Scam on the new computer

Miscellaneous and Personal Stuff I Must Share
1

I bought a new MacBook Pro a couple of months ago. Since the old one has been working well enough, I’ve barely used the new one. (The old one is not in the shop for a full diagnostic, and – I’ll bet – a new hard drive.). Something weird has been happening with the new computer. I’ll have a webpage open, and suddenly it replaces the page I’m on (or navigates to) a virus warning page:

First, I’ve barely used this computer. Second, I am not one to visit ‘unsafe sites’. But somehow I’ve been targeted. The warning looks very convincing, except for one thing: the ‘ticking clock’ at the bottom. Either there’s ‘damage’, or there isn’t. No legitimate company would put the countdown clock there.

I initiated a chat session with Apple Support, and they confirmed that it’s not from Apple. They also gave me a link to Malwarebytes, which I have installed. (Malwarebytes says my system is clean.)

I just wanted to share this because I’ve never had a phishing/trojan attempt that redirected a webpage.

2

Most malware these days puts an extension on your web browser. In addition to a Malwarebytes scan, also scan with Adwcleaner.

Hacker can also put scripts on legitimate sites. Usually, they buy ad space. After it’s approved, they put a small script in the graphic that warns you that you computer is infected. The site doesn’t know anything about it.

3

It is probably an ad on the website you are browsing. It doesn’t have to be an “unsafe site” for it to show bad ads. In general, websites don’t hand pick their ads, but subscribe to an ad network that places them. Some of the ad networks are not too discriminating, some can be tricked, and others can be hacked. All of that results in those deceptive ads being displayed. I recommend using an ad blocker. Why didn’t you get this on your old computer? I don’t know. Maybe it’s a new problem with the website that is coincidental, maybe it is specific to the updated version of Safari you’re using, or something like that.

4

Yeah, this. There’s at least one company, MacKeeper, that has invested humongous sums of money into misleading advertisements designed to look like your browser or OS is alerting you to a problem.

5

Yeah, the website is probably serving up the malware. I get these redirects on my phone all of the time. I just close out the tab and stay away from that site in the future. My phone hasn’t been infected so far, and I do run Malwarebytes regularly.

6

FWIW I’ve seen the same “you have X viruses” ad (or one very similar) on the SDMB itself. Have you seen this happen on more than one website, or is it always on the same site? If the latter, the site probably is just using an ad service that has let a nasty ad get through. Even if it appears on more than one site, it’s possible the sites are using the same ad service.

Another thing you can (and almost certainly should) do is install an ad blocker.

7

Seems to happen on SDMB. But I pay, so I don’t get ads.

8

Try using 9.9.9.9 as your DNS.
It eliminates a lot of these annoyances.

9

Software requirements

Windows 10 (32/64-bit)
Windows 8 (32/64-bit)
Windows 7 (32/64-bit)

I’m not using Windows.

10

DNS is set to 8.8.8.8. I don’t remember why, but some tech support person said I needed to change it to that so that something would work.

11

In my experience, these crap isn’t even malware. It’s just browser-hijacker ads.
Make sure you have “Block pop-up windows” turned on.

12

I assumed AdBlock Plus was copied when I had the stuff from the old computer transferred to this one. I’ve downloaded and installed. I don’t remember… The icon is supposed to be grey, right?

13

8.8.8.8 is Google DNS.
It’s pretty good, but Quad-9 specifically blocks dodgy URLs.

14

Download and use Malware Bytes for the Mac.

The majority of time, those warnings are bogus. If you quit the browser they go away.

They only want you to install crap like MacKeeper.

EDIT: I see you have already installed Malware Bytes, so you should be fine.

I still think that warning was bogus and just an attempt to install nasty stuff.

I’ve seen similar warnings like that on my Mac several times and just quitting the browser was fine.

15

Off-topic, but feel a need to share.

I don’t have a Mac, but fefore you go ahead with any repairs that your Mac shop may recommend, I highly recommend contacting Louis Rossman https://rossmanngroup.com/macbook-logic-board-repair/ or at least watch a few of his Mac Ripoff videos on his channel: https://www.youtube.com/user/rossmanngroup

But lingyi, you don’t have a Mac, so why recommend Rossman? I came across his site because of Linus Tech Tips where they had an “unfixable” Mac Pro that would cost more to repair than to buy a new one. At least according to Rossman (as well as other YouTubers), Mac techs are instructed to recommend buying a new machine than repair. Take it with as large a grain of salt as you like.

16

If Adblock is working - then it should be ‘red’ - grey means that ads are allowed on the site you’re currently visiting , either because you have specifically whitelisted the site or because adblock is malfunctioning.

17

One of the things I remember from my mercifully-brief time on the phones providing official Mac tech support is that Apple considered MacKeeper to be malware. I helped more than one person remove it.

18

So… I should reinstall it? Or should I wait to see if any place complains I’m using an ad blocker?

19

Agree with this.

If you are using Opera, Chrome, or Firefox, you should install these extensions: Privacy Badger, HTTPS Everywhere, and uBlock Origin. They are all from open-access devs and the combination eliminates nearly 100% of all ads online. Since switching back to Firefox and using these extensions I don’t even remember the last time I saw ads online.

20

This morning I received this response from ABP [excerpted]: