12-18-2012 01:25 PM
Hello. Earlier today, my mother was loogged onto Internet Explorer. When she was, there were 3 blocked attacks. All of which containing the same information. It said "Web Attack FakeAV Download 2". While they were being blocked, Norton was doing its
IPS Detection Statistical Submission routine at the same time. Is there a connection? She wasn't doing anything dangerous. She was just viewing an e-mail from Best Buy. Is there a serious problem here? Why would we recieve an attack like that under those circumstances? Is there anything I can do? Thanks.
12-18-2012 03:11 PM
Had she recently bought something from Best Buy to warrant contact from them (order update or something similar) or does she regularly receive advertising emails from them? If not then it may have been a fake email with the virus embedded or if she clicked on a link within the email then that could've taken her to the site containing the virus.
12-18-2012 03:17 PM
This is a driveby download attempt that Norton detected and blocked, so the PC should not be adversely affected. You may want to run a Full System Scan just to verify that nothing malicious got through. Also, if you are not getting any strange and unexpected antivirus programs popping up, you are probably not infected.
I suspect that your mother may have been clicking links in the email that were directing to the malicious download site, as Doctor9fan suggests.
12-18-2012 03:32 PM
12-19-2012 02:06 AM
It depends on whether the email was sent to one of the free webmail accounts (Yahoo, Hotmail etc) or to one provided by your mom's ISP & whether the account is a pop3 or imap, if a free account or imap then it probably will have been deleted completely if the deleted items folder has been emptied, if it's a pop3 account & she has web access to the account (some isps offer webmail access so users can read their mail on other computers while they're away from home) then it might just still be in the deleted items folder online. If you wanted to check the email to see if it was legit then it's worth a try.
12-19-2012 04:24 AM - edited 12-19-2012 04:51 AM
I may be overly paranoid, but I assume all emails (especially unsolicited emails) have dangerous links until fully examined, no matter how good they look. Lot of phishing/spoofing attacks in email are designed with really great looking mimics of financial sites, online sellers, FedEx/UPS, etc. that are hard to tell from legitimate ones. Sometimes you can tell if a link might be legitimate by doing a "mouseover" on the link (place the cursor over it) and checking the URL that it would take to you to. But I almost never click any link in an email unless I am expecting it from a known source and have examined it to be sure it is legitimate. It's even possible that some dangerous links are designed to look like a website destination URL but are actually executable .exe files.
I occasionally get such fake emails designed to appear from FedEx/UPS, about a "tracking number", etc. or spoofing various airlines with a subject line about my "tickets", etc. If someone is really expecting a package, or if they travel a lot on business, they might click on one of those without thinking. So it pays to be wary. As I recall, I *may* have gotten a fake Best Buy email before, but I don't remember for sure.
Another tip off that an email may not be legit or may be from another person's hacked email account is if the subject line is blank, and the message doesn't contain anything but a link. I'll shut up now :)
Hopefully no other malware got through onto your mom's computer, but I'd at least run some full system scans like someone mentioned above. Maybe with both Norton and an on-demand Malwarebytes scan as a second opinion. Good luck!