Remote Support - Articles - Billing - Programs - Testing - About Me - Contact

"I was surfing the web, then all the sudden a window pops up telling me my computer is infected and I needed to call a number! It won't let me close the window!

 

I'm getting these calls almost daily now. Don't worry, all you have to do is restart windows (restart the computer).

Click START (bottom-left), click SHUT DOWN. Even if the hard-to-close window tells you not to - do it anyway. It's just a scam. If you can't figure out how to turn your computer off, tap the power button.

If you were to call the phone number, they would try to convince you to give them your credit number and/or run a program that allows the scammer to connect to your computer so they can do God knows what.

The reason it's hard to close the window is because the scammers are using javascript to open a new window every time you close it. Javascript is a very powerful programming language used by almost all websites now, so disabling it would cause most websites to malfunction. Using UAC and SRP will not protect you from websites that use malicious javascript. However, javascript does not have the ability to read or write your documents or music or pictures or email, it can just be annoying.

Most people don't know what mistake they made to arrive at the scam ad. I'm not usually able to tell them what mistake they made either, but here is one example I was able to capture:

1. The user opened Internet Explorer and went to www.yahoo.com

2. The user searched for "google"

3. Yahoo returned the search results with www.google.com being the first result, but above the search results is where the sponsored advertising is, and this advertisement was purposely disguised as a link to www.google.com but was actually a link to the scammer's website.

4. The user didn't notice this was an advertisement as opposed to the search results, and clicked it.

5. Clicking the ad took the user to the scammer's malicious website which triggered the hard-to-close javascript ad.

 

Best practices to avoid this include:

Don't search for a website if you already know the address. It's safer to use Favorites/Bookmarks to save frequently visited websites. You should only use a search engine when you don't know where you want to go.

Use the address bar at the top to type things like:
www.google.com
www.jshipp.com
www.ouachitacountysheriff.org

Use search engines for things like:
funny cat videos
john shipp camden ar
sheriff ouachita county arkansas

If you do use a search engine, be aware of which part of the search results is sponsored ads, and which part is the actual search results. If a website is so desperate for visitors that they have to pay search engines to be included in the results, then the site probably isn't as relevant to what you searched for. Websites that are relevant to your search query will appear in the search results without the website having to pay the search engine.

Don't depend on search engines because the search results can change at any time. Just because searching for "farmers bank camden" takes you to myfbtbank.com one day doesn't mean it will take you there the next day. Search engines are constantly revising their databases. It's better to make a favorite/bookmark to myfbtbank.com

Yahoo inserts advertisements into the search results because they make money from selling the ads. Yahoo makes an honest attempt at making sure the ads are not malicious, but Yahoo's screening process can be fooled. Google and Bing and all other search engines that insert advertisements in their search results are vulnerable to the same tricks. The search results can also contain links to malicious websites because the words in your search query match up with words in the malicious website, and the search engine isn't intelligent enough to notice the website is evil. When you use a search engine, you are trusting the engine's ability to suggest addresses that are not owned by evil people, and this is something that will never be technically possible.

Search engines are not the only ones to blame for malicious ads. Websites like homedepot.com also accept money for ad space on their website. When you view homedepot.com, the first thing your computer downloads is the content from home depot's web server, but then it loads whatever additional content that the webpage links to, which is going to include some ads, and those ads aren't usually stored on home depot's server, they are usually stored on 3rd party advertiser's servers in order to take some load off home depot's servers, but sometimes those 3rd party servers get hacked and become malicious. Home depot's website operators don't notice this until visitors point it out to them, so it takes some time for the malicious ads to be removed. Msn.com actually links to over 100 3rd party servers just by viewing their front page! If any one of these servers turns malicious, you become a victim!

Using a good ad-blocker will stop your browser from communicating with a lot of the 3rd party ad servers. This hurts the website's revenue, so some sites detect that you are blocking their ads and try to get you to unblock them. It's a hot topic between the advertising companies and security advisors. It's in the user's best interest to block ads, but it's in the website's best interest to display ads from 3rd parties.

I recommend using Google Chrome with "UBlock Origin" ad blocker.