Friday, January 16, 2015

News site misspelled domains lead to drive-by malware


There is a Trojan activated apparently by mistyping the name of a legitimate news site, that is “nbcbews” for “nbcnews”.  It may well happen will most major companies that have sites ending in the word “news” (like fox, abc, cbs). 
  
In Windows 8.1, the computer beeps and tells you that you have a “Trojan detected”.  It seems to be trying to get you to download a fake antivirus.  Curiously, the beeping doesn’t stop if you turn off the machine and turn it back on in Windows 8.  But it does let you Restart the machine completely.  When the machine completely restarts (and resyncs the Windows register) it stops and the machine works normally.
  
A Webroot Secure Anywhere scan did not show any threats. 

Update:

I was using Google Chrome on an HP Envy when this happened.  I am told that the "freezeup" is likely to be a browser problem and not a true threat.  I will check further with Webroot, Google, and possibly CERT for more information on the problem.  I didn't try this on other browsers, but it may not be reproducible according to what I was told.  One interesting observation: after Restart, Chrome didn't say it was improperly shut down, as it often does.  But after Restart, and closing everything and reopneing. everything worked normally.

The "web page" may well have been associated with a "tech support" scam where the consumer is supposed to call an 800 number to unlock a computer (but paying in bitcoin sounds rather unlikely).  I've gotten repeated landline calls from one number in India known to be associated with a "tech support" scam.  I don't answer robocalls.  

No comments: