Well, unfortunately I instinctively closed the redirected site, but I can give a description and a close estimate of the time of the attack, although I don't expect this will be of much use.

1) Longview, TX, USA
2) 08/22/07
3) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
4) N/A
5) [link]
6) Mostly tracking cookies, nothing above TAC 6 (I run Lavasoft Ad-Aware)

The attack in question occurred when I had two tabs open: #LandsOfRP here on Deviantart, and a tab loading my Userpage, when the attack occurred. A javascript notification popped up, when I closed it (with the X, I didn't touch the OK or CANCEL button) it redirected my still-loading userpage to [link].

Hopefully this is enough information.

Oops, forgot the time.. 1:30

Well I just got a Spyware attack as of about 2:45ish I believe and the only site I had open was this one. It tried to install an adultfriend finder on my computer and well redirected me to some spyware thing. I came from the dA front page to the forum page and that is when it happened.

I just signed up specifically to post to this. My wife is a member of this site, although I am not. She reported to me yesterday getting a spyware redirect when clicking on a link on Deviantart. I am an IT professional by profession, so I suspected that she had infected her system somehow. I ran Spybot Seek and Destroy which found a number of malicious cookies and a browser hijack cookie. I asked her where she was when it happened, and she said it was this site.

So, I opened a browser on my desktop and went to deviantart.com and immediately got the browser redirect to a "spyware removal site" (I believe it was winsoftware.com or winspyware.com, but I do not recall exactly, and spybot doesn't keep logs). I ran spybot on my system and it found the same tracking cookies as on hers (and only those, as I usually disallow cookies from my system entirely except when testing something like this, and my system was clean beforehand.)

The browser redirect closed my main browser window, and opened one designed to look like a system tray alert in the lower right hand corner.

I went to my VPN session for work, and using our administrator terminal server, I loaded up deviantart.com, only to have our proxy block the site due to "Spyware/Adware".

While it's tempting, and usually valid, to point at the end users' systems when issues like this arise, I am certain that there is a problem with one of your advertisers doing something naughty.

To those getting these redirects, Spybot Seek and Destroy ([link]) will clean up the aftermath.

4) A screenshot of the page that you were browsing at the time that you experienced the ad with all the ads on the page visible*

This unfortunately won't be possible with this particular issue. This particular ad closes the main browser window (at least it did to my firefox session) and opens a mini-window designed to look like a system tray alert. Clicking anywhere on the window opens a new browser session to the ad's site. I am nearly 100% certain it was winspyware.com (a company known to engage in this sorts of scams).

1) Washington DC area, Virginia (can't be more specific or my mom'll kill me.)
2) yesterday, August 21st. It was pretty late at night, around ten or so. (I can't remember because I forgot to report this earlier.)
3) I have Windows Vista with the latest version of Internet Explorer.
4) I was here [link]. I had clicked on the link to look at the Colored Pencil Tutorial, and instead, got to see this: [link]
5) When I clicked cancel, it redirected me to this: [link]. Now, the first one was semi-convincing, but this told me I have pornographic files on my computer, and I don't. So, definitely not nice.
6) The last spyware scan on my computer (the day before this happened) showed it to be clean and virus free.

--
It's not that I'm in my own little world; it's just that I'm in my own little universe.
Mr. Tumnus=squee!

1. Solon, Ohio, USA.
2. August 23rd at 8:37AM.
3. Firefox
4. [link]
5. No redirection. Clicking cancel got rid of it.
6. I scanned yesterday and found no spyware on my computer.

--
Be aware of my fur before having sex. But I AM a male!


deviantART Numberline

Could you please do me a favor and run SpyBot before you go to deviantart.com? The fact that you actually got to our landing page [link] and *immediately* got the browser redirect is a sign that it wasn't an ad on our site even though it might have been triggered by going to our domain. Our ad partners are reputable networks that also do not allow spyware/adware into their ad mix. As for proxy blocks, we do not know why people categorize us as being spyware/adware as we do not host, sponsor, or even encourage such activities on our site.

--
Anna Acero
Advertising Coordinator
deviantART, Inc.

That exact same pop-up happened to me here on dA late last week. I was browsing the stock gallery pages.

--
Do you want to join in the glorious crusade to cleanse dA of bad digital art, crappy pencil sketches, shameless photos of naked women, and over-popular anime? If so, then by all means check this out right now: [link]

This isn't an ad, it's part of our analytics package that's acting strangely. We're looking into this right now.

--
Anna Acero
Advertising Coordinator
deviantART, Inc.