How in the hell does this happen? I... me... the tech! Got a 1-800 pop-up.

thecomputerguy

thecomputerguy

Well-Known Member
Reaction score
1,367
I installed a new computer for a client and took his old one back to drop in a SSD reformat it and bring it out fresh for a new employee.

I bring the computer back as fresh as can be ... fully updated, Kabuto/Emsi is installed, computer is stand-alone on the network, no domain. I install his basic printers and setup access to a simple shared folder. This company is all web based so workstations don't matter much. I'm doing final touches like setting up an O365 account in Outlook.

I fire up chrome and goto Adobe's website and start downloading DC standard, then open up a chat to sort out some licensing issues. On the other screen sits Yahoo.com (sometimes I go there while I'm waiting for something like a chat reponse so I can see headlines).

I'm sitting there on Adobe chat support and the Yahoo.com homepage, not touching anything at all. Id been waiting for a chat response for about 5 minutes so I'm just sitting there literally doing nothing on two pages. Yahoo.com (STILL HOMEPAGE), and Adobe chat support on a freshly reformatted computer.

The speakers start blaring and I look up and I see this....

malware-jpg.8345


I'm like WTF ... the computer is basically brand new and has nothing on it. HOW THE HELL?

Normally when people call me and tell me they got one of these I halfway think they either don't know what they are doing, they are lying, or just doing stupid stuff. BUT me? On a brand new computer getting one of these sure throws a wrench into my explanation of how people got 1-800 popups. Apparently nowadays you can be doing nothing wrong, or just simply nothing on a computer and get one.
 

Attachments

  • malware.jpg
    malware.jpg
    60.6 KB · Views: 148
I wonder whether yahoo's servers got hacked and is "serving" these pop ups. Luckily they are not real infections, but scareware. But that is just an educated guess based on your description. Frankly I stay away from anything yahoo or aol related at this point.
 
mraikes said:
Doesn't that explain it right there? You're the winner of Yahoo roulette. :)
Click to expand...

Damn I knew ads could be infected but I thought Yahoo would be Ok ... I just like the website because it crams a lot of news into a single page.
 
Shady advertisers on Yahoo (and others) run on the level advertising 99% of the time but these get slipped in just enough to make it hard to figure out which sub-contractor is doing it occasionally.
 
thecomputerguy said:
I installed a new computer for a client and took his old one back to drop in a SSD reformat it and bring it out fresh for a new employee.

I bring the computer back as fresh as can be ... fully updated, Kabuto/Emsi is installed, computer is stand-alone on the network, no domain. I install his basic printers and setup access to a simple shared folder. This company is all web based so workstations don't matter much. I'm doing final touches like setting up an O365 account in Outlook.

I fire up chrome and goto Adobe's website and start downloading DC standard, then open up a chat to sort out some licensing issues. On the other screen sits Yahoo.com (sometimes I go there while I'm waiting for something like a chat reponse so I can see headlines).

I'm sitting there on Adobe chat support and the Yahoo.com homepage, not touching anything at all. Id been waiting for a chat response for about 5 minutes so I'm just sitting there literally doing nothing on two pages. Yahoo.com (STILL HOMEPAGE), and Adobe chat support on a freshly reformatted computer.

The speakers start blaring and I look up and I see this....

malware-jpg.8345


I'm like WTF ... the computer is basically brand new and has nothing on it. HOW THE HELL?

Normally when people call me and tell me they got one of these I halfway think they either don't know what they are doing, they are lying, or just doing stupid stuff. BUT me? On a brand new computer getting one of these sure throws a wrench into my explanation of how people got 1-800 popups. Apparently nowadays you can be doing nothing wrong, or just simply nothing on a computer and get one.
Click to expand...

Twice in the last 5 months I've been setting up a brand new computer, similar event. Except downloading DC and had another page or two open. But don't remember the URL's. Many web sites are a bit leaky when it comes to their partners. My daily driver is OS X but I've also had the same thing popup on my laptop. Of course I'm doing exactly what I tell my customers to not do, leave unused browser tabs open.
 
mraikes said:
Doesn't that explain it right there? You're the winner of Yahoo roulette. :)
Click to expand...
This. Yahoo can't keep their email servers from being hacked twice a year, they are hovering just seconds away from bankruptcy, of course, they have infected advertising. Pick something other than a 1999 reject as your search engine.
 
thecomputerguy said:
I On the other screen sits Yahoo.com (sometimes I go there

I'm like WTF ... the computer is basically brand new and has nothing on it. HOW THE HELL?

Normally when people call me and tell me they got one of these I halfway think they either don't know what they are doing, they are lying, or just doing stupid stuff. BUT me? On a brand new computer getting one of these sure throws a wrench into my explanation of how people got 1-800 popups. Apparently nowadays you can be doing nothing wrong, or just simply nothing on a computer and get one.
Click to expand...


For many years...advertisements have become the mainstream way to infect computers. The mistake is thinking people go visit midget porn sites or warez sites to get infected. Nope. It's been about advertisements for a loooong time. Normal, every day websites subscribe to ad streams. The bad guys get poisoned ads into these ad stream services...and by the time the "bad" ad is found and pulled...thousands of people have driven by.

Can be normal every day legit sites. I've seen them on the local newspaper website. I've seen them on the United Auto Workers website one time I was researching the big gov't buyout...that was how many years ago?

Now..hanging out at Yapoop...only increases your exposure.
 
I recommend uBlock Origin and the free Norton Toolbar in Chrome (Advanced Settings set to "Ask" for many content types like Flash Player). Then if you add OpenDNS in the router and a traditional AV package you are fairly well protected. The idea is to put a few speed bumps in the road so your click-happy javascript gamer has to work at infecting themselves.

And I don't buy the claim that killing ads will hurt the "free" web. They've already killed it by not controlling the content they dump on unsuspecting users. Google started it and Google has the deep pockets to fix it when they get around to it.
 
Yeah, it's the ad networks like Diggs said. They really should monitor their customers more closely. It's a fairly cheap way hackers can widely distribute infected "ads". Maybe if enough people started suing them, they'd spring for the software that keeps that crap out of their network.

MBAM stopped one that tried to jump on my system when I was dumb enough to turn off my ad blocker for one site.
 
I describe the risk to my customers as "compromised ad networks" - all the malicious folks have to do is sneak one bad ad in and it may go onto thousands of PCs before even good automated systems catch it and remove it.

I don't have to worry about people hitting porn sites (because that becomes an HR issue not a technical one...) but the description I heard years ago was "Porn sites want you to be a returning paying customer, they have all the incentive to make sure their sites are clean of malware."
 
thecomputerguy said:
I'm sitting there on Adobe chat support and the Yahoo.com homepage, not touching anything at all. Id been waiting for a chat response for about 5 minutes so I'm just sitting there literally doing nothing on two pages. Yahoo.com (STILL HOMEPAGE), and Adobe chat support on a freshly reformatted computer.

The speakers start blaring and I look up and I see this....
Click to expand...

I assume that was in a new tab that popped up? and this is chrome? so which tab did it appear after, yahoo or adobe?
 
You must log in or register to reply here.

Similar threads

HCHTech
Narrowing down a internet issue
Replies
5
Views
118
YeOldeStonecat
YeOldeStonecat
HCHTech
How to disable laptop screen when connecting a docking station with TWO monitors in Windows 11
Replies
9
Views
689
HCHTech
HCHTech
britechguy
Beware when setting up a fresh copy of Windows 11
Replies
3
Views
246
britechguy
britechguy
thecomputerguy
Client basically told me he's dying and I really didn't know how to respond. How would you?
Replies
9
Views
497
Mike McCall
Mike McCall
britechguy
Misinformation about Win11 24H2 and BitLocker/Device Encryption has begun making the rounds, be aware
Replies
5
Views
1K
Wend
W
Back
Top