possible URL redirect malware on StatCounter

Not open for further replies.
I just experienced a pernicious URL redirect malware problem while browsing my StatCounter site. (I was using Mac Safari browser.) The malware causes the StatCounter page to redirect automatically to another URL, which displays a full screen "MacKeeper" ad, along with a fake popup that encourages you to click a button. (I have seen similar technique used to show fake Adobe Flash Player plug in download popups.) If you see this happen on your computer, do not click the button. Write down the malware URL, close the browser window, erase your browser history (for the last hour), and delete the offending cookie in your cookie preferences. I don't want to name the URL here (to avoid spreading the link) but I am attaching screenshots that show the URL name and ad. The offending URL might be different each time, but I have seen this one before. I believe this malware is delivered via banner ad services on the host website. (I have experienced similar redirect malware problems with banner ad-dependent sites such as eBay, Weather Channel, Weatherunderground, and Talking Points Memo.)

Be careful everyone.

IMG_1157.JPG IMG_1156.JPG
I don't (knowingly) click ads. It's possible I accidentally clicked an ad on another site several days ago, and it got stored as a cookie, but I didn't click an ad on the StatCounter site.

An infected ad server is most likely the culprit. I wish there were a way to notify the ad server company, but it seems we're just at their mercy. I've also seen URL redirect problems on other users' computers related to malicious browser plug-ins that a user unwittingly installs. Removing the plug-in solves the problem (not relevant in my case).
I don't know if you use Chrome as a browser, but I recommend it. It has a lot of built-in protection against visiting malicious sites.
The following part where the users will manage it in such a way can't load xpcom which can be able to proceed it so the user will enhance understand the redirect the malware part.
Last edited by a moderator:
Not open for further replies.