Computer Systems, Service and Repairs

Malvertising

computer repair wilkes barre

We’re on a bit of an educational push here with the aim of helping Internet users become a bit more aware of the latest tricks that criminals are using to catch you out. Hopefully, this means you will be a bit safer online.

Today’s post takes a closer look at ‘malvertising’. This was covered in a bit of detail in our previous post on Exploit Kits, but as it presents a significant threat to everyday folks, so we wanted to dig into it in a bit more detail.

What is it?

Malvertising is the name we in the security industry give to criminally-controlled adverts which intentionally infect people and businesses. These can be any ad on any site – often ones which you use as part of your everyday Internet usage. It is a growing problem, as is evidenced by a recent US Senate report, and the establishment of bodies like Trust In Ads.

Whilst the technology being used in the background is very advanced, the way it presents to the person being infected is simple. To all intents and purposes, the advert looks the same as any other, but it has been placed by a criminal.

Without your knowledge a tiny piece of code hidden deep in the advert is making your computer go to criminal servers. These then catalogue details about your computer and it’s location, before choosing which piece of malware to send you. This doesn’t need a new browser window and you won’t know about it.

The first sign will often be when the malware is already installed and starts threatening money for menaces, logging your bank details or any number of despicable scams.

computer repair kingston pa

How do they get there?    

It’s common practice to outsource the advertising on websites to third-party specialists. These companies re-sell this space, and provide software which allows people to upload their own adverts, bidding a certain amount of money to ‘win’ the right for more people to see them.

This often provides a weak point, and cyber criminals have numerous clever ways of inserting their own malicious adverts into this self-service platform. Once loaded, all they have to do is set a price per advert, to compete with legitimate advertisers, and push it live.

Why is it a threat to me?

People nowadays are aware of practices that look or feel ‘wrong’ on the Internet, be it odd-looking links, requests to download strange programs or posts on social media which set the alarm bells ringing. The real danger with malvertising is that user judgement isn’t involved at all. People don’t have to click anything, visit a strange website or follow any links.

Rather, you go to a website you trust (like a news site or similar) and the adverts are secretly injecting criminal software onto your computer. This means infections can happen just by browsing the morning headlines, visiting your online dating profile or watching a video.

How do I stop it?

There are a few things which people can do to minimize the risk of being caught out by malvertising:

  • Those reminders to update things like browsers, flash, Java etc? Don’t ignore them.
  • Run a specialist anti-exploit technology (https://www.malwarebytes.org/antiexploit/)
  • There are programs which block advertising that can help

Safe surfing and don’t get caught out!

Custom Computers inc. is the premier provider of computer repair services in the Wilkes Barre / Scranton area and has been serving both home and business users for 21 years now. We specialize in malware and virus removal in our Kingston, PA service center.

 

Tech Support Scammers Go For Porn Shocker

Crooks are making millions of dollars defrauding unsavvy users with fake online tech support. The scam is simple but yet effective and has gone through many variations over time.

Scammers can be very creative, simulating the Blue Screen Of Death (BSOD) or even stealing templates used by security companies.

In their latest iteration, the tech support scammers are going for maximum shock effect by locking people’s browser with a nasty collage of hardcore pornographic pictures in the background.

TechSupport_porn_graphic2

Figure 1: A disturbing set of hardcore pornographic pictures with a “System At Risk” warning.

The page at pc-care365.net/Alert.htm reads:

System At Risk!!
Due to Suspicious activity detected on the computer, Critical errors have been found. Error Code – S1L457.
Call customer technical support and share this code with the agent.
Customer support number- 1-844-709-0775
Call Customer Technical Support at 1-844-709-0775 and share this code with the agent.

These pages and pop-ups always seem to come out of the blue, as you simply browse the net. Then, getting rid of them via the conventional close button is nearly impossible.

loop
Figure 2: The alert message abusing the ‘alert()’ method

Some users might just be frightened to see that their computers could have a bad virus and that they might lose all of their data. Others, desperate to close the page, will call the support number provided on the pop-ups.

Going for pornographic material is not entirely surprising. Traditional ransomware has done that long ago already in some cases going as far as displaying child pornography on the user’s device.

This tactic can be quite effective since anyone caught with this on their screen will most likely feel embarrassed enough not to reach out for help with a friend or IT guy, and instead follow the on-screen instructions which involve calling a toll-free number.

Unfortunately, the toll-free number will redirect to one of many boiler rooms filled with agents often pretending to be Microsoft Support. They will ask the victim to download a program that will allow them to remotely access and control the computer.

techsupportandpornx

Figure 3: The remote technician does his sales pitch, not really bothered by what’s on screen

What follows next is the typical snake-oil sales pitch (your computer has viruses, infections, etc.) for a pricey and bogus online ‘Microsoft support service’. For the unlucky ones, identity theft and destruction of their data and computer can also happen.

These fake and scary pages all exploit the same design in JavaScript allowing long or infinite loops to prevent from closing the page. As long as it exists, more and more people are going to defrauded of their hard-earned money by these miscreants.