ausgumbie

Members
  • Content count

    40
  • Joined

  • Last visited

About ausgumbie

  • Rank
    New Member
  1. Hi all Just came across the thread below (Not sure if what's now displaying was meant to happen - I just pasted the url and ... ). Anyhow, thought I'd start a new thread rather than tag onto the previous. My experience seems similar to the other thread's OP. I was researching an apparently innocuous topic (ancient Greek roads in Attica). I started exploring links from a page (A GIS-BASED STUDY OF ATTICA) on the bordersofattica.org website. The further pages I tried to access, I assume, were all in that website. MBAM threw up a number of Malicious Website Blocked alerts. I checked these and found only one IP address* referenced (*212.27.63.106) although there were a number of blocks. I checked that address (on Central Ops net). That didn't enlighten me. Then, possibly like thais, I googled the address. This produced many links, one of which was "The Anti Hacker Alliance fights against 212.27.63.106". I clicked on this link, and first came to (I've left off the http bit deliberately) "//anti-hacker-alliance.com/index.php?ip=212.27.63.106". That page seemed to load successfully, but then it suddenly 'flipped' to a page "//www.validome.org/lang/en/get/http://212.27.63.106". At this point I think MBAM again threw up a couple of popups announcing further blockages. (On VirusTotal, Yandex Safebrowsing called the "Anti Hacker Alliance" a Malware site. The "Validome" url had no bad reports). The flip to the "Validome" page worried me as further googling didn't seem to establish a connection between "The Anti Hacker Alliance" and "Validome" so I don't know if this was a valid redirection. I'll attach a (composite) screenshot of the "Validome" page below. I gather MBAM thought loading the "Validome" page was an attempt to access the malicious site. I looked at the protection log again (an MBAM threat scan had been running at the time) and noted there were 3 "outbounds". There had been 2 when I first checked after noting the alert popups, but I subsaequently re-launched the "Validome" page from Firefox memory to get the screenshots. I've kept the Threatlog and Protection Log if they're needed. Help appreciated ausgumbie
  2. Hi all This has been pointed up in other places but it probably doesn't hurt in the retelling for any upgrading to Windows 10. I received this from staysmartonline (Aust. Govt.) to which I subscribe: "Fake Windows 10 update leading to ransomware attack: Alert Priority High Ransomware disguised as an installer of the new Microsoft Windows 10 operating system is encrypting Australian user and business computers. The ransomware resides in an email that claims to be from Microsoft which offers a free upgrade to Windows 10. The email contains a zip file attachment, which contains a program labelled as the Windows 10 installer. However, if you run this program, it will encrypt any important files, including Word documents and photos on your computer. If you receive an email offering a free upgrade to Windows 10, we advise that you delete the email and do not open it or any attachments. Windows users interested in upgrading their computer can register via Microsoft’s official website. Windows 10 updates will then be facilitated by a program on your computer, not via an email offer." And so on. The word is certainly out there although some (like me) twig to it a bit slower than others. This post is for them. See, e.g.: https://www.google.com.au/?gws_rd=ssl#q=windows+10+ransomware+alert Cheers ausgumbie