Something not right when I posted at GIMPusers ....

lylejk · **Joined:** Sep 24, 2010 **Posts:** 12780

... a few minutes ago. I got hit with a Vundo like phishing attack. I killed the sandbox and then when I re-opened GIMPusers, I was able to post a response, but I have no explanation about how this happened at GIMPusers (remember, I'm sandboxed). Not sure if anyone else experienced such a phishing attack at GIMPusers, but close your browser immediately if you do. Still just plain weird (hence my post). Not sure who to contact at GIMPusers but maybe someone here might know a contact so I can ask them if they are aware of this. Be cautious folks is all I can say.

Rod · **Joined:** May 16, 2010 **Posts:** 16042

Thanks for the heads up Lyle.I haven't had such an occurence yet.
I do not visit GimpUsers unless i get an email from them. (forum, or announcement.)

ZWard117 · **Joined:** Jan 20, 2012 **Posts:** 583

Dead forums (or on their way) get hacked and crap like this a lot. Not so uncommen.

lylejk · **Joined:** Sep 24, 2010 **Posts:** 12780

I've visited the site a few more times since and no apparent issue. I wonder if I accidently clicked on a rogue advertisement when I was at that site and that caused the phishing attack. I've heard that this was quite a common way for virus spreaders to do their dirty work. Anyway, I do hope whatever caused this got cleared up. GIMPuser's may not be the most popular site, but they do get GIMP happenings shared first for the most part.

ZWard117 · **Joined:** Jan 20, 2012 **Posts:** 583

Like I said it happens, but I have a feeling you are more than likely right about the ad

Rod · **Joined:** May 16, 2010 **Posts:** 16042

lylejk wrote:

I've visited the site a few more times since and no apparent issue. I wonder if I accidently clicked on a rogue advertisement when I was at that site and that caused the phishing attack. I've heard that this was quite a common way for virus spreaders to do their dirty work. Anyway, I do hope whatever caused this got cleared up. GIMPuser's may not be the most popular site, but they do get GIMP happenings shared first for the most part.

I agree Lyle! I like having them send me email information hot off the press.

Could possibly have been an actionscript file embedded in a flash ad. But who knows.
I thought GimpUser website checked all their rollover ads for malware. Was it trying to change your home page or add a toolbar? Any idea what it was trying to do?

lylejk · **Joined:** Sep 24, 2010 **Posts:** 12780

No; it popped up a messaging saying your PC is infected and to click here for a scan (again, the classic Vundo phishing scam). Definitely wasn't expecting this to happen at GIMPUsers. Has happened to me before (remember the Skulls discussion I had a while back). Drivebys can happen to any site; so many folk who have way too much time on their hands to find exploits unfortunately. It's not happened since so hopefully it got nipped in the bud over there at GIMPUsers.