diether

Ominous screen showed in Chrome

Recommended Posts

This morning 12/13/2017 I was checking Yahoo mail, when a Warning screen and acoustic warning showed (full screen). I aborted Chrome as task, because I did not want to click the offered protection option, and after relaunching Chrome I checked the browser history, and found the latest unexspected entries as:

165.227.123.195

curationservices.com

adverrd.global.ssl.fastly.net

Does anybody know anything about those sites?

 

Share this post


Link to post
Share on other sites


Similar to these ?

I have created a 1series of videos generated from these fraud sites for the purposes of recognition and education.  They are all  videos from real web sites.  ALL are FRAUDS.

All these have one thing in common and they have nothing to do with any software on your PC.  They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened.  From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds.

MalwareScam.wmv
MalwareScam-1.wmv
MalwareScam-2.wmv
MalwareScam-3.wmv
MalwareScam-4.wmv
MalwareScam-5.wmv
MalwareScam-6.wmv

I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf

Reference:   
US FBI PSA - Tech Support Scam



1.  Also located at "My Online Security" - Some videos of typical tech support scams

 

Share this post


Link to post
Share on other sites

David. Thx. This is the kind of situation, I encountered this morning. I do not have detauls, because I terminated my Chrome Browser through the Task Manager ASAP. Diether

Share this post


Link to post
Share on other sites

yw.gif.a247c38881cbf1c8de95ea56a3910128.gif

You only provided Domains.  If the fully qualified URLs are known and can be verified as being a FakeAlert, they/it can be submitted in;  Newest IP or URL Threats  such that the URLs can be blocked by Malwarebytes' software.

Share this post


Link to post
Share on other sites

Thanx for the update.

I tried those Domains but I could not gleam a malicious URL from them.

Some Domains such as;  kamanos.xyz  can lead to a FakeAlert such as the following Apple FakeAlert but most of the time you need a fully qualified URL.

http://kamanos.xyz/secureddefenderbegin/mac/index.html

 

Spoiler

AppleFakeAlert.thumb.jpg.3936bcbd6de71e9ea5d7c6121480f502.jpg

 

Share this post


Link to post
Share on other sites

Thank you. I'll try to get more information, when I see the unwanted screen again. I am just afraid to download malicious code, when I click on anything on that screen. Therefore I just killed the Chrome application, performed a virus scan, and then looked at the history list.

Diether  

Edited by AdvancedSetup
Removed email address from post

Share this post


Link to post
Share on other sites

Please redact your email address.

An ounce of prevention is worth a pound of cure. 

** You do not have to seek the URL if doing so is outside your comfort zone.

 

Edited by David H. Lipman

Share this post


Link to post
Share on other sites

This happened to me yesterday 12/14/2017.  I tried to shut down through task bar but browser pop up box with warning and browser would not close.  I finally clicked the x in the corner rather than click the submit or cancel box in the pop up and the screen turned red, started flashing and the speakers blared "WARNING DO NOT SHUT OFF COMPUTER"!  I wrote down the following from the pop up box url: curationservices.com/in/advu126126128811/  before clicking the x.  I have googled this to no avail until I came across this thread. Needless to say, I did shut down the computer, restarted in safe mode, did a restore to an earlier point, and ran a virus scan.   Scared the heck out of me as I am not sure how I got this but I do recall getting a warning about an unsafe site from McAfee when I clicked on a link from an email from my kids school related to PSAT scores. Also, I do not know what I should do if this happens again.  I am not a computer guy but it is time to learn how to capture the details...

Share this post


Link to post
Share on other sites

You got this FakeAlert ( below ) because it was a bad web page.  Such web sites are in a class called a malvertisement.  Performing a System Restore from a previous Restore Point was overkill as it would do absolutely nothing in this situation.

{ Your FakeAleret was submitted in;  HTML.FakeAlert }

Spoiler

curationservices_com.thumb.jpg.6d59d4dbea7750dbc7b30e1315efbd4f.jpg

 

The way to deal with this is to use Task Manager and Kill the Browser Task rendering the objectionable content, Log Off or Reboot.

Since all FakeAlert sites are a kind of malvertisement, it is hard to avoid them.  They may appear on legitimate sites because the legitimate site owner chose to use an advertiser or marketing firm that works with nefarious sources.  FakeAlerts are now extremely common and that is why education and recognition is the best way to combat the fraud they represent.

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar

Share this post


Link to post
Share on other sites

Dave, that screen shot was it!  Thanks for the advice on dealing with it next time.  Greatly appreciate it! 

Share this post


Link to post
Share on other sites

I got this warning on my screen twice yesterday. I wasn't sure it was a FakeAlert. I was redirected there from the HuffingtonPost home page. I don't think I clicked on anything before I was redirected three times. The second redirect sent me to curationservices.com.  

I'm glad I found this thread.

Share this post


Link to post
Share on other sites

Fbc:

I was able to gleam the URL from your post.  Because of that, I was able to capture the screen-content and submit the URL on your behalf.

 

 

Share this post


Link to post
Share on other sites

Dave, Thanks for the info.  At the moment (12/23/17)  curationservices.com did not actually resolve before I closed it.  I was simply reading a news article on a major web portal the starts with a Y when the site opened in a new window.  One would think a major web portal player like Y$%** would thoroughly vet their advertisers.

Share this post


Link to post
Share on other sites
19 minutes ago, Skeeball said:

One would think a major web portal player like Y$%** would thoroughly vet their advertisers.

The word of the day is a-s-s-u-m-e. It is just as important to have a good adblocker as well as av/malware protection. 

Edited by Porthos

Share this post


Link to post
Share on other sites

It is a malicious site that will redirect the viewer to a new FakeAlert every 2~3 hours.

Presently it is.

http://165.227.216.234/as/?a=10012592&campid=46#

 

30 minutes ago, Skeeball said:

 One would think a major web portal player like Y$%** would thoroughly vet their advertisers.

Nope.  It's all about the $$.  A site may use an advertiser or marketing firm but they may contract out to others.  Somewhere along the line a malvertiser slips in and the web site viewer gets malicious content.

Companies like Yahoo! and AOL will show advertisements that are on the edge of fraud.  Such as the ones about NCIS and Abby Sciuto ( Pauley Perrette ) to sell Snake Oil products.

Reference:

'NCIS' actress Pauley Perrette slams fake skincare ads, rumors behind her exit

 

Edited by David H. Lipman
Spelling, Grammar and Clarification

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.