On separate computers (one being my work machine where a handful of measure are taken to prevent malware) I have experienced a redirect to a couple of domains attempting to phish credentials. Other users seem to have experienced this as well.
It is of course entirely possible that my computer has been infected prior (or other user error), but please consider the possibility as well that STEP may be serving some content/script that may be causing this.
An example of what occurs:
- I search (generally with DuckDuckGo) for something that I care about on the STEP forum, such as DynDoLod resources. https://duckduckgo.c...e&t=ffab&ia=web
- I click on a link that I can see takes me to http://forum.step-pr...ll-update-post/
- After clicking that link, I (used to, see bottom) get redirected to http://q54w.redirect...et/?nihifa=flow
- Which in turn redirects me to http://x0z01i16003.i...OCkgMjg2LTY1ODU
- The above links can create a bunch of awful noise and will ask you for credentials, I don't recommend clicking them. That said, you can visit them and because you're not downloading / executing random code from the internet, it's not the end of the world.
To prevent this from occurring again, I have modified my HOSTS file to not allow those two domains to resolve.
0.0.0.0 q54w.redirect00002.net 0.0.0.0 x0z01i16003.info
A full description of HOSTS file modifications is available at https://www.howtogee...our-hosts-file/
So to the admins I ask that you take a bit of time to review how this may be occurring and take steps to address it.