Jump to content

Recommended Posts

Hello,

I wasn't sure where to post this, hopefully it is in the right forum.

A site was blocked due to malvertising when I was browsing the web.

This may be a dumb question, but I rather ask to be certain. The website that got blocked, does malware block the site and connection before it is able to connect and possibly infect?

I already did a threat scan, nothing was found. But also doing a full scan of my hard drives just in case.

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Link to post
Share on other sites

Malvertising doesn't really intend to infect.  Rather it is a set ploys used in Social Engineering to influence the visitor for various reasons.  The subsequent actions by a user may lead to infection such as with a Malvertisement pushing a Fake Java, Flash, Firefox or other software update.

If a site is blocked, the connection is not made and the communication is stopped and thus "blocked".  For example if the Malvertisement intent was to tell you your PC is infected and you should call a Phone Number, you would not be presented with that content.  Another example would be if a Malvertisement's intent was to tell you there is a Firefox update, you would not see that content either.  Another case would be a URL of a known malvertiser being blocked.  Visiting that kind of redirection URL multiple time may push a myriad of  Malvertisement types, different each time it is visited.  By blocking that kind of site, you are not confronted with those kinds of malicious or fraudulent sites the malvertiser may redirect your Browser to. 

In short, the Malwarebytes "blocking" of those sites short-circuits their attempts.

Edited by David H. Lipman
Link to post
Share on other sites

14 minutes ago, David H. Lipman said:

Malvertising doesn't really intend to infect.  Rather it is a set ploys used in Social Engineering to influence the visitor for various reasons.  The subsequent actions by a user may lead to infection such as with a Malvertisement pushing a Fake Java, Flash, Firefox or other software update.

If a site is blocked, the connection is not made and the communication is stopped and thus "blocked".  For example if the Malvertisement intent was to tell you your PC is infected and you should call a Phone Number, you would not be presented with that content.  Another example would be if a Malvertisement's intent was to tell you there is a Firefox update, you would not see that content either.  Another case would be a URL of a known malvertiser being blocked.  Visiting that kind of redirection URL multiple time may push a myriad of  Malvertisement types, different each time it is visited.  By blocking that kind of site, you are not confronted with those kinds of malicious or fraudulent sites the malvertiser may redirect your Browser to. 

In short, the Malwarebytes "blocking" of those sites short-circuits their attempts.

Ah okay, so they just recognize the IP, URL an immediately blocks it before I or the site even has a chance to infect or do anything at all. But by the sounds of it, in most cases it's just the fake "Download your free program" or "You have a virus" pop up.

Link to post
Share on other sites

Just now, Zoart said:

Ah okay, so they just recognize the IP, URL an immediately blocks it before I or the site even has a chance to infect or do anything at all. But by the sounds of it, in most cases it's just the fake "Download your free program" or "You have a virus" pop up.

That's correct, and even if it were an active drive-by exploit malvertisement (which can infect users just by visiting/viewing the site/ad), it would still be blocked before it had the chance to connect to your PC to attempt to infect you.  You can also further augment your protection from malicious websites by installing the Malwarebytes browser extension beta if you use Chrome or any Chromium based browser such as the new Microsoft Edge browser, SRWare Iron or Vivaldi or if you use Mozilla Firefox.  It works well alongside the Web Protection in Malwarebytes 3 and adds additional protection capabilities.  You can learn more about it and download it at the following links:

Chrome
Firefox

Link to post
Share on other sites

3 minutes ago, exile360 said:

That's correct, and even if it were an active drive-by exploit malvertisement (which can infect users just by visiting/viewing the site/ad), it would still be blocked before it had the chance to connect to your PC to attempt to infect you.  You can also further augment your protection from malicious websites by installing the Malwarebytes browser extension beta if you use Chrome or any Chromium based browser such as the new Microsoft Edge browser, SRWare Iron or Vivaldi or if you use Mozilla Firefox.  It works well alongside the Web Protection in Malwarebytes 3 and adds additional protection capabilities.  You can learn more about it and download it at the following links:

Chrome
Firefox

Fantastic. I was more afraid of those drive-by exploits. But good to hear that they are blocked/disconnected before they have a chance.

1 minute ago, Firefox said:

Also just to add, if a threat scan came back clean, doing a full scan is just overkill and not really needed, and it would take a long time to complete.

Eh, I like to make sure. It takes long... ish I guess. It took me 44 minutes to do 3 hard drives

Link to post
Share on other sites

Just now, Zoart said:

Eh, I like to make sure. It takes long... ish I guess. It took me 44 minutes to do 3 hard drives

No worries, I definitely understand being cautious, that said, the Threat scan does check all running processes and modules in memory, so if any malware were active anywhere on your PC (even from a location not normally checked by the Threat scan such as one of your other drives) it would still be detected.  The Research team is very good at optimizing the Threat scan to look everywhere that malware likes to hide and whenever a new location is discovered they add it by modifying the threat databases/signatures so the places that the Threat scan looks for threats can be changed any time they need to be, without even having to wait for a new program version or major release.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.