Friday, March 30, 2018

I'm getting random "scareware" attacks from MSN on Windows 10; Trend doesn't show them



On two occasions in late March, when I have gone to an MSN story displayed by Microsoft Edge, on a Windows 10 computer with the latest fixes (and Creator’s Update) I’ve gotten a red page and “Internet warning” which demands payment for tech support.

The screen goes away by merely closing the browser.  I have always restarted the machine. Trend Micro screens do not show malware, nor do they show a block of the page.  Edge history does not show the page.

Both stories appear to the with “http” (not https) so it is possible that this is an interception and a “man in the middle” attack.

I have Cox as the telecom provider now.  In a previous location I had comcast.  On a few occasions I got such screens from random sites on Google Chrome, which I believe were always http.  The problem always went away with closing the browser and restarting, on this same HP Envy machine.  But I believe that Trend reports in those cases noted a blocked site.  

Not all news or media sites use or enable https for ordinary browsing yet.  I just checked Time and it does not.  But I have not tried to see if MSN can enable “https everywhere”. 

One other interesting observations about the MSN stories:  they are always derived news stories from other sites.  It is usually possible to just go to the original news site, which may be “safer”.
Windows 10 should be able to intercept this sort of attack.
  
Tuesday, while on an Amtrak train, an ASUS laptop with Windows 10 updated Trend and required a restart.  But then it required a second restart when I got home.  I’m not sure if Trend was working properly during the “Crypto Party” in Philadelphia, but I didn’t notice anything.

If it happens again I'll have the presence of mind to take a photo of the screen.  But the natural reaction is to close the browser instantly.



Update:  March 31 (Major)

I find that if I key in "https://www,msn.com" first then all their news comes up https.  So far doing that the problem hasn't recurred. So far, I can't get abcnews and time to come up with https, but I'll keep experimenting.

There's more.  On another machine, an ASUS originally built with Windows 10 and not converted from 8.1, the MSN automatically comes up as https without having to be told do so.  Are there some security problems for older machines converted to W 10 with Edge added after the fact?  It looks like it.  

No comments: