Jump to content

Page loaded and download launched before the block


Aura

Recommended Posts

I have no idea if this can be fixed, improved or else but here...

https://www.bleepingcomputer.com/forums/t/571915/adwarepup-reporting-topic/page-12#entry4438773

Go to the link below.

hXXps://get.excellentstrike.pro/go/?ctoken=eu8e3bxdcs8qhilfrc38&spot=true&key=flash-player

The page will load, bringing you to a fake Adobe Flash Player download page, and download a file called "flash-player.exe" though a second after the page loads, it gets blocked by Malwarebytes.

chrome-extension://ihcjicgdanjaechkgeegckofjjedodee/redirects/blockedMalware.html?url=https%3A%2F%2Fget.excellentstrike.pro%2F&host=get.excellentstrike.pro&category=scam

However, the harm is "done", as the file was downloaded. If it was an exploit or else, the system would've been compromised because of that 1 second delay I guess.

Link to post
  • Staff

By the way, just FYI in case anyone is curious, the reason this happened was most likely due to the nature of some of the behavior based aspects of this new plugin.  It doesn't just use a database of known bad websites the way MB3's web protection does.  Instead, it also looks at the page layout, content, structure and behavior and based on certain patterns of known bad sites/types of sites, it can trigger at any point it finds that the site looks like/acts like a type of site which the plugin was designed to block (tech support scam sites, phishing sites, fake/deceitful download sites hosting malware/PUPs etc.) so it may not always block/redirect the page in time to stop it from loading certain content such as downloads or even exploits which is why ideally it's best to combine the plugin with the protection in MB3 if possible because for one thing, obviously if it's a malicious download then hopefully MB3's protection will catch it and if it's an exploit then MB3's anti-exploit protection will certainly block/defeat it.

That said, as long as you don't actually deliberately run anything downloaded from a site that the plugin has blocked, then the download can't hurt your system (thanks in no small part to the security built into modern browsers and Windows versions which no longer allow any automatic execution of downloaded executables without user consent nor do they even allow automatic downloads for that matter to my knowledge).  So just be cautious and don't run anything that comes from such sites and you should be OK.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.