Welcome to ECCIE - Sign up today!

Sasnakra · 09-24-2020, 08:32 PM

When visiting the site just now my browser is popping up a Malware Risk page indicating that crossroadsumc.org may try to install bad stuff and steal my stuff...you know the drill. A WHOIS (snipped below) indicates crossroadsumc.org is Crossroads United Methodist Church. Webpage comes back to xr.church now and not crossroadsumc.org

I'm not overly concerned with safety of my machine as it falls outside of the mainstream haxxor targets, but someone may want to look into this.

Code:

whois crossroadsumc.org
Domain Name: CROSSROADSUMC.ORG
Registry Domain ID: D1007830-LROR
Registrar WHOIS Server: http://api.fastdomain.com/cgi/whois
Registrar URL: http://www.fastdomain.com
Updated Date: 2020-03-07T15:10:53Z
Creation Date: 1998-03-23T05:00:00Z
Registry Expiry Date: 2021-03-22T05:00:00Z
Registrar Registration Expiration Date:
Registrar: FastDomain Inc.
Registrar IANA ID: 1154
Registrar Abuse Contact Email: legal@fastdomain.com
Registrar Abuse Contact Phone: +1.6022262389
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registrant Organization: Crossroads United Methodist Church
Registrant State/Province: Pennsylvania
Registrant Country: US

RocketSurgeon · 09-24-2020, 08:56 PM

We're already aware and looking into it. Regardless, thanks for the report.

TatSx · 09-24-2020, 10:53 PM

I think the malware displays a page saying your version of "chrome is out of date." Then presents you with a download link to install some software.

aNameinGulfport · 09-25-2020, 12:56 AM

Chrome continues with the warning.

https://sitecheck.sucuri.net/results.../www.eccie.net

provides some details referencing a js file from crossroad

Cougarlicious · 09-25-2020, 06:55 AM

Yes it was a big red sign saying Danger on my end, I had to go on Bing to log back on instead of my google
Damn what does the church want??

DesWad · 09-25-2020, 08:54 AM

still happening

berryberry · 09-25-2020, 09:07 AM

Indeed -

Google Safe Browsing recently detected malware on eccie.net. Websites that are normally safe are sometimes infected with malware. The malicious content comes from crossroadsumc.org, a known malware distributor.

If you understand the risks to your security, you may visit this unsafe site before the dangerous programs have been removed.

golard · 09-25-2020, 11:28 AM

Somebody needs to come out and inform everyone of what happened and what exposure occurred. This is serious stuff.

PhantomofTheOpera · 09-25-2020, 03:12 PM

^^^^ They won't and never have, even when the site had a rootkit infection. That is a very serious form of malware which is extremely difficult to remove even if you know what you are doing.

royamcr · 09-25-2020, 03:39 PM

Quote:

Originally Posted by Cougarlicious

Yes it was a big red sign saying Danger on my end, I had to go on Bing to log back on instead of my google
Damn what does the church want??

They want 10% of your fucking income.

biomed1 · 09-25-2020, 05:27 PM

The issue appears to be Browser related.
Information provided to indicates that Google Chrome has had issues of this type for over a year.
FireFox and Safari have not had any issues reported.
I have been using FireFox since day one, and can state that I have not seen the reported messages.

oldheadlight · 09-25-2020, 09:59 PM

It happens with Chrome and Edge (Chrome based, of course.) It just started today for me and I have been online a lot the last few days.

oldheadlight · 09-25-2020, 10:38 PM

I just got a similar message with Opera. My McAfee A/V even jumped on that one and said it stopped a virus even though I did not click on the update message.

aNameinGulfport · 09-26-2020, 03:29 PM

Blaming the browser does nothing to eliminate the problem.

biomed1 · 09-26-2020, 03:45 PM

Not blaming a Browser.
I am passing the information provided to me.

ETA:

The concerns of the Membership have been sent forward for review/action.
I have asked that someone with knowledge of issues of this type respond to the concerns posted in the various forums, including this one.