Announcement

Collapse
No announcement yet.

Malvertising

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Malvertising

    Malvertising is scarey!

    These occur while computer is idle (no browsing needed)
    Category Domain Type IP Address Port File
    Malware, N/A,Inbound connection, 69.197.154.2, 445 Earlier AM
    Malware, N/A,Inbound connection,37.49.225.84 7:40 AM

    https://blog.malwarebytes.com/101/20...-malvertising/


    I was viewing PowerBASIC forum when last one came in!
    These are being caught by MalwareBytes in real-time.
    Last edited by Mike Doty; 31 Dec 2018, 07:43 AM.
    https://duckduckgo.com instead of google

  • #2
    This looks like a false alarm, at least not related to PowerBASIC, as the forum hasn't any (external) ads on display (as far as I can tell from my blockers and a glance at the page's source code) that may be used to spread malware.

    Comment


    • #3
      Originally posted by Knuth Konrad View Post
      This looks like a false alarm, at least not related to PowerBASIC, as the forum hasn't any (external) ads on display (as far as I can tell from my blockers and a glance at the page's source code) that may be used to spread malware.
      I think that once you have been affected, it is able to pull ads on any page viewed.
      The world is strange and wonderful.*
      I reserve the right to be horrifically wrong.
      Please maintain a safe following distance.
      *wonderful sold separately.

      Comment


      • #4
        It goes beyond pulling ads. They can log your keystrokes.

        Please read everything here:
        https://blog.malwarebytes.com/101/20...-malvertising/

        Without your knowledge a tiny piece of code hidden deep in the advert is making
        your computer go to criminal servers. These then catalogue details about your
        computer and its location, before choosing which piece of malware to send you.
        This doesn’t need a new browser window and you won’t know about it.

        The first sign will often be when the malware is already installed and starts
        threatening money for menaces, logging your bank details or any number of despicable scams.

        Important:
        Malwarebytes does not do a complete scan on computer unless custom scan is selected and then select drives(s).
        https://duckduckgo.com instead of google

        Comment


        • #5
          Originally posted by Kurt Kuzba View Post

          I think that once you have been affected, it is able to pull ads on any page viewed.
          That doesn't change the fact that (as far as I can tell by the means available to me) there's no external references*) in the HTML of a PB forum message. Therefore the PB forum can't be the culprit, as implied by the first post. PB's forum may very well be affect, if the user in question has caught that malware elsewhere and it injects itself locally into every web page browsed by the infected user/machine.

          *) Other than external links posted by the users

          Mike Doty : I'm very well aware how these kind of malware works. The "tiny piece of code" you're referring to is some injected Javascript. Something one can easily defeat by using Script & ad blockers**).

          **) Besides being annoying, that's the main reason why putting web ads provided by 3rd parties onto your side is such a stupid and irresponsible thing to do.

          Comment


          • #6
            Originally posted by Knuth Konrad View Post

            That doesn't change the fact that (as far as I can tell by the means available to me) there's no external references*) in the HTML of a PB forum message. Therefore the PB forum can't be the culprit, as implied by the first post. PB's forum may very well be affect, if the user in question has caught that malware elsewhere and it injects itself locally into every web page browsed by the infected user/machine.
            That is correct. If you are getting annoying ads on the PowerBASIC website, then you are being messed with.

            The world is strange and wonderful.*
            I reserve the right to be horrifically wrong.
            Please maintain a safe following distance.
            *wonderful sold separately.

            Comment

            Working...
            X