1. Information
>What is happening?Our admin is testing new ad services on the homepage, related pages and archived threads. Some users reported redirects to malicious websites.
>Facts- The ads in question are served from hxxp://
ecpmrocks.com, which allows injecting its own Javascript and is able to redirect and hijack browsers. The script tries to read HTML5 localstorage cookies. The official ad host is Epom Market LTD.
- Traditional ads are served by hxxp://
zkcdn.net, which only serves images.
>Unconfirmed rumors- ECPM may be a legit ad hosting service. However, a simple Google search leads to questionable results, since hackers can inject and distribute malicious scripts.
- Board ads may be infected. The distributor is not injecting scripts, it should be harmless.
- Infected downloads are happening.
>Current SituationServers are sometimes changing; the frontpage may serve ads from hxxp://
bnhtml.com. Said ads are still running scripts.
2. Prevention/Security
>Browsers/Extensions- For enhanced security, it's generally recommended to use a browser that supports extensions. Examples include: Firefox, Chrome.
>Competent ad/script blocking extensions: - uBlock Origin:
https://github.com/gorhill/uBlock#installation An ad blocker that uses a simple point-and-click firewall. You can decide what gets blocked or what goes through.
https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-quick-guideYou may want to whitelist the following: @@||
4chan.org @@||
4cdn.org- uMatrix:
https://github.com/gorhill/uMatrix#umatrixMatrix filter. Block scripts, frames and more.
https://github.com/gorhill/uMatrix/wiki- NoScript, ScriptSafe: Scriptblockers.
>SoftwareYou should always use antivirus software.
If you are infected: Look for tools like MalwarebytesAntiMalware. Ask for help on malware support forums.
3. Actions
>Contact the administrationhttps://www.4chan.org/feedback>Inform othersIf you know any users that post on 4chan, please link them to this thread.
