If you try to login from anything other than a bookmark, you're redirected to a virus site titled

***Edited: reoccurring issue, Lance, see pm's for info.

will call you in a bit

I could only duplicate using Google Chrome. FF & IE work fine for me.

Try MalwareBytes Anti-Malware (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe) run a full scan and see what it finds?

I've also had several people ask me about this on facebook over the past couple of days Mike and Lance. If you go to it from google, you get popups and redirects and all sorts of crap.

It's a Google problem AFAIK. Lance can offer a better explanation than me of what's actually going on. It's nothing to do with UY on our end.

Holy crap! I just signed out and went from google, I couldn't delete popups fast enough. Only did it from google, if I just typed in the address, it was fine. I'm using IE right now.

Could be that your ISP's (or maybe Google's) DNS server has been had. A DNS vulnerability was recently discovered (http://www.kb.cert.org/vuls/id/800113) (July 08) that exploits, or poisons, the DNS's cache. Effects a ton of DNS boxes...

first - thanks for the head's up...

second... i tried it.

i just logged out, went to yahoo and did a search for ultimateyota.com - link worked fine for UY.

typed it in the address bar manually - worked fine.

went to google, searched, clicked on their link and...

our addy pops up in the address bar for a split second, then it's redirected to "GoogleScanners-360" and the warning window pops up. even if you click Cancel, it still redirects and shows a status bar. it looks like it's something on google's site to me, but i most-definitely could be wrong.

the one way that it does is is ONLY if you are logged out though. if you are still logged in, then it doesn't redirect you. if you click the logout button, go back to google and then click the link to UY, you get redirected.

here's my question - if it's truly on our end, then why would it only do this when someone clicks a link in a google search? if our server files were hacked, then wouldn't it work all the time on that link?

either way, it's troubling, it has our attention, and mike and lance (as well as the rest of us) are working on finding out what it is.

No, this is from a very reliable source.


ultimateyota.com has been hacked.
Not your router, not your ISP or DNS, not any machine on your network

It's been redirected to a site that downloads a trojan

In case someone clicked "OK" on one of the fake messages up and installed the Trojan, boot any Windows PCs in Safe Mode and run a current updated anti-virus tool, and go here: http://www.windowsecurity.com/trojanscan/trojanscan.asp

Contact the site owner to inform him that his site has been hacked.



Shane, a big thanks to you for bringing this to our attention so we can resolve this problem. :clap:

Originally I thought it was a DNS related issue but after logging the redirect activity we quickly realized that it was actually originating from within our servers. After a thorough search, we noticed that we had an infected file/code that was maliciously redirecting our google search traffic. To date we're not certain how long this issue has been around but it may have originally happened when we had UY hosted with an outside service. Now that everything is in house on our own servers we can closely monitor all activities and and make sure we stay up and running :)

The issue has been resolved and we will be closely monitoring this issue to make sure there are no recurrence.

Thanks again for everything!

Good news that the file has been isolated and removed, Lance!

THANK YOU SHANE!

Nice NorCal!!!

Good catch and thanks for sticking to your guns when you knew you were right. Better to sound crazy for a bit and be vindicated then to throw your hands up and walk away :good;

Nice job UY crew for fixing it!

Erich

:thumbup: Thanks NorCal!

Thanks UY crew for fixing it! :wrenchin: