I received an email from classmates.com today... and it contains some misinformation
The email said (my comments are in bold):
"Thank you for contacting Classmates. I can understand your frustration and will do my best to address your concerns.
Thank you for letting us know that your experience on Classmates.com was interrupted. We always want to know if someone abuses the trust you have in Classmates so that we can remedy the situation as soon as possible.
We’re continuing to investigate this incident. Here’s what we know to date:
One of the advertisements on Classmates.com included some hidden code that allowed a deceptive ad to piggyback along with it. When someone clicked a link on Classmates.com or in an email from Classmates, the deceptive ad imitated their computer’s functionality, trying to mislead them into downloading some software.
Sandi: There was not one advertisement - I identified three distinct advertisements being:
It was **NOT** necessary for somebody to "click[ed] a link on Classmates.com". The hijack occurred immediately one of the malicious advertisements was displayed on a victim's computer (assuming the computer met certain country, IP and timezone requirements as set by the fraudsters) and no user interaction was required.
If a user was hijacked by clicking on a link in a classmates.com email, I can only assume that clicking on that link loaded a classmates.com web page which then displayed the malicious advertisement.
Again, NO USER INTERACTION IS REQUIRED to trigger a redirect - all that is necessary is for the advertisement to be displayed on a victim's computer (assuming the computer met certain country, IP and timezone requirements as set by the fraudsters).
Classmates did not send you a virus or try to mislead you into downloading anything. The advertiser in question violated our terms of service and we have removed the ad from our site.
Sandi: I can only hope that all *three* advertisements were removed, not just one.
I also hope that they (as in United Information) also removed:
Because the deceptive ad popped up after clicking a link in an email from Classmates, some users believed they received a virus from our email. This is not the case. None of our email products included a virus.
Classmates.com should now function normally for you. We’re sorry if this caused you any inconvenience. We’re doing everything possible to keep this from happening again.
Thank you for your cooperation and patience. As always, please let me know if I can be of further help.
Classmates Member Care Lead