Not what you are looking for? Ask the experts!
Drive-by Intrusion Blocked - Fake Tech Support Website 16 - Question re how intrusion occurred
System : HP Pavilion 64 bit
OS: Windows 10 Home Version 1607 Build 14393.1358 (current at time of attack)
Browser : Firefox 54.0 (current at time of attack)
Norton Security 22.214.171.124 (current at time of attack, including updates)
While working in Firefox on 6/26/17 at 1:12 PM EDT (Facebook and Yahoo Mail tabs open in one window and an MLB.com ballgame running in another Firefox window), a new tab suddenly opened itself in Firefox -- I did nothing to open the new tab -- and a Norton Security message simultaneously appeared saying an intrusion attack had been blocked. The new tab was labeled "Security Update Error 0xB6369834" and page display was a red screen purporting to be Windows Defender and saying "Real-time protection was turned off. You should turn it on." Also on the screen was an option to perform a scan and a Help Desk telephone number to call (+1 855 979-6679). Of course I did not click on anything on the screen and tried to close the tab and Firefox after taking photos of the screen. Firefox did would not close normally, I had to use the Windows Task Manager to close out. In all, Norton Security History reported 18 identical blocked intrusions over a 13 minute period. The final Norton Security report for this incident reads as follows:
6/26/2017 1:25:14 PM
Activity: An intrusion attempt by 126.96.36.199 was blocked.
Status: Blocked, No Action Required
IPS Alert Name: Web Attack: Fake Tech Support Website 16
Recommended Action: No Action Required
Attacking Comuter: 188.8.131.52, 80
Attacking URL: 13-555x10000x2-virus.com/en/report.php?id=KzEgKDg1NSkgOTc5LTY2OTc&lzsrzf=xdstas,
Source Address: 184.108.40.206
Traffic Description: "TCP, www-http"
Of course I ran both quick and full scans immediately. Norton Security reported my computer was clean.
My question is, simply: "What happened?"
I have researched the Web for info on such intrusion attacks, but cannot find a satisfactory answer as to how Firefox opened the new tab with the fake Windows Defender message and obvious malware clickbait and tech support scam telephone number. So I wonder what triggered this attack. I cannot think of anything that I did overtly. Did the trigger come from something in Facebook or Yahoo or the MLB.com sites that I had open in Firefox or might it have been something latent on my PC -- although my PC has always come up clean on regular daily Norton scans. Was this due to some vulnerability in Firefox itself or the current Windows 10 version?
Norton protected me, for which I am thankful -- well, that is what I paid for. Nothing unusual has happened since, I am just curious as to what happened and why, and I cannot find a good answer on the Web.
Grateful for any explanation. Thanks in advance.