Malicious ads?

[Lisnpuppy]

Unfortunately it's a full-page popup with no way to identify which ad it's coming from, and the URL is randomized so there's no way to tell what site is hosting the bogus patch download.

There should be a way to use the report function. If not all the more reason to look at it.

 

If not then take a screenshot of it along with any information you can get and submit that to Dark0ne (also perhaps the area where you live and all that.) Something is better than nothing. You can use the contact us at the bottom of the main forum page to send it in. Thanks for the warning though. I wouldn't think that full page hi-jack ads would be welcome.

[Fizzol]

Okay, I turned off uBlock and reloaded and clicked a few different pages. It took about 5 clicks to get the bogus patch to pop-up again. It first blanks the screen when it pops up, so there's just no way to see what it's doing. I also had Windows Defender pop-up at the same time and tell me it found Malware.

 

The Kovter Trojan

 

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
file:C:\Users\NAME\AppData\Local\Temp\ruNz2j8r.exe.part

Get more information about this item online.

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3aWin32%2fKovter.C

 

 

Here's what the page source says. Hopefully it tells you something.

<!DOCTYPE html>
<!--[if lt IE 7]>      <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>         <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]>         <html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js"> <!--<![endif]-->
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <title></title>
        <meta name="description" content="">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <link rel="stylesheet" href="/PR1-2/css/normalize.css">
        <link rel="stylesheet" href="/PR1-2/css/main.css">
        <link href='https://fonts.googleapis.com/css?family=Open+Sans:400,300' rel='stylesheet' type='text/css'>
        <script src="/PR1-2/js/vendor/modernizr-2.6.2.min.js"></script>
    </head>
    <body>
        <div class="container">
            <h1>Urgent Firefox update</h1>
            <a class="btn" href="/1601250719749/1467777984988609/firefox-patch.exe">Download Now</a>
        </div>
        <script>window.jQuery || document.write('<script src="/PR1-2/js/vendor/jquery-1.10.2.min.js"><\/script>')</script>
        <script src="/PR1-2/js/plugins.js"></script>
        <script src="/PR1-2/js/main.js"></script>
        <script>
         setTimeout("location.href = '1601250719749/1467777984988609/firefox-patch.exe';", 1000);
        </script>
    </body>
</html>

Here's a link an image of the page info since I couldn't copy/paste it.

 

http://imgur.com/zsFzTtv

Edited July 6, 2016 by Fizzol