The Steel Guitar Forum Store 

Post new topic How does this happen?
Reply to topic
Author Topic:  How does this happen?
Brint Hannay

 

From:
Maryland, USA
Post  Posted 28 Dec 2017 12:17 pm    
Reply with quote

Today, shortly after turning on my computer and opening Firefox,suddenly the whole screen went bright red, with text supposedly from Firefox urgently "alerting" me that my computer and personal data were at risk, with a female voice with normal American accent urging the same message. It wanted me to call the 877 number on the screen immediately--"Don't waste your time"--to get instructions on removing something like "Adaware Spyware Virus". Though the speaking voice was free of language errors, the written page still had noticeable points of un-idiomatic or ungrammatical English.

Now, everything about this struck me as bogus, and I simply closed the page, closed and restarted Firefox, and ran a Trend Micro Full Scan, which detected no threats.

But what I wonder is, how did this find its way onto my screen? Should I worry, or is the problem entirely external to my computer?
View user's profile Send private message Send e-mail

Dave Potter

 

From:
Texas
Post  Posted 28 Dec 2017 12:30 pm    
Reply with quote

Agree, that sounds a lot like a thinly-disguised phishing attempt; something's running that you don't want, and needs to be removed. I wouldn't be satisfied nothing's there from just the Trend Micro scan.

If it does that again, I'd be looking to see what's on the location bar, or maybe in your Firefox History, for the source (the url), and then trying to find out what I could about it using a WhoIs Lookup, as well as Googling it to see what's out there on the net about it. I'd also check Firefox settings to see if something's redirected your startup page.

Good luck.
View user's profile Send private message

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 28 Dec 2017 2:50 pm    
Reply with quote

The bogus tech support pop-overs are entirely browser based JavaScript attacks that are delivered via poisoned ads or compromised PHP driven websites (e.g. WordPress).

It may take some detective work to figure out whether the attack came from an ad network on the page, or the website itself. I use Firefox's View Page Source to see if there is a breadcrumb when I detect a browser based attack (or if one is blocked by Malwarebytes).

There are abuse reporting options available if you can actually identify a compromised or hostile website or server.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 28 Dec 2017 2:54 pm    
Reply with quote

I have noticed that Malwarebytes 3.x is the first to detect and block most browser based attacks, especially tech support scams and links to exploit attack kits.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website

Brint Hannay

 

From:
Maryland, USA
Post  Posted 28 Dec 2017 5:02 pm    
Reply with quote

But is is it an attack or only an attack attempt? That is, if I didn't respond to it does the fact that I got the pop-over nevertheless mean my computer is already infected with something?
View user's profile Send private message Send e-mail

Clyde Mattocks

 

From:
Kinston, North Carolina, USA
Post  Posted 28 Dec 2017 8:28 pm    
Reply with quote

I used to get that one. It smelled. I just ignored it.
_________________
LeGrande II, Nash. 112, Harlow Dobro
View user's profile Send private message Send e-mail

Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 28 Dec 2017 9:54 pm    
Reply with quote

Brint Hannay wrote:
But is is it an attack or only an attack attempt? That is, if I didn't respond to it does the fact that I got the pop-over nevertheless mean my computer is already infected with something?


In the past, fake virus alerts were caused by an already present Trojan. The current tech support phone-in scam does nothing if you close your browser as soon as it appears. It is a page overlay loaded by JavaScript when you are served a poisoned ad, or there is a link to an exploit server at the bottom of the page. Closing it should delete that script.

To be safe, run CCleaner immediately after closing the browser, flushing out the browser's cache (default setting). This will flush out any malicious scripts that might be lingering. It also deletes any executables that were dropped into your local user's Temp directory.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website


All times are GMT - 8 Hours
Jump to:  

Our Online Catalog
Strings, CDs, instruction,
steel guitars & accessories

www.SteelGuitarShopper.com

Please review our Forum Rules and Policies

Steel Guitar Forum LLC
PO Box 237
Mount Horeb, WI 53572 USA


Click Here to Send a Donation

Email admin@steelguitarforum.com for technical support.


BIAB Styles
Ray Price Shuffles for
Band-in-a-Box

by Jim Baron
HTTP