Notices

FTE Hijacked bt Malware Distro

 
  #1  
Old 02-05-2019, 09:35 AM
flowney's Avatar
flowney
flowney is offline
Posting Guru
Thread Starter
Join Date: Jun 2014
Location: Middle Georgia
Posts: 1,169
flowney is gaining momentum as a positive member of FTE.
FTE Hijacked bt Malware Distro

Going to the 73-79 forum this AM, I was accosted by the following:




It downloads a file, Player_DMG.dmg, without permission and the proceeds to prompt opening and installing that file. This kind of web-based exploit can only be implemented by compromising the web site. This is a very slick looking exploit and will deceive/hurt a lot of good folks. Please attend to this ASAP.
 
  #2  
Old 02-05-2019, 02:53 PM
IB Jose's Avatar
IB Jose
IB Jose is offline
Internet Brands
Join Date: Dec 2013
Posts: 2,436
IB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant future
Hey Frank,


This is not a hijack of FTE's servers or anything of the sort--it looks like it's coming through ad publishers sending through bad advertising. Are you on an iPad?
 
  #3  
Old 02-05-2019, 03:54 PM
flowney's Avatar
flowney
flowney is offline
Posting Guru
Thread Starter
Join Date: Jun 2014
Location: Middle Georgia
Posts: 1,169
flowney is gaining momentum as a positive member of FTE.
Originally Posted by IB Jose View Post
Hey Frank,


This is not a hijack of FTE's servers or anything of the sort--it looks like it's coming through ad publishers sending through bad advertising. Are you on an iPad?
No, I'm on an iMac under macOS 10.14.2.
Since the popup comes when an FTE page is frontmost and w/o any user interaction (on page load, in fact) it sure looks like something initiated on FTE servers.
When you point to "ad publishers" does that mean that FTE has partnered with ad publishers that are misbehaving by not following the terms of their agreements?
 
  #4  
Old 02-05-2019, 06:51 PM
IB Jose's Avatar
IB Jose
IB Jose is offline
Internet Brands
Join Date: Dec 2013
Posts: 2,436
IB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant future
Most of FTE's ads only have "physical" real estate on our website. Most of our ads are run through Google and Amazon's ad service servers (which are almost always "clean" and filtered for spam and malware prior to even hitting websites). A small minority of our ads not run through Google and Amazon are hosted and published by other third-party partners, and are usually ones with less robust filtering systems and anti-spam measures. These types of screen-overtaking ads have been extremely common on mobile devices (smartphones and tablets) for the past two and a half years or so--which is why my gut reaction was to ask if you were on an iPad.

You're not an isolated case with these ads so we will be trying to figure out which of our partners in the culprit ASAP.
 
  #5  
Old 02-06-2019, 08:54 PM
hula1589
hula1589 is offline
Junior User
Join Date: Feb 2016
Posts: 68
hula1589 is starting off with a positive reputation.
If it was a PCO offer I wouldn't mind but I have been hammered by this for 3 days now. Be nice to know if it was or can be taken care of.
 
  #6  
Old 02-07-2019, 03:41 PM
IB Jose's Avatar
IB Jose
IB Jose is offline
Internet Brands
Join Date: Dec 2013
Posts: 2,436
IB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant futureIB Jose has a brilliant future
These types of ads are notoriously difficult for us to track down and block. I apologize for the inconvenience but we're doing the best we can, and we take these types of intrusions very seriously.
 
  #7  
Old 02-07-2019, 04:35 PM
flowney's Avatar
flowney
flowney is offline
Posting Guru
Thread Starter
Join Date: Jun 2014
Location: Middle Georgia
Posts: 1,169
flowney is gaining momentum as a positive member of FTE.
Originally Posted by IB Jose View Post
These types of ads are notoriously difficult for us to track down and block. I apologize for the inconvenience but we're doing the best we can, and we take these types of intrusions very seriously.
Understood. The payload for this exploit inserts ads at the system level so, once installed, the end user is rarely able to cope with the onslaught of ads. Most virus scanners will identify and quarantine them but the problem is that many end users don't have and use them.
 
 


Thread Tools
Search this Thread

Contact Us - About Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

© 2019 MH Sub I, LLC dba Internet Brands

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.