Ford Truck Enthusiasts Forums

Ford Truck Enthusiasts Forums (https://www.ford-trucks.com/forums/index.php)
-   Site Announcements (https://www.ford-trucks.com/forums/forum74/)
-   -   FTE Hijacked bt Malware Distro (https://www.ford-trucks.com/forums/1571496-fte-hijacked-bt-malware-distro.html)

flowney 02-05-2019 09:35 AM
FTE Hijacked bt Malware Distro
 
Going to the 73-79 forum this AM, I was accosted by the following:


https://cimg4.ibsrv.net/gimg/www.for...372855ded1.jpg

It downloads a file, Player_DMG.dmg, without permission and the proceeds to prompt opening and installing that file. This kind of web-based exploit can only be implemented by compromising the web site. This is a very slick looking exploit and will deceive/hurt a lot of good folks. Please attend to this ASAP.

IB Jose 02-05-2019 02:53 PM
Hey Frank,


This is not a hijack of FTE's servers or anything of the sort--it looks like it's coming through ad publishers sending through bad advertising. Are you on an iPad?

flowney 02-05-2019 03:54 PM
Originally Posted by IB Jose (Post 18463293)
Hey Frank,


This is not a hijack of FTE's servers or anything of the sort--it looks like it's coming through ad publishers sending through bad advertising. Are you on an iPad?
No, I'm on an iMac under macOS 10.14.2.
Since the popup comes when an FTE page is frontmost and w/o any user interaction (on page load, in fact) it sure looks like something initiated on FTE servers.
When you point to "ad publishers" does that mean that FTE has partnered with ad publishers that are misbehaving by not following the terms of their agreements?

IB Jose 02-05-2019 06:51 PM
Most of FTE's ads only have "physical" real estate on our website. Most of our ads are run through Google and Amazon's ad service servers (which are almost always "clean" and filtered for spam and malware prior to even hitting websites). A small minority of our ads not run through Google and Amazon are hosted and published by other third-party partners, and are usually ones with less robust filtering systems and anti-spam measures. These types of screen-overtaking ads have been extremely common on mobile devices (smartphones and tablets) for the past two and a half years or so--which is why my gut reaction was to ask if you were on an iPad.

You're not an isolated case with these ads so we will be trying to figure out which of our partners in the culprit ASAP.

hula1589 02-06-2019 08:54 PM
If it was a PCO offer I wouldn't mind but I have been hammered by this for 3 days now. Be nice to know if it was or can be taken care of.

IB Jose 02-07-2019 03:41 PM
These types of ads are notoriously difficult for us to track down and block. I apologize for the inconvenience but we're doing the best we can, and we take these types of intrusions very seriously.

flowney 02-07-2019 04:35 PM
Originally Posted by IB Jose (Post 18467936)
These types of ads are notoriously difficult for us to track down and block. I apologize for the inconvenience but we're doing the best we can, and we take these types of intrusions very seriously.
Understood. The payload for this exploit inserts ads at the system level so, once installed, the end user is rarely able to cope with the onslaught of ads. Most virus scanners will identify and quarantine them but the problem is that many end users don't have and use them.


All times are GMT -5. The time now is 04:51 AM.


© 2024 MH Sub I, LLC dba Internet Brands