Today I received a High severity intrusion attempt message "HTTP Fragus Toolkit Request 1" from NIS2010 (fully updated) stating that the attempt was by my own computer name (see attached picture - I have blanked out my computer name).  This occured when I was running Internet Explorer 8 and browsing my usual home page (www.bbc.co.uk).  Details are:

Risk Name: HTTP Fragus Toolkit Request 1

Attacking Computer: My Computer Name (192.168.1.##, 49485)

Attacker URL: inesne.com/gaha/show.php?key=be1d0d4932919ad9e7fba8bb64b02797&u=full2

Destination Address: 91.213.217.38, 80

Source Address: 192.168.1.## (192.168.1.##)

Traffic Description: TCP, Port 49485

I have completely scanned my system and NIS reports absolutely no security threats.  Why is the message indicating that the attempt came from my computer and yet the attacking URL is external?  Is this likely a false positive?  Although NIS blocked the attempt is there any action that I should take?    Note that I received two of these messages, they are identical except that the port changes from 49478 to 49485.  Should I block these ports on my router?

Interestingly shortly after the intrusion attempt I received a call from an Indian lady claiming to be from Richland Support.  She claimed that they had received error messages that had been traced back to my computers unique ID !!!!!  She then proceeded to ask me to turn on my computer so that they could connect and show me the error messages.  After I kept asking her some probing questions she stopped responding  and so I hung up.  Her caller ID was blocked.  Coincidence or not?  I have sent Richland Support and message notifying them of this.

Anyway, much appreciate any help/advice with regard to the above intrusion attempt.