Friday, May 15, 2015

Fake survey pop-ups appear designed to load bloadware, adware


This evening, when I went to a somewhat shaky news site, there was a popup (in Chrome) inviting me to take a Comcast survey.  This sounded fishy.  
  
I noted in the Chrome history that “homepage-web.com” had been accessed, and found in the literature mention of a “homepage-web.com” hijack, here.  This appears to be “bloatware” or unwanted adware, which replaces default search engines when certain free apps are loaded. 
  
I am checking with Webroot on the issue.  However a scan (after a complete Restart) showed no threats.  It is possible for a zero-day threat to exist, which means another scan should be run some hours after Webroot has had time to examine my question. 
  
Generally, one should not respond to popup surveys that purport to come from major companies but may install malware or bloatware.  There is a survey that gets loaded if you misspell “Facebook” and loads bloatware; there is another one that loads if you mistype “bews” for “news” in several major news sites.  Some may try to sell “fake” anti-virus software.


Update: May 16

Today, I found that while Bing comes up as a default web page in Chrome, but the "homepage" at the top was "homepage-web.com".  It also showed up in Chrome history again.  I was able to get rid of this by following the instructions in Chrome help (go to Settings), and then doing one more Windows 8.1 Restart.  So this appears to be a minor "bloatware" infection that got past Webroot at first.  I'm checking to see if this should be flagged during screening.

Update: May 19 

Webroot says that it does not flag these as threat, but as PUA's, "potentially unwanted programs". 

No comments: