• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos0

Can I stop repeated attacks "Fake App Attack: Fake AV"

I started getting the "Fake App Attack: Fake AV" over the last week. I seem to get an attack when on MS Internet Explorer.

I downloaded NIS yesterday. It prevented an attack yesterdayfrom URL guarantorqueerprocessinspection.pl I ran a full scan.

Today the attack came from a different URL:lowdelivererdetector.. Again I ran a full scan. When I did a check on NIS for the website, it didn't recognise it.

Is there anyway of preventing these attacks even coming to my PC in the first place? Even if NIS can detect them, it's annoying having to deal with them when I am on my browser.

[edit: Please do not link to potentially dangerous websites per the Participation Guidelines and Terms of Service.]

Replies

Kudos0

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

I started getting the "Fake App Attack: Fake AV" over the last week. I seem to get an attack when on MS Internet Explorer.

I downloaded NIS yesterday. It prevented an attack yesterdayfrom URL guarantorqueerprocessinspection.pl I ran a full scan.

Today the attack came from a different URL:lowdelivererdetector.. Again I ran a full scan. When I did a check on NIS for the website, it didn't recognise it.

Is there anyway of preventing these attacks even coming to my PC in the first place? Even if NIS can detect them, it's annoying having to deal with them when I am on my browser.

[edit: Please do not link to potentially dangerous websites per the Participation Guidelines and Terms of Service.]

Kudos0

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

Is it only happening when you are on a specific website??

Quads

Kudos0

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

I think its only happening on one site - irishtimes.com

This is a reputable site.

I only started getting the attack last week. I don't use my browser that much.

Kudos0

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

Hey

do you have either Mozilla Firefox or Google Chrome installed on your computer and see if you are getting the same alert from Norton IPS, when you use Firefox or Chrome.

Try one or both programs to see if you are getting the same alert, as when you are using Microsoft Internet Explorer.

Here are links to the programs to download.

www.mozilla.com

http://filehippo.com/download_google_chrome/12809/

Thanks

Sweman

Kudos2

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

Hi paultf,

Sucuri reports that the site contains possible malicious JavaScript.  The site appears to be compromised and Norton is blocking an actual attack.  You may want to inform the site's webmaster and avoid using the site until it is cleaned up. 

http://sitecheck.sucuri.net/results/irishtimes.com

Kudos0

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

Thanks for all the replies.

I'll pass that info onto the irishtimes.com

Just to say for the last while I haven't kept the version of my Java up-to-date on my PC

Yesterday I upgraded to Java 6 standard edition V6 Update 14.

I had no attacks yesterday or today.

Could the updated Java make a difference?

Accepted Solution
Kudos1

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

I got in touch with irishtimes.com and this is the response I got:

"We have successfully traced the fake anti-virus notice to a third party advertisement which was being intermittently delivered to users of The Irish Times web-site in recent days. As of Monday, this advertisement has been blocked from running on our site, and the third party advertisement agency have been alerted to the problem. Despite our team vetting the advertisement before it was launched on July 13th, the advert was subsequently altered by the third party late last week without our knowledge and began to distribute these false messages regarding viruses. We are reviewing our procedures involving such third party advertisers as we take our users security very seriously."

So looks like the problem has been fixed.

Thanks again for all your help. Much appreciated.

Kudos1

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

Hi paultf,

Yikes!  The current version of Java 6 is Update 33.  Running any earlier version is extremely dangerous, as older versions all contain security flaws that are among the most exploited vulnerabilities commonly seen in malware exploit packs.  You are actually lucky that the compromise at Irish Times did not include such an attack - you could have been toast.  If you need Java, please UNINSTALL any old versions still showing in Windows Add/Remove Programs and download either Java 6 Update 33 or Java 7 Update 5 from the Oracle download site.  If you don't normally use Java to run applets, you don't really need to reinstall the program unless some application on your system requires it.

http://java.com/en/download/index.jsp

You might also want to run the Secunia Online Software Inspector to check for any other old, vulnerable programs that may be installed on your system:

http://secunia.com/products/consumer/osi/online/

Kudos0

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

I wonder how I don't have the latest Java version?

I use Thunderbird for my email - I think that is why Java was downloaded in the first place.

My computer is automatically prompted by Java for the latest download. This only happened a couple of days ago.

I'll look into this. Thanks.

Kudos1

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

Thunderbird does not require Java to be installed.  Here are a couple of articles about the dangers of running old Java versions and whether you should consider removing Java entirely (I did, and have not yet run into a website where it would have been necessary to reinstall it).

http://krebsonsecurity.com/2010/06/dont-need-java-junk-it/

http://krebsonsecurity.com/2012/07/new-java-exploit-to-debut-in-blackhole-exploit-kits/

Kudos0

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

OK. Thanks for the info.

I won't get a chance to look into this until tomorrow.

Forgot to say I use OpenOffice too - do I need Java for that?

And what about browsing on Internet Explorer - do I need Java aswell?

Thanks.

Kudos0

Re: Can I stop repeated attacks "Fake App Attack: Fake AV"

It does appear that Open Office requires Java for full functionality.  Not a problem - just make sure you keep Java current.

http://www.openoffice.org/download/common/java.html

Replies are locked for this thread.