MozillaZine

Urgent Firefox update alert - fake but a nuisance

Discuss various technical topics not related to Mozilla.
BruceAWittmeier

User avatar
 
Posts: 2625
Joined: June 9th, 2008, 10:53 am
Location: Near 37.501685 -80.147967

Post Posted July 21st, 2017, 5:21 pm

On another forum several users and myself are getting a Urgent Firefox Update or Flash Update just by accessing the site. It shows up under various names.

I'm just curious if someone knows how these are "injected" into a page or the loading process. They are not stopped by virus programs or Windows Defender that anyone has indicated. I suspect that is because its legit javascript code -- I've captured the page and it is pretty simple - just normal HTML and a large javascript to paint the viewport and display the message.

This is one of the latest:
http://www.taurusarmed.net/forums/site- ... hread.html

It isn't the page itself but somehow it is being called and loaded while users are just typing or sitting idle.
~ I'm only here to Pay it Forward. ~

"I often take a very long windy road to my destination. When I arrive I often wonder how I missed the shortcut".

James
Moderator

User avatar
 
Posts: 27091
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Post Posted July 21st, 2017, 6:09 pm

The image in OP is just a generic fake Microsoft support popup that does not necessarily target Firefox users. Two people in thread are confusing the Java Plugin with JavaScript.

The fake urgent Firefox update is this https://support.mozilla.org/en-US/kb/i-found-fake-firefox-update and is smart enough to target only Windows users and not Firefox users on Linux and Mac OSX.

Yahoo pages tends to be where Firefox users can get this fake urgent Firefox update for the past year now. Ublock can block this fake Firefox update that pops up on new randoms sites.

Brummelchen
 
Posts: 2609
Joined: March 19th, 2005, 10:51 am

Post Posted July 22nd, 2017, 1:55 am

i already told you (twice) to use a decent ad filter not that crap you currently use. now you get annoying.

and that is a s simple fake site - i tested another one which is not possible to close until browser close - you be happy not to have experienced that one. :roll:

BruceAWittmeier

User avatar
 
Posts: 2625
Joined: June 9th, 2008, 10:53 am
Location: Near 37.501685 -80.147967

Post Posted July 22nd, 2017, 5:06 am

Thank you James for the information and link with an explanation.

B - I come to this forum due to the knowledge in the contributors. I'm trying to learn what causes these and how the are implemented. You can block me so I won't annoy you anymore.

User Control Panel/Friend or Foes/Manage Foes
Enter: BruceAWittmeier and Submit

Should resolve that problem.
~ I'm only here to Pay it Forward. ~

"I often take a very long windy road to my destination. When I arrive I often wonder how I missed the shortcut".

Grumpus

User avatar
 
Posts: 11605
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted July 22nd, 2017, 5:30 am

Did you think to report the site to Google? - /Help/Report a deceptive site

barbaz
 
Posts: 1677
Joined: October 1st, 2014, 3:25 pm

Post Posted July 22nd, 2017, 8:38 am

*Always* check the changelogs BEFORE updating that important software!

Brummelchen
 
Posts: 2609
Joined: March 19th, 2005, 10:51 am

Post Posted July 22nd, 2017, 9:19 am

I'm trying to learn what causes these

no, you were not here to learn otherwise you have made the suggested changes.

you are not able to change or prohibit such fake sites so at least its up on you to block fake sites.
the phishing block list contains "# Hosts: 196613" and the fraud list "# Hosts: 237220" -> https://hosts-file.net/?s=Download
are you going to report each site site now which is impacting on your system? serious silly it would be.
the option to be hitted is high - either you have a nice block list for you system or you use something like uBlock or Adblock and ad a blocking list.

THIS means learning, not your report here which ist one of thousand++ in world wide web, at least each serious forum has such a complaining list, either websites or mails.

in case of the shown site is not listed - anything could be possible. a hacked ad-server may possible, or a not honorable ad-service.
ublock and adblock can keep out unwanted scripts, either by name or by content (ublock can filter by content, adblock cant).

unfortunately i was not able to report malicious sites yet because i dont get them. i god knows what crappy sites i surf.

please think about.

mightyglydd

User avatar
 
Posts: 9037
Joined: November 4th, 2006, 7:07 pm
Location: Hollywood Ca.

Post Posted July 22nd, 2017, 9:25 am

Brummelchen wrote:unfortunately i was not able to report malicious sites yet because i dont get them. i god knows what crappy sites i surf.

Likewise, never seen one, because as recommended here and at Mozilla Help, ad nauseam, I use uBlock Origin....
#KeepFightingMichael

Brummelchen
 
Posts: 2609
Joined: March 19th, 2005, 10:51 am

Post Posted July 22nd, 2017, 9:55 am

i had adblock+/noscript for a long time, until some1 pointed me out uBlock/uMatrix. i had both but the administrative work on both exceeded so i stayed with uBlock. it never left me alone unless i made mistakes, running on firefox ( 2 profiles), Opera/Vivaldi/Chromium. for chrome(ium) i had also to take uB protector because chrome cant handle it so nice like firefox. thats why i donate from time to time to raymond that his project wont become overtaken.

ublock extends my hosts files (see link above from me -> ATS list) and some kind of other methods to prevent intruders here.

BruceAWittmeier

User avatar
 
Posts: 2625
Joined: June 9th, 2008, 10:53 am
Location: Near 37.501685 -80.147967

Post Posted July 22nd, 2017, 1:15 pm

therube:
I did not report it to Adobe. I reported it through the Help/Report deceptive sites...

Grumpus:
I reported it through the Help/Report deceptive sites Jun 09, 2017.
See this first line: viewtopic.php?f=7&t=3030979

I was in exchange of communications with the admin of the site where it occurred.

B - I will visit the site you posted regarding the host information. I incorporated a host file mod that took so long the browser would not respond. I'll see whats on your link. Thank you. Please go have a cold beer on me. Send me the bill.

I tried NoScript about a year ago for another reason and found it blocked too much and was very overwhelming for me -- so it was removed.

I have since loaded uBlock. I have not been on the site long enough to know if that is the solution but will assume it will prevent it.

I do feel smarter now.
~ I'm only here to Pay it Forward. ~

"I often take a very long windy road to my destination. When I arrive I often wonder how I missed the shortcut".

Frank Lion

User avatar
 
Posts: 19440
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom

Post Posted July 25th, 2017, 11:39 am

Hi Bruce,

Those 'messages' are always JS driven, so at its simplest they can be prevented by YesScript by blocking JS only on that one particular site.

However, as the scripts often actually originated from some advert then a good adblocker or hosts file will also be effective, with the advantage that you can still have JS functionality on the rest of the site. There's nothing wrong, per se, with using hosts files except that most are much too damn long and slow stuff down. That's not the fault of a hosts file, but the way people try to whack the ads themselves rather than the originators of the ads, which results in hosts files with thousand upon thousands of entries.

Somewhere around here, I posted one of mine - it's only about 30 lines long and whacks 97%+ of perp ads for me.

So, there you have it, a number of choices for you. Choices are a 'good thing' - a point often missed by the 'My Way or The Highway' pre-teen German Thought Police in our midst.
Metal Lion latest SeaMonkey & Thunderbird Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)

BruceAWittmeier

User avatar
 
Posts: 2625
Joined: June 9th, 2008, 10:53 am
Location: Near 37.501685 -80.147967

Post Posted July 25th, 2017, 2:44 pm

Thank you Frank for your input.

As I indicated, I just got a new PC with Windows 10. In my old PC Vista Ultimate I had about 20 entries in my host file. I have not modified my new PC much yet but will consider that.

Using Windows 10 64 bit -- would I still modify the hostfile in the windows system32\drivers\etc directory? Mine is almost blank as I would expect.

I will give a try to YesScript as well.

Thanks.
~ I'm only here to Pay it Forward. ~

"I often take a very long windy road to my destination. When I arrive I often wonder how I missed the shortcut".

Return to MozillaZine Tech


Who is online

Users browsing this forum: No registered users and 1 guest