MSE

renfrew · 21st Jul 2012, 08:44

Has anyone come across this?
Entering Flyertalk this morning a box appeared headed Microsoft Security Essentials saying I had 3 viruses and inviting me to click to fix it.
I don't have MSE and an AVG and Windows Defender scan found nothing.

A bit disconcerting but is this another scam?

Avtrician · 21st Jul 2012, 09:11

Yes,

It will probably install more problems, and will want $$$$$$ for a prog to fix??? it

Milo Minderbinder · 21st Jul 2012, 10:42

almost certainly a fake
Some of them are getting very beleiveable

green granite · 21st Jul 2012, 10:42

See below, read down the forum a bit to see the correct answer( ignore the first one)

I am receiving a MicroSoft Security Essentials alert that has isolated - Microsoft Answers

renfrew · 21st Jul 2012, 10:54

Thanks,
I had never seen this one before and it is a bit disconcerting that according to the thread a"driveby" can bypass normal security.

Milo Minderbinder · 21st Jul 2012, 11:14

thats why using Firefox with AdBlock plus and No-Script makes a lot of sense - the infective scripts are blocked
Adding Spybot S&D and Spyware Blaster may also help, but the problem is that blocklists such as those can never be totally up to date

MacBoero · 21st Jul 2012, 12:42

My father got this on his laptop a couple of days ago. Luckily he had the presence of mind to call me before going any further.

le Pingouin · 22nd Jul 2012, 09:12

renfrew, it doesn't so much bypass security measures as use social engineering to convince the user to install a program. That's the purpose of the bogus MSE message - click the message, download the program and agree to run it.

renfrew · 22nd Jul 2012, 09:31

Yes and I hastily closed down my pc as soon as the popup appeared.
But how does the popup get there in the first place?
The thread says it can come through any ad on a website.
I would have thought thet Microsoft would have the resources to go after someone using their name but it seems to have been around for several years.

le Pingouin · 22nd Jul 2012, 10:52

Same as any other pop-up you get when visiting a website if you don't block them.

Ads are a very likely source as websites usually don't host the ads that appear on their site. They effectively rent out their ad space to a third party who supplies the ads. Think Google ads.

There might be another layer or two before you get to the actual server supplying the ad and if that server has been hacked you can get a dodgy ad served up to you through a reputable website.

It's not any one person/organisation that's doing this and they're rather hard to track down - they aren't sitting in London or New York using their own Internet connection.

renfrew · 24th Jul 2012, 10:01

Just to add,there are now numerous complaints on Flyertalk about this.
Flyertalk apparently can't trace where it is coming from.

mixture · 24th Jul 2012, 10:14

Quote:

I would have thought thet Microsoft would have the resources to go after someone using their name but it seems to have been around for several years.

They do take it seriously and do put time, effort and money into fighting the worst offenders.

However there are two issues :

(1) Its a cat and mouse game. It is not particularly difficult for new offenders to startup operations. If Microsoft chased after everyone it would be like a dog chasing its own tail, hence they have no choice but to prioritise. They've got a strong brand with a large install base and hence make an attractive target for all sorts of mischievous activities.

(2) Much of their effort relies on collaboration with various aspects of the legal system in order to trace the offenders. The problem is that certain jurisdictions (predominantly in the Far East) have a tendency to turn a bit of a blind eye to electronic offenses, or at least are not a particularly helpful collaboration partner.

Quote:

there are now numerous complaints on Flyertalk about this

There are numerous complaints about most things on Flyertalk....

(e.g. there was a 10 page rant thread on there the other day about the First class BA lounge being "too busy")

Milo Minderbinder · 25th Jul 2012, 14:34

Its simple
As long as
1) people don't learn to protect themselves on the internet by using appropriate safety tools, and by practicing safe browsing
and
2) people expect internet content to be FREE, so requiring adverts to pay for the content
then we will never be free of this kind of thing

If you use software which protects you from adverts, popups and scripts you'll be safe. If you don't, you won't

mixture · 25th Jul 2012, 16:14

Pretty much what Milo said apart from to point out that there are other browser based attack vectors other than popups and banner ads.

renfrew · 28th Jul 2012, 12:21

Internet Brands which owns Flyertalk(and PPRuNe?)still can't trace where this is coming from after 10days.
It apparently involves an IE vulnerability so Chrome is safe to use.

To someone like me with no computer savvy it seems very poor that a major site cannot keep things safe.

renfrew · 5th Aug 2012, 18:34

After nearly 2 weeks Internet Brands couldn't reproduce this fault never mind trace where it was coming from.
An ordinary punter eventually told them what to do to get rid of it.

This ad will disappear if you login