INSTRUCTION STRINGS ACCESSORIES MUSIC LINKS
 Visit Our Catalog at SteelGuitarShopper.com for Steel Guitars, Strings, Instruction, Music and Accessories 
Forum Index
where steel players meet online
The Steel Guitar Forum

Back from SWSGA - The SGF Store is Now Open
for Business at SteelGuitarShopper.com



Post new topic How does this happen?
Reply to topic
Author Topic:  How does this happen?
Brint Hannay


From:
Maryland, USA
Post Posted 28 Dec 2017 12:17 pm     Reply with quote

Today, shortly after turning on my computer and opening Firefox,suddenly the whole screen went bright red, with text supposedly from Firefox urgently "alerting" me that my computer and personal data were at risk, with a female voice with normal American accent urging the same message. It wanted me to call the 877 number on the screen immediately--"Don't waste your time"--to get instructions on removing something like "Adaware Spyware Virus". Though the speaking voice was free of language errors, the written page still had noticeable points of un-idiomatic or ungrammatical English.

Now, everything about this struck me as bogus, and I simply closed the page, closed and restarted Firefox, and ran a Trend Micro Full Scan, which detected no threats.

But what I wonder is, how did this find its way onto my screen? Should I worry, or is the problem entirely external to my computer?
View user's profile Send private message Send e-mail
Dave Potter


From:
Texas
Post Posted 28 Dec 2017 12:30 pm     Reply with quote

Agree, that sounds a lot like a thinly-disguised phishing attempt; something's running that you don't want, and needs to be removed. I wouldn't be satisfied nothing's there from just the Trend Micro scan.

If it does that again, I'd be looking to see what's on the location bar, or maybe in your Firefox History, for the source (the url), and then trying to find out what I could about it using a WhoIs Lookup, as well as Googling it to see what's out there on the net about it. I'd also check Firefox settings to see if something's redirected your startup page.

Good luck.
View user's profile Send private message
Wiz Feinberg


From:
Mid-Michigan, USA
Post Posted 28 Dec 2017 2:50 pm     Reply with quote

The bogus tech support pop-overs are entirely browser based JavaScript attacks that are delivered via poisoned ads or compromised PHP driven websites (e.g. WordPress).

It may take some detective work to figure out whether the attack came from an ad network on the page, or the website itself. I use Firefox's View Page Source to see if there is a breadcrumb when I detect a browser based attack (or if one is blocked by Malwarebytes).

There are abuse reporting options available if you can actually identify a compromised or hostile website or server.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website AIM Address
Wiz Feinberg


From:
Mid-Michigan, USA
Post Posted 28 Dec 2017 2:54 pm     Reply with quote

I have noticed that Malwarebytes 3.x is the first to detect and block most browser based attacks, especially tech support scams and links to exploit attack kits.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website AIM Address
Brint Hannay


From:
Maryland, USA
Post Posted 28 Dec 2017 5:02 pm     Reply with quote

But is is it an attack or only an attack attempt? That is, if I didn't respond to it does the fact that I got the pop-over nevertheless mean my computer is already infected with something?
View user's profile Send private message Send e-mail
Clyde Mattocks


From:
Kinston, North Carolina, USA
Post Posted 28 Dec 2017 8:28 pm     Reply with quote

I used to get that one. It smelled. I just ignored it.
_________________
LeGrande II, Nash. 112, Harlow Dobro
View user's profile Send private message Send e-mail
Wiz Feinberg


From:
Mid-Michigan, USA
Post Posted 28 Dec 2017 9:54 pm     Reply with quote

Brint Hannay wrote:
But is is it an attack or only an attack attempt? That is, if I didn't respond to it does the fact that I got the pop-over nevertheless mean my computer is already infected with something?


In the past, fake virus alerts were caused by an already present Trojan. The current tech support phone-in scam does nothing if you close your browser as soon as it appears. It is a page overlay loaded by JavaScript when you are served a poisoned ad, or there is a link to an exploit server at the bottom of the page. Closing it should delete that script.

To be safe, run CCleaner immediately after closing the browser, flushing out the browser's cache (default setting). This will flush out any malicious scripts that might be lingering. It also deletes any executables that were dropped into your local user's Temp directory.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Acronis True Image | Trend Micro Security | MalwareBytes
View user's profile Send private message Send e-mail Visit poster's website AIM Address

All times are GMT - 8 Hours
Jump to:  

Our Online Catalog
Strings, CDs, instruction,
steel guitars & accessories

www.SteelGuitarShopper.com

Steel Guitar Music
Instrumental steel guitar CDs for your permanent collection
www.SteelGuitarMusic.com

BIAB Styles
Ray Price Shuffles
for Band-in-a-Box

by Jim Baron

Please review our Forum Rules and Policies

The Steel Guitar Forum
148 South Cloverdale Blvd.
Cloverdale, CA 95425 USA

Support This Forum

advertisement