07-22-2012 03:35 AM - last edited on 07-22-2012 04:18 AM by shannons
I started getting the "Fake App Attack: Fake AV" over the last week. I seem to get an attack when on MS Internet Explorer.
I downloaded NIS yesterday. It prevented an attack yesterdayfrom URL guarantorqueerprocessinspection.pl I ran a full scan.
Today the attack came from a different URL:lowdelivererdetector.. Again I ran a full scan. When I did a check on NIS for the website, it didn't recognise it.
Is there anyway of preventing these attacks even coming to my PC in the first place? Even if NIS can detect them, it's annoying having to deal with them when I am on my browser.
Solved! Go to Solution.
07-23-2012 02:09 AM
I think its only happening on one site - irishtimes.com
This is a reputable site.
I only started getting the attack last week. I don't use my browser that much.
07-23-2012 04:06 AM
do you have either Mozilla Firefox or Google Chrome installed on your computer and see if you are getting the same alert from Norton IPS, when you use Firefox or Chrome.
Try one or both programs to see if you are getting the same alert, as when you are using Microsoft Internet Explorer.
Here are links to the programs to download.
07-23-2012 09:50 AM - edited 07-23-2012 09:51 AM
07-24-2012 04:35 AM
Thanks for all the replies.
I'll pass that info onto the irishtimes.com
Just to say for the last while I haven't kept the version of my Java up-to-date on my PC
Yesterday I upgraded to Java 6 standard edition V6 Update 14.
I had no attacks yesterday or today.
Could the updated Java make a difference?
07-24-2012 09:34 AM
I got in touch with irishtimes.com and this is the response I got:
"We have successfully traced the fake anti-virus notice to a third party advertisement which was being intermittently delivered to users of The Irish Times web-site in recent days. As of Monday, this advertisement has been blocked from running on our site, and the third party advertisement agency have been alerted to the problem. Despite our team vetting the advertisement before it was launched on July 13th, the advert was subsequently altered by the third party late last week without our knowledge and began to distribute these false messages regarding viruses. We are reviewing our procedures involving such third party advertisers as we take our users security very seriously."
So looks like the problem has been fixed.
Thanks again for all your help. Much appreciated.
07-24-2012 11:24 AM - edited 07-24-2012 11:26 AM
Yikes! The current version of Java 6 is Update 33. Running any earlier version is extremely dangerous, as older versions all contain security flaws that are among the most exploited vulnerabilities commonly seen in malware exploit packs. You are actually lucky that the compromise at Irish Times did not include such an attack - you could have been toast. If you need Java, please UNINSTALL any old versions still showing in Windows Add/Remove Programs and download either Java 6 Update 33 or Java 7 Update 5 from the Oracle download site. If you don't normally use Java to run applets, you don't really need to reinstall the program unless some application on your system requires it.
You might also want to run the Secunia Online Software Inspector to check for any other old, vulnerable programs that may be installed on your system:
07-25-2012 03:05 AM
I wonder how I don't have the latest Java version?
I use Thunderbird for my email - I think that is why Java was downloaded in the first place.
My computer is automatically prompted by Java for the latest download. This only happened a couple of days ago.
I'll look into this. Thanks.
07-25-2012 10:11 AM
Thunderbird does not require Java to be installed. Here are a couple of articles about the dangers of running old Java versions and whether you should consider removing Java entirely (I did, and have not yet run into a website where it would have been necessary to reinstall it).