Security question

Posted:
in General Discussion edited January 2014
Hi all,



I have a question related to online security. while browsing in Firefox, sometimes when I click on a link from a google search, I am redirected to a "security firm" that purports to be running a scan of my computer. They report that it is infected. I am including a screen shot of their page.



OK, so I can't upload the image. but I can link to it here...

http://picasaweb.google.com/drbuzz77...64117603460434



They seem to report that my computer is infected with what looks like windows trojan and virus. I doubt it. I don't even have windows installed on my computer. Would someone look at this site and tell me what you think. this site has taken over my browser on several occasions. Is this legal?" How do I report them if it is not?



thanks



buzz

Comments

  • Reply 1 of 15
    MarvinMarvin Posts: 14,548moderator
    Quote:
    Originally Posted by ibuzz View Post


    I have a question related to online security. while browsing in Firefox, sometimes when I click on a link from a google search, I am redirected to a "security firm" that purports to be running a scan of my computer. They report that it is infected. I am including a screen shot of their page.



    This is Windows spam. I doubt it's a redirect but it's possible. For example if a domain isn't found, it can redirect you to a different domain. If you use OpenDNS for your DNS servers, it will redirect you to their own search engine for example. I expect that it's just a spam link you clicked and you should just ignore the warning as those viruses/trojans aren't on your machine. You can report spam to the FCC but I think they would only take action if the company acted in an obtrusive way - i.e showing the popup without you clicking a redirect to their site.
  • Reply 2 of 15
    bbwibbwi Posts: 812member
    You probably have a Trojan. One of the only Trojans that is in the wild for Mac. One of the only Trojan that a tool has been created to remove this Trojan. Use the tool below to remove it. Then, since you seem to enjoy your porn, buy an antivirus product for Mac.



    http://www.dnschanger.com



    Then, buy Snow Leopard which helps protect against this and many other security issues for Mac
  • Reply 3 of 15
    ibuzzibuzz Posts: 135member
    Results of the scan: "DNS Changer not detected".



    So now I'm still faced with the question of "Is my computer infected?"



    I don't mind buying some anti virus software to scan for this crap, but what do you recommend for a mac. I do plan on installing windows eventually and I am planning on installing Leopard. Right now, I am still running 10.4. I'm not terribly computer savvy, that's why I love my macs. "They just work". And they are very secure.... normally.



    thanks



    buzz
  • Reply 4 of 15
    MarvinMarvin Posts: 14,548moderator
    Quote:
    Originally Posted by ibuzz View Post


    So now I'm still faced with the question of "Is my computer infected?"



    In as much as what the popup describes no. A web page cannot check your filesystem so it has no way to tell you that. The popup is a generic message that everyone will see.



    The worst that you could have is something that redirects you to that site when trying to visit another. Do you have an example of a link that takes you to the page?
  • Reply 5 of 15
    ibuzzibuzz Posts: 135member
    Quote:
    Originally Posted by Marvin View Post


    In as much as what the popup describes no. A web page cannot check your filesystem so it has no way to tell you that. The popup is a generic message that everyone will see.



    The worst that you could have is something that redirects you to that site when trying to visit another. Do you have an example of a link that takes you to the page?



    I went back and looked at my history just prior to this page. I had done a google search for water filters. the label says "computer scan" and the url is: http://best-antispyware-11.com/scan1...MTU1NQ0NaA%3DM



    The link I clicked just prior to it is: http://www.google.com/url?sa=t&sourc...12r4hsAzSiwiTQ



    when I go to that page now, firefox brings up a dialogue that says it's an attack site. I am not brave enough to go beyond that so I click "get me outa here". I would suspect that i was redirected to this "computer scan" phishing site. This has happened several times in the past. I think each time, I have been clicking links pulled up via a google search, and been redirected. Am I the only one this has happened to? Does that mean I may have some malware installed? It really pisses me off. Or is someone highjacking these sites? This thing takes over my computer by pulling up a dialogue box and no matter what I do, it takes me to this bogus site and "runs" a bogus scan. I can't seem to stop it and have to wait for it to "scan" before I can close the window. did I say that it pisses me off. It can't be a legit firm as no idiot in his right mind would market this way.
  • Reply 6 of 15
    MarvinMarvin Posts: 14,548moderator
    Quote:
    Originally Posted by ibuzz View Post


    when I go to that page now, firefox brings up a dialogue that says it's an attack site. I am not brave enough to go beyond that so I click "get me outa here". I would suspect that i was redirected to this "computer scan" phishing site. This has happened several times in the past. I think each time, I have been clicking links pulled up via a google search, and been redirected.



    It's possible that it wasn't your computer but your router that's been affected. Try putting the OpenDNS server IPs into your DNS list. You can do it on the OS or on the router. The router would mean everyone using it is safe. Try on the OS first to see if it helps. Apple menu > system prefs > network > wifi settings if you use wifi or ethernet if it's wired and type in 208.67.222.222, 208.67.220.220 into the DNS box and hit apply. Then try visiting the link. You might have to flush your DNS cache.



    You can also check if something has modified your hosts file. Open /Applications/Utilities/terminal and type in:



    open -e /etc/hosts



    and copy/paste the contents in your next post.
  • Reply 7 of 15
    Hi ibuzz,



    Well buddy,Other critical patches in the security bulletin for October fix a vulnerability in Windows Media Runtime that could be exploited if a user opened a malicious media file or received malicious streaming content from a Web site or application, and if a specially crafted ASF (Advanced Systems Format) file is played using Windows Media Player 6.4.This is surely will be window spam problem regarding security level.Change the firewall settings and then reboot the system.



    Thanks
  • Reply 8 of 15
    bbwibbwi Posts: 812member
    Quote:
    Originally Posted by ibuzz View Post


    Results of the scan: "DNS Changer not detected".



    So now I'm still faced with the question of "Is my computer infected?"



    I don't mind buying some anti virus software to scan for this crap, but what do you recommend for a mac. I do plan on installing windows eventually and I am planning on installing Leopard. Right now, I am still running 10.4. I'm not terribly computer savvy, that's why I love my macs. "They just work". And they are very secure.... normally.



    thanks



    buzz



    Oh, well thats good. Not sure what's going on with your computer then. You can buy Intego if you're really worried. A better move would be to get Snow Leopard or just Leopard if you're on a PPC.
  • Reply 9 of 15
    ibuzzibuzz Posts: 135member
    Quote:
    Originally Posted by Marvin View Post


    It's possible that it wasn't your computer but your router that's been affected. Try putting the OpenDNS server IPs into your DNS list. You can do it on the OS or on the router. The router would mean everyone using it is safe. Try on the OS first to see if it helps. Apple menu > system prefs > network > wifi settings if you use wifi or ethernet if it's wired and type in 208.67.222.222, 208.67.220.220 into the DNS box and hit apply. Then try visiting the link. You might have to flush your DNS cache.



    You can also check if something has modified your hosts file. Open /Applications/Utilities/terminal and type in:



    open -e /etc/hosts



    and copy/paste the contents in your next post.



    Results of terminal:



    ##

    # Host Database

    #

    # localhost is used to configure the loopback interface

    # when the system is booting. Do not change this entry.

    ##

    127.0.0.1\tlocalhost

    255.255.255.255\tbroadcasthost

    ::1 localhost



    This stuff is way above my pay grade. How do I flush the DNS cache.



    thanks
  • Reply 10 of 15
    ibuzzibuzz Posts: 135member
    Quote:
    Originally Posted by geogexavier View Post


    Hi ibuzz,



    Well buddy,Other critical patches in the security bulletin for October fix a vulnerability in Windows Media Runtime that could be exploited if a user opened a malicious media file or received malicious streaming content from a Web site or application, and if a specially crafted ASF (Advanced Systems Format) file is played using Windows Media Player 6.4.This is surely will be window spam problem regarding security level.Change the firewall settings and then reboot the system.



    Thanks



    I don't think I have windows media player installed. spotlight only shows an installer in the ms office folder.



    are you suggesting I change the firewall settings in the router? what would I change them to? the modem firewall is set to "basic". the other choices are low, medium, and high. OSX firewall is set to on, and allows only itunes music sharing, ichat av, and nework time. I ran a free symantec online security check which resulted in a "safe".



    thanks
  • Reply 11 of 15
    ibuzzibuzz Posts: 135member
    I googled "best-antispyware-11.com and found a couple of references to it being malware. One site called Free PC Security lists it along with about 50 others and had this to say about it.



    "New additions of malicious sites for October 14, 2009 which will compromise your PC Security. Some may contain ?driveby? downloads and are to be considered highly dangerous.



    Also bear in mind that these use ?flux? techniques and may not resolve and disappear from one domain and appear on another.



    These sites WILL harm your computer so it is advised to keep well away from them or add them to your Hosts file so that they are blocked."



    and this: "Newly registered malware domains, many currently redirect to Google and Yahoo and are blacklisted by the following:



    Google ? Google Diagnostic Page

    My WOT ? WOT Score Card

    hpHosts ? hpHosts listing

    MalwareDomainList ? MDL listing

    ZeuS Tracker ? Zeus Tracker listing"



    Does any of this explain how they can hyjack a link that redirects to their bogus site? Should I add it to my hosts file, whatever that is? If so, how would I do that? Any help is appreciated.



    thanks



    Buzz
  • Reply 12 of 15
    MarvinMarvin Posts: 14,548moderator
    Quote:
    Originally Posted by ibuzz View Post


    Results of terminal:



    That's ok, your hosts file hasn't been modified.



    Quote:
    Originally Posted by ibuzz View Post


    How do I flush the DNS cache.



    In OS 10.4, in the terminal you type:



    lookupd -flushcache



    That should clear any redirects after you've adjusted your DNS settings. It seems more like the site itself is the problem though.



    Quote:
    Originally Posted by ibuzz View Post


    Does any of this explain how they can hyjack a link that redirects to their bogus site? Should I add it to my hosts file, whatever that is? If so, how would I do that?



    The hosts file is what you opened in the previous post. It's a list of IP addresses and domain names. So to block a web address, you can type a new line like:



    127.0.0.1 best-antispyware-11.com



    You need higher permissions to edit the file. I don't think it's needed in this case. Like I say, it doesn't seem like you've been redirected but rather the website itself is a malware site and they added one.



    If you see popups for anti-virus software and scanning your PC, close the page and avoid that site. Same goes with sites that ask you to install a video codec to view content. They won't do any harm to your machine on their own.
  • Reply 13 of 15
    ibuzzibuzz Posts: 135member
    Thanks to all who gave their time and expertise to help me.



    A further search of google safe browsing (http://safebrowsing.clients.google.c...spyware-11.com) with the suspect url showed that google has identified the site for malware. I think they are infecting legit sites with a redirect to their phishing site.



    Any how, I don't think my computer is infected. I really appreciate having a mac that is relatively safe. I personally can't understand how the pc world can put up it.



    so thanks again to all.



    Buzz
  • Reply 14 of 15
    Quote:
    Originally Posted by ibuzz View Post


    Thanks to all who gave their time and expertise to help me.



    A further search of google safe browsing (http://safebrowsing.clients.google.c...spyware-11.com) with the suspect url showed that google has identified the site for malware. I think they are infecting legit sites with a redirect to their phishing site.



    Any how, I don't think my computer is infected. I really appreciate having a mac that is relatively safe. I personally can't understand how the pc world can put up it.



    so thanks again to all.



    Buzz



    Quite, Buzz, and that's just one of Macs' advantages of course!



    And you're clearly not the only only one suffering from those bogus 'virus scanner' popups, a.k.a. "scareware": I see them too and so do millions of others http://news.bbc.co.uk/2/hi/technology/8313678.stm. And 85% of those are Windows users of course.
  • Reply 15 of 15
    ibuzzibuzz Posts: 135member
    It is a sad state when criminals can get away with millions without prosecution, because they only take a little at a time. They should shoot a few of them and then that will act as a deterrent. I'll provide the bullets. May be a bit drastic, but effective!



    What I don't understand is, how can they get by the pop-up blocker, and take control of my machine, I can't do anything until I dismiss the dialogue box. Both choices (OK and Cancel) take me to their site, where my machine is held hostage while the run their so called virus scan. If I was a computer programmer, I think I would figure out a way to bomb their site. This is war!



    OK, I feel better having ranted sufficiently.



    Thanks again to all who gave help. Hopefully, others will be warned.



    Buzz



    PS: perhaps this is why macs are flying off the shelves and the stock is up almost $10 today alone.

    sorry I sold mine a while ago. I keep waiting for a pull back but there are none. \
Sign In or Register to comment.