Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop

Discussion in 'malware problems & news' started by ZMsiXone, Jun 3, 2019.

  1. ZMsiXone

    ZMsiXone Registered Member

    Joined:
    Mar 30, 2017
    Posts:
    293
    Location:
    EUROPE/poland/germany
    https://www.bleepingcomputer.com/ne...hit-by-malicious-ads-that-blockers-wont-stop/
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,733
    Location:
    U.S.A.
    As shown in the bleepingcomputer.com article, Eset's Web Filtering protection that scans web page javacript code will protect you from most of this crap.
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,690
    Location:
    Hawaii
    I believe that free browser add-ons uBlock Origin & Trace will block all connections to known advertising networks and malicious sites. Right? So, also, will free add-on "Emsisoft Browser Security." Right?
     
  4. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    According to ghacks:
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,690
    Location:
    Hawaii
    @TonyW - neither you nor ghacks dealt with the well-known, powerful add-ons I mentioned. ghacks sometimes plays the part of Chicken Little, IMO.
     
  6. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    @bellgamin, I personally use uBlock Origin, but I don't know if I can answer your original question.

    I was providing another source's take on the subject. I apologise if it was the wrong choice.
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,690
    Location:
    Hawaii
    No problema, Tony. I just hope uBO really IS up to dealing with this sort of stuff.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,172
    Location:
    Among the gum trees
    As noted in the article, the ad is shown in a Windows app, so uBO can't help. That's where AdGuard for Windows, AdGuard DNS and BlackFog Privacy may help.
     
  9. guest

    guest Guest

    UBO is just browser extension, so very limited.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,690
    Location:
    Hawaii
    @Krusty & @guest & @itman -- 10Q to the nth!!! Reference itman's comment #2 -- are there any other AVs besides ESET that would partly or totally protect from "most of this crap"?
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,441
    Location:
    Here
    Probably any AV that scans internet traffic.
     
  12. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,690
    Location:
    Hawaii
    Hmmm... K7 scans internet traffic & has scored pretty good on protection. It purports to have a behavior blocker. I wonder why so little is mentioned of K7 at Wilders nowadays? K7 reminds me of The Little Engine That Could because they keep entering the tests against the better know AVs, & they keep climbing up. Daring little upstarts, wot? :rolleyes:
     
  13. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,360
    Probably because the detection rate, although quite good, is not as good as for well known antiviruses. The only reason I can think of to use K7, is because it is exceptionally light.

    A lack of customer support doesn't help either.
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,690
    Location:
    Hawaii
    THIS test indicates that, except for FPs, K7 performed as well as (e.g.) Kaspersky, ESET, McAfee. Cheeky little bloke, wot?

    But ... back on topic -- This thread has given me second thoughts about whether I should use a real-time AV. (I regularly do not use one now.)
     
  15. guest

    guest Guest

    If I had to use an AV with traffic scanning, I will go with a business solution like Symantec EP.
     
  16. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,733
    Location:
    U.S.A.
    According to this review, it doesn't perform web filtering: https://www.techradar.com/reviews/k7-antivirus-premium . Also in the last SE Labs Comparative test: https://selabs.uk/download/consumers/epp/2018/oct-dec-2018-consumer.pdf, K7 was the second lowest scorer.

    As far as AV protection overall against this type of redirect activity, it is not sufficient that the solution just perform web filtering. It also has to be able to scan Javascript code via it's injected .dll or the like. This could be problematic with sandboxed browsers employing AppContainer such as Edge and possibly Chrome. Eset doesn't seem to have issues in this regard as far as IE11 and Edge goes. I don't use Chrome since I don't know if issues exist with Eset when Chrome is sandboxed. What I do know is that Eset detects malicious .js code in for example, the browser temp directory cache files. In other words, it's scanning anything Javascript-wise that is downloaded.

    Finally, don't "expect miracles" in regards to this issue with any AV security solution. I have twice been hit with a screen locker web site in the past using Eset. When encountered with a redirect situation related to this issue, the standard and best procedure is just to immediately terminate the browser or source app using Task Manager or Process Explorer/Hacker.
     
    Last edited: Jun 4, 2019
  17. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,547
    If that happened, I first try to go as quick as I can (...) to go to the other room to disconnect the router from the powerline so there is no internet connection anymore, then do things you described, then do some scans, then put back a backup-image.
     
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,733
    Location:
    U.S.A.
    No need for all that with screen lockers. They fall in the scareware catagory. The one I encountered was a blaring horn sound and big red screen stating "call this number", etc..
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,690
    Location:
    Hawaii
    This is good to know! Now I am wondering if using Linux while surfing the internet might be more secure than surfing with Windows + AV?
     
  20. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    Why bother, when you can use Shadow Defender etc :)
     
  21. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,690
    Location:
    Hawaii
    Yes, but where's the fun in that? I already know how to use SD. With Linux, I have a lot to learn & reduced concern about what Microsoft is going to do next in the direction of forced obsolesence.
     
  22. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    LOL ! I know from what you've said in the past that you are a Bit over 21 ;) So good for you that you still want to learn more :thumbd:
     
  23. guest

    guest Guest

    Shadow Defender won't protect against a keylogger in your active shadow session.
     
  24. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    Obviously ! That's why you should a Good Antkeylogger installed
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.