Dodgy ad banners?

Starting today, I’ve been seeing some weird behaviour from the ad banners here, including firing up Java but not actually doing anything, causing the “do you want to resubmit this form data?” when going back, and an attempt to run something with an unsigned certificate from “”, which is clearly not associated with Google.

Anyone else seeing these, in case it’s just a local browser hijack?

I haven’t seen any of that. What browser are you using?

Yeah, I’ve had java start up on me a couple times today for no reason. Probably related.

Yes, I’m seeing a Certificate Trust message in Firefox from the dodgy google-wannabe site. I just keep hitting “No, don’t trust” and moving on. I’m not sure which ad banner is causing it.

I got a prompt to install Java for Chrome today. Weird.

same thing happened to me when I was typing a post earlier today.

Tom’s loggin’ your keyz.

It hasn’t reoccurred recently, so I guess some shady banners snuck into Google’s network and were taken care of shortly thereafter.

Or maybe that’s what the rootkit wants me to think…

Edit: Argh, started happening to me again as soon as I got home, on my Mac too.

It happened to me around 6:20pm EST. One of the banners was popping up that security certificate thing.

That’s really weird, you’d think google would be above that kind of nonsense… although I guess now and doubleclick isn’t above grinding up bleached baby bones to make flour for their daily bread.

If it keeps happening I guess send tom a PM.

They are back. Page loads, no visible ad, but Java is running and doing something.

Not a fan of this. Not a fan of this at all.

Havn’t had anything pop up yet on my home or work machine. Both use internet explorer if it makes a difference.

I just had Java start up for no apparent reason and then a status bar notification from Google telling me that something tried to change my default search settings and it blocked it from happening.

Some fucked up shit is afoot here.

I got the same thing, multiple stacked (10+) security permission request pop-ups from “Security CC LTC”. The only thing open was the new posts page from Qt3, with a blank ad banner.

That’s shady stuff right there.

There have been Java exploits that let an applet get native access to your system, though I think they were in older versions of the JRE so you should be fine if you’re up-to-date. It’s extra-suspicious that the Java appears to be going ahead and running for some of you, though; it’s been blocked by an untrusted certificate prompt for me.

I’m turning off in-browser Java anyway, just to be safe, as I don’t think I’m using it anywhere anyway.

I’m getting the same thing on Windows XP with Chrome.

Yep. Have been getting the same frequently today. Really annoying, as it spams the Firefox warning dialog constantly until you manage to reload the page so that some other ad appears.

Don’t worry, you can’t get a virus just surfing the Internet. ;)

This has been happening to me too but while my pages were minimized, not the selected window, etc. I assumed it was some sort of really transparent spyware and I’ve run Spybot S&D like 3 times now. Never connected it with Qt3’s banner ads.

According to this, it looks like this is happening all across google adsense. I would hope google fixes it soon. Until then, don’t accept the security warnings.

I can’t replicate it, even when refreshing a couple dozen times, so I dunno. Maybe your machine is trojaned.