[Amps] MALWARE ALERT FOR RECENT POST

Roger sub1 at rogerhalstead.com
Tue Feb 2 14:34:33 PST 2010 

Hi Jim,

Jim Dawson wrote:
> Roger,
>
> I don't want to beat a dead horse, especially since only one other 
> here believes me, but
> you misunderstood what this is. I don't know if it's just a mouse over 
> or what, but I was
> scrolling through the pictures and a window popped up advising me that 
> I had a virus
> and should let "them" scan my machine. 
Yup, That is the old "scareware". You should be OK as long as you just 
closed out of it. For those not familiar with it the easiest way to 
close your browser is to use Task Manager. They are able to disable the 
ability to  close the browser.  Most people just hit reset, which is not 
the cleanest way out.
> After a few seconds a full screen browser
> window popped up and would not let me close it. It wanted me to 
> download their software.
> I finally got it closed hopefully before it installed anything harmful.
"So far" those things don't do anything "unless" you run it, but that 
could easily change.

> Nothing was caught by
> my anti-virus or anti-spam software, this was all self contained. It 
> has happened numerous
> times when visiting a PhotoBucket page. It is NOT caught by any 
> running protection software.
>
I did have that happen once, but not on photobucket. It was some time 
back just after these things start.  It can be a legit site that has 
been infected, or it can be one of the off site adds, or links. Most 
browsers can be set so they won't let the site you're on open a window 
or popup.  That may be why I haven't been seeing them...then again the 
next site I visit might do it.
> I don't really care if anyone heeds my warning or not, just relaying 
> my experiences.
>
Now that I see the specifics I certainly agree.

73 and good luck,

Roger (K8RI)
> Jim - K9DD
>
>
> ----- Original Message ----- From: "Roger" <sub1 at rogerhalstead.com>
> Cc: <amps at contesting.com>
> Sent: Tuesday, February 02, 2010 2:10 PM
> Subject: Re: [Amps] MALWARE ALERT FOR RECENT POST
>
>
>>
>>
>>>
>>>
>> Rather than mall ware, or "scareware"(which does exist), it's more than
>> likely what are called "false positives". Anti-spam programs are
>> particularly bad on that.  Again it varies with the algorithm in each
>> program and definition packages but the amount of false positives I get
>> both here and at the ISP due to both financial magazines, and reflectors
>> runs 50 to 75% out of about 75 to 100 e-mails per day.  I was losing
>> enough legitimate e-mail that I had to change the settings on my
>> accounts to quarantine the e-mail so I could personally check for false
>> positives.  Even if I take the low % of 50 that is up to 1500 false
>> positives per month. One cost me over $20,000 USD because of a lost
>> business opportunity with no recourse.
>> Almost all pages drop cookies on your machines. Most are benign, they
>> are necessary for many operations, but it depends on what they do with
>> the information.  The cookie is nothing more than a text file that says
>> "you were here" or "you were here and did this or that", and some such
>> as "double-click work on many sites giving them the ability to track
>> your browsing habits and it's almost impossible to get away from them as
>> some sites will not load if you block their adds. News and some of the
>> major sites do this.
>>
>> As many adds are not actually on the site you are visiting, the
>> monitoring programs see them as a redirect. Browsers and other programs
>> can block these and often misidentify them as mallware or worse.
>> I'm guessing that only some are seeing mall ware being identified, it is
>> likely to be the browser, but what ever identifies it should tell you
>> which one found it. IOW "SpeedBump Mallware detection has found such and
>> such a site is trying to send potentially dangerous mallware to your
>> computer, but due to our great efforts said attempt has been blocked
>> saving you and future generations..."  welllll... you get the idea.
>> Most of it is harmless, but you need to pay attention. The alarm may
>> simply be due to the add, or what ever residing on a host (not
>> necessarily the site you are visiting ) that is known to be lenient on
>> spammers and other lowlifes.
>>
>> 73
>>
>> Roger (K8RI)
>> Remember...Don't Panic! from the Restaurant at the end of the Universe.
>
>

More information about the Amps mailing list