• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos0

"New" threat - Heartbleed

Hi all,

I've seen this article:

http://www.independent.co.uk/life-style/gadgets-and-tech/features/heartbleed-bug-has-revealed-major-flaw-in-online-security--so-much-of-the-web-is-based-on-free-software-that-anyone-can-access-9252548.html

and checked this site for references to "heartbleed bug"  with no success.  Any information, anybody?

Also, I've started getting an annoying bug that duplicates what seem like random words and turns them into links, like the illustration here.  Any idea how I can have picked it up and how I can kill it off?  I run the same software on this laptop as on my PC and that machine doesn't have the problem.  I'm also getting pop up ads on this site, even running Adblock Plus.

Thanks,

Ian

Replies

Kudos0

Re: "New" threat - Heartbleed

Hi all,

I've seen this article:

http://www.independent.co.uk/life-style/gadgets-and-tech/features/heartbleed-bug-has-revealed-major-flaw-in-online-security--so-much-of-the-web-is-based-on-free-software-that-anyone-can-access-9252548.html

and checked this site for references to "heartbleed bug"  with no success.  Any information, anybody?

Also, I've started getting an annoying bug that duplicates what seem like random words and turns them into links, like the illustration here.  Any idea how I can have picked it up and how I can kill it off?  I run the same software on this laptop as on my PC and that machine doesn't have the problem.  I'm also getting pop up ads on this site, even running Adblock Plus.

Thanks,

Ian

Kudos0

Re: "New" threat - Heartbleed

Is your system using OpenSSL???  I highly doubt it so in terms of your system there is no problems, with users it is about changing passwords at the systems and servers that do use OpenSSL  (HTTPS)

Like Email passwords, online shopping accounts etc.   with your ISP, Gmail, Yahoomail, Amazon .....................................

The symtom you describe sounds like PUPS.

Quads

Kudos0

Re: "New" threat - Heartbleed

" Also, I've started getting an annoying bug that duplicates what seem like random words and turns them into links, like the illustration here.  Any idea how I can have picked it up and how I can kill it off?  "

Hi,

Where do you see this? Browser, Windows folders etc...

From the screenshot you have posted I cannot understand much.

Regards,

Kudos0

Re: "New" threat - Heartbleed

Hi, iancol. There are a few posts about Heartbleed in the Tech Outpost forum, which have some info on this.

Windows 7 64 Bit Sp1 NIS V 21.6.0.32
Kudos0

Re: "New" threat - Heartbleed

Quads
You mention about changing passwords for email amazon and ISP
For ISP do you mean the login to ones ISP website?
Not the PC connection to the ISP server?
Kudos4

Re: "New" threat - Heartbleed

don't think you will understand 

A lot of ISP's have mail servers that when you have your ISP account password the main email account also uses the the same username and password.

A family could have more than one email account with with the ISP, for mum dad, kids etc that has a different email address and password.  But the master account has the same password as the one your PC users to log into the internet.

Example only the info is not factual but just to show what is meant

ISP account for systems logging into network

username :          Quadsie

password :          4pistons

Email address   Quadsie@slingsot.co.nz  (master account)  same password as above  (dual purpose)

cats email account

   address  puss@slingshot.co.nz

Password: meowmeow 

The cats account does not have any ISP account rights and is email only it is not like the master ISP account for systems connecting or that email. 

Could be that same with the likes of Verzion, AOL Telsta, BT and so on

That is different than accounts wirth say Gmail, yahoo, Internet Banking,  where it is not also the ISP account logon so does not involve your systems logging into the ISP network.

So if your email is with your ISP the passord could more than likley be dual purpose meaning that when you change the password for the master email you are also changing the password for the ISP network logon.

Quads 

Kudos0

Re: "New" threat - Heartbleed

Hi all.  Thanks for your replies.  I'm not in a position to respond at the moment.  Will get back later today.

Ian

Kudos0

Re: "New" threat - Heartbleed

Thanks quads
So the need to change password involving the ISP is more so driven by the fact that the ISP provides email services? And that is the pass word that is needing to be changed?
Kudos0

Re: "New" threat - Heartbleed

Back again.  I've had a look at Tech Outpost and note that the posts are dated 2009, so why is this an issue now, I wonder?

As for examples of the irritating ads, here are four.  The first appeared as soon as I went on line.  Certain key words are picked out and the ads seem to be tailored to the word.  Feven Pro seems to be a clue.

The second is what apppeared when I opened Norton Support.  Note the relevance of the ad.

Third shows what I saw when I logged on to this forum.  In this case, no relevance to the page.  Clicking "Do not show again" doesn't work, naturally.

Photo 4 shows the selected word highlighted and duplicated, with relevant ad.

This stuff only appears on the laptop and only since I changed the hard drive using a Sandisk cloning pack.  Have I not been vigilant enough when using this software?

Thanks,

Ian

Kudos1

Re: "New" threat - Heartbleed

Hi,

Looks like you have adware installed, jolly wallet etc.

Try to run a full system scan with MBAM Free version.

See if it can pick & remove anything.

If not, maybe you should visit one malware removal forum, where an expert should be able to remove all the possible adware installed on your system.

Regards,

Kudos0

Re: "New" threat - Heartbleed

Hello

Do not go to Iyogi for help as they are not representatives of Symantec. If you need a list of the recommended free forums, please let us know. Thanks.

Success always occurs in private and failure in full view.
Accepted Solution
Kudos0

Re: "New" threat - Heartbleed

Thanks, all, especially Apostolos.  The MBAM scan appears to have worked!   Just one concern - I was expecting Norton 360 Premier Edition to provide this sort of protection.  AM I  just showing my ignorance?

On the originally-raised query - Heartbleed - I had a message from my bank this evening, when I logged on, saying I should ignore press articles on it.  No action required.

Thanks again,

Ian

Kudos1

Re: "New" threat - Heartbleed

Hello

No one security program can provide all the security all the time. Each program has their own specialties. But only 1  live time security program can be installed in one computer.

Success always occurs in private and failure in full view.
Kudos0

Re: "New" threat - Heartbleed

There appears to be NO POST that answers my question about what to do about Heartbleed, and this is disturbing as Norton clearly highlights lancol's April 11 post as the solution. With all the hullaballoo on the internet - and even a Wikipedia article - I'd like to be sure I know what to do. I regularly run Malwarebytes and do whatever it tells me to do. Is that enough? So simple? Please somebody, give me some advice!

Kudos0

Re: "New" threat - Heartbleed

Hi nadhia
From my knowledge I don't think there's a great deal we can do!

I think the best thing to do would be to change the passwords associated to the accounts that have been affected by the bug just to be safe

But in till then I believe it's up to the website developers to make a patch or update to fix this issue.

Bugs and things like this are bound to happen on the internet at some point and we want to be 100% protected we may as well ditch our electronics and accounts and move to a desert island!

I could be wrong but this is what I believe.

Regards
Kudos0

Re: "New" threat - Heartbleed

Windows 7 Home Premium x64 SP1 *** Norton 360 v21.6.0.32
Kudos2

Re: "New" threat - Heartbleed


AudiA1 wrote:
Hi nadhia
From my knowledge I don't think there's a great deal we can do!

I think the best thing to do would be to change the passwords associated to the accounts that have been affected by the bug just to be safe

But in till then I believe it's up to the website developers to make a patch or update to fix this issue...


Correct, there is nothing we can do as end users for this issue but change your passwords on affected sites. This is a data leakage problem from the web server end. There is not security related software you can run or settings you can make that have anything to do with this. This is not malware or a virus.

Kudos0

Re: "New" threat - Heartbleed

Hello

Heartbleed is not actually a new problem either. It's actually been around for a couple of years. As with most malware, they seem to circulate all the time and diffferent ones become popular at different times. Remember to keep your programs up to date and perform the necessary scans with your Norton products. If you do run into troubles and if it's something we can't help you with, we can usually recommend you to the correct places where you caan usually receive the proper help. Thanks.

Success always occurs in private and failure in full view.
Kudos0

Re: "New" threat - Heartbleed

Most popular websites like Facebook, Gmail, Yahoo!, Tumblr and others have already patched this issue.

My bank also stated;

"[bank name] has multiple levels of security in place, including encryption, to keep your banking information safe and secure. [bank name]’s Online and Mobile Banking services have not been affected by the Heartbleed issue. You can continue to use [bank name]’s websites with confidence for your everyday banking."

You can use this site to check if a website is vulnerable still http://filippo.io/Heartbleed/ Also some extension authors have written extensions to check if a site is still vulnerable.

Windows 8.1 Pro 64-bit / Norton Internet Security v.21.x
Kudos2

Re: "New" threat - Heartbleed

Just to be clear, Heartbleed isn't malware - it is a defect in the OpenSSL software that could allow an unauthorized person who knew about the defect to obtain information - possilbly passwords - from the web server memory.  The defect has been present for a couple of years.  That does not mean it has been exploited all that time.

Kudos0

Re: "New" threat - Heartbleed


nadhia wrote:

There appears to be NO POST that answers my question about what to do about Heartbleed, and this is disturbing as Norton clearly highlights lancol's April 11 post as the solution. With all the hullaballoo on the internet - and even a Wikipedia article - I'd like to be sure I know what to do. I regularly run Malwarebytes and do whatever it tells me to do. Is that enough? So simple? Please somebody, give me some advice!


Hi nadhia,

I think it should be clarified that the post you mention is highlighted only because it was marked as "Accepted solution" by Iancol who, as the thread OP has the right to choose a post and mark it as the solution. 

... And in addition to what other members have already posted, I hope that my post here can be of any help.

 

Kudos2

Re: "New" threat - Heartbleed

Hello

Please see this support post about Heartbleed and what Norton recommends.

https://support.norton.com/sp/en/us/home/current/solutions/v98431836_EndUserProfile_en_us

Success always occurs in private and failure in full view.
Kudos0

Re: "New" threat - Heartbleed

TO ANYONE AT NORTON/SYMANTEC:  

Just a question.  I received an email from "Norton" that appeared in my junk folder regarding this Heartbleed bug.  It was sent from:  "norton@nortonfromsymantec.com".  I didn't open the email because I am untrusting of sites that use the same name as their @ address.  I used the "View Message Source" to obtain the email address.  The information provided in the message source mentioned the Heartbleed and had several links that it wanted you to click (obviously not clickable because I wasn't in the actual email).  Did Symantec or Norton send this email out to its members?  I want to make sure that someone isn't taking advantage of this Heartbleed bug and sending mass emails pretending to be Norton or Symantec when they are in fact a hacker or a baddie.  Please let me know.  If you didn't send it, you may want to investigate who sent it.  I can give IP info or any other info or even the entire message source if needed.


Thanks so much for taking the time to read and respond to my message!

Kudos0

Re: "New" threat - Heartbleed

Hello pritibllues

I will notify Norton about  your email. Please don't delete it yet in case they might want you to email it to them. Thanks.

Success always occurs in private and failure in full view.
Kudos0

Re: "New" threat - Heartbleed

the email address norton@nortonfromsymantec.com is legit and from Symantec / Norton

 

Symantec has also released info about "Heartbleed" and Norton products.

 

Quads

Kudos0

Re: "New" threat - Heartbleed

Hello Quads

Thanks for the info.

flo

Success always occurs in private and failure in full view.

Replies are locked for this thread.