro Snow
Audio Device(s)	Moondrop S8's on Schitt Gunnr
Power Supply	Seasonic Prime TX-1600
Mouse	Razer Viper mini signature edition (mercury white)
Keyboard	Wooting 80 HE White, Gateron Jades
VR HMD	Quest 3
Software	Windows 11 Pro Workstation
Benchmark Scores	I dont have time for that.

System Name	Juliette // My HTPC
Processor	Intel i7 9700K // AMD Ryzen 5 5600G
Motherboard	ASUS Prime Z390X-A // ASRock B550 ITX-AC
Cooling	Noctua NH-U12 Black // Stock
Memory	Corsair DDR4 3600 32gb //G.SKILL Trident Z Royal Series 16GB (2 x 8GB) 3600
Video Card(s)	ASUS RTX4070 OC// ASUS RTX 4060 OC
Storage	Samsung 970 EVO NVMe 1Tb, Intel 665p Series M.2 2280 1TB // Samsung 1Tb SSD
Display(s)	ASUS VP348QGL 34" Quad HD 3440 x 1440 // 55" LG 4K SK8000 Series
Case	Seasonic SYNCRO Q7// Silverstone Granada GD05
Audio Device(s)	Focusrite Scarlett 4i4 // HDMI to Samsung HW-R650 sound bar
Power Supply	Seasonic SYNCRO 750 W // CORSAIR Vengeance 650M
Mouse	G903 and a Master Mouse MM710/No mouse, MS game copntroller
Keyboard	EVGA / Logitech K400
Software	Windows 11 Pro // Windows 10 Pro

System Name	Current Rig
Processor	i7-2700k
Motherboard	Asus P8Z68-V Pro Gen3
Cooling	Noctua NH-D14
Memory	16 GB Gskill
Video Card(s)	Twin 780 Classifieds

Processor	Intel Core i7 10850K@5.2GHz
Motherboard	AsRock Z470 Taichi
Cooling	Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory	32GB DDR4-3600
Video Card(s)	RTX 2070 Super
Storage	500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s)	Acer Nitro VG280K 4K 28"
Case	Fractal Design Define S
Audio Device(s)	Onboard is good enough for me
Power Supply	eVGA SuperNOVA 1000w G3
Software	Windows 10 Pro x64