Newegg appears to be infected with some kind of social engineering hack

[Eden Tosh]

My NewEgg page has been doing the same thing, haven't tried it on my phone. I have been trying to look for any posts about it, to see if it wasn't a virus on my end, and found this.

 

[R-T-B]

My NewEgg page has been doing the same thing, haven't tried it on my phone. I have been trying to look for any posts about it, to see if it wasn't a virus on my end, and found this.

I'm pretty sure it's newegg themselves that are infected. I would hold off on ordering from them until they make a statement (don't want your CC getting skimmed or something nefarious, we don't know anything yet and should assume the worst).

 

[Eden Tosh]

And you guys had me thinking it was just me, lol.

I'm looking through the page source and trying to find where it loads, but it's code soup. I suspect it's an infected .js file.

Yeah, the download host is something along the line of
codehost ml for me, and the file it's trying to download is adobe_flashplayer_9.exe

 

[R-T-B]

Yeah, the download host is something along the line of
codehost ml for me, and the file it's trying to download is adobe_flashplayer_9.exe

Yeah. It's not even a modern pretend flash version, lol.

It's also a trojan. Just in case I need to state the obvious: DO NOT RUN IT.

 

[Jetster]

I e mailed them

 

[R-T-B]

I e mailed them

Thanks firing one off myself.

 

[Eden Tosh]

Okay, I did order something off of the website last week, so hopefully I should be good, and hopefully my information I have stored there will be safe. That being compromised is the last thing I need right now.

 

[Eden Tosh]

Thanks firing one off myself.

Will do the same.

 

[R-T-B]

Okay, I did order something off of the website last week, so hopefully I should be good, and hopefully my information I have stored there will be safe. That being compromised is the last thing I need right now.

I ordered a PSU just recently. I'm in the same boat as you man.

 

[Hugis]

Confirmed here in Spain!

 

[Jetster]

Well I sure your fine. Kaspereski blocked it and if it still trying then you must be ok

 

[R-T-B]

Well I sure your fine. Kaspereski blocked it and if it still trying then you must be ok

I'm more concerned on if they had root access to the machine, they may have the Credit Card database.

I'm not really worried about the malware.

But we just have to wait and see. It's possibly just a low level compromise.

 

[newtekie1]

I'm pretty sure it's newegg themselves that are infected.

I'd bet it is more likely the 3rd party advertisement that is infected and causing it. That is why some people get it, others don't. Even I get it inconsistantly, even when loading the same page multiple times. It happens a few times in a row, then doesn't a few times. Even with Adblock enabled, part of the ad script is still loaded with the page.

 

[R-T-B]

I'd be it is more likely the 3rd party advertisement that is infected and causing it. That is why some people get it, others don't. Even I get it inconsistantly, even when loading the same page multiple times. It happens a few times in a row, then doesn't a few times. Even with Adblock enabled, part of the ad script is still loaded with the page.

That's a very encouraging thought. And plausible. Newegg's page is riddled with 3rd party js anayltics shit...

Makes you think, eh?

 

[Eden Tosh]

Yeah, must be something on Newegg's end, I run my anti-virus and nada. I'll probably stop browsing their site until this gets resolved, can't get a virus on my first home built computer only after five months of use!

 

[R-T-B]

Yeah, must be something on Newegg's end, I run my anti-virus and nada. I'll probably stop browsing their site until this gets resolved, can't get a virus on my first home built computer only after five months of use!

Not a bad idea... I'm sure they'll tell us what was up / when it is fixed when they reply to our emails.

 

[Eden Tosh]

Not a bad idea... I'm sure they'll tell us what was up / when it is fixed when they reply to our emails.

Yeah, I just wrapped up my email and tried to use their weird chat thing, but it's finicky.

 

[R-T-B]

Yeah, I just wrapped up my email and tried to use their weird chat thing, but it's finicky.

The chat folks probably aren't equipped to handle this anyhow. Email is probably best for web security stuff.

 

[Eden Tosh]

The chat folks probably aren't equipped to handle this anyhow. Email is probably best for web security stuff.

Yeah, but the chat won't even load I meant. It was a half-baked idea anyway. Newegg is probably already scrambling to try to fix this issue as we speak. It would be bad press that their site was compromised, with Black Friday/Cyber Monday just a few weeks away.

 

[R-T-B]

Yeah, but the chat won't even load I meant. It was a half-baked idea anyway. Newegg is probably already scrambling to try to fix this issue as we speak. It would be bad press that their site was compromised, with Black Friday/Cyber Monday just a few weeks away.

Yep.

And my opinion is that it's an ad-display partner that's infected, not newegg. So it's probably all a bunch of hot air over nothing... but can't be sure until they say something. I'm betting that'll be as soon as someone wakes up their web admin (poor guy).

 

[Eden Tosh]

Yep.

And my opinion is that it's an ad-display partner that's infected, not newegg. So it's probably all a bunch of hot air over nothing... but can't be sure until they say something. I'm betting that'll be as soon as someone wakes up their web admin (poor guy).

Yeah, I was surprised that there was a thread already open about this 10 minutes after I started getting this issue. Quick response from the user base for Newegg, I guess.

 

[R-T-B]

Seems to have went away for me.

 

[Maban]

I had this happen earlier on my tablet. It automatically downloaded.

 

[R-T-B]

I had this happen earlier on my tablet. It automatically downloaded.

Good thing most tablets are linux/android ARM and it's an exe.

 

[remixedcat]

@Jetster are you in portland w cumcast?