The Steel Guitar Forum

Today, shortly after turning on my computer and opening Firefox,suddenly the whole screen went bright red, with text supposedly from Firefox urgently "alerting" me that my computer and personal data were at risk, with a female voice with normal American accent urging the same message. It wanted me to call the 877 number on the screen immediately--"Don't waste your time"--to get instructions on removing something like "Adaware Spyware Virus". Though the speaking voice was free of language errors, the written page still had noticeable points of un-idiomatic or ungrammatical English.

Now, everything about this struck me as bogus, and I simply closed the page, closed and restarted Firefox, and ran a Trend Micro Full Scan, which detected no threats.

But what I wonder is, how did this find its way onto my screen? Should I worry, or is the problem entirely external to my computer?

Agree, that sounds a lot like a thinly-disguised phishing attempt; something's running that you don't want, and needs to be removed. I wouldn't be satisfied nothing's there from just the Trend Micro scan.

If it does that again, I'd be looking to see what's on the location bar, or maybe in your Firefox History, for the source (the url), and then trying to find out what I could about it using a WhoIs Lookup, as well as Googling it to see what's out there on the net about it. I'd also check Firefox settings to see if something's redirected your startup page.

Good luck.

The bogus tech support pop-overs are entirely browser based JavaScript attacks that are delivered via poisoned ads or compromised PHP driven websites (e.g. WordPress).

It may take some detective work to figure out whether the attack came from an ad network on the page, or the website itself. I use Firefox's View Page Source to see if there is a breadcrumb when I detect a browser based attack (or if one is blocked by Malwarebytes).

There are abuse reporting options available if you can actually identify a compromised or hostile website or server.

I have noticed that Malwarebytes 3.x is the first to detect and block most browser based attacks, especially tech support scams and links to exploit attack kits.

But is is it an attack or only an attack attempt? That is, if I didn't respond to it does the fact that I got the pop-over nevertheless mean my computer is already infected with something?

I used to get that one. It smelled. I just ignored it.

Brint Hannay wrote:But is is it an attack or only an attack attempt? That is, if I didn't respond to it does the fact that I got the pop-over nevertheless mean my computer is already infected with something?

In the past, fake virus alerts were caused by an already present Trojan. The current tech support phone-in scam does nothing if you close your browser as soon as it appears. It is a page overlay loaded by JavaScript when you are served a poisoned ad, or there is a link to an exploit server at the bottom of the page. Closing it should delete that script.

To be safe, run CCleaner immediately after closing the browser, flushing out the browser's cache (default setting). This will flush out any malicious scripts that might be lingering. It also deletes any executables that were dropped into your local user's Temp directory.