Google Safe Browsing has picked up that there is a problem too as you’ll see from the screenshot below … the infections I have seen hitting a computer after a user visited wikia.com are win64/Sirefef and win32/obfuscator and win32/winwebsec. It happened twice in less than a week – the latest incident occurred just 48 hours ago – and the poor guy hit had to reformat his laptop both times.
I made some preliminary attempts to help the user clean up their computer the second time, but ended up deciding it was quicker, and definitely safer, to reformat both times. I made sure after the second reformat (which I supervised) that security has been beefed up so that he’s less likely to be infected – he made some classic mistakes (running as admin, not updating Flash and Java).
I don’t know if there’s a malvertizement in situ, or if the site itself has been compromised, and won’t have time to investigate further unfortunately. If anybody properly set up to do such investigations wants to take up the mantle, feel free (the twice occurring infection hit a User who is based in Australia, for what it’s worth).
Please, don’t go digging around that site unless you really know what you’re doing – some of the stuff I saw on the infected laptop was *nasty*.
