Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scam ads on Bleeping


  • Please log in to reply
14 replies to this topic

#1 BradTheGeek

BradTheGeek

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 15 August 2016 - 02:19 PM

Hi.  I have been a regular Bleeping user for years.

 

Today I went to download adwcleaner as I have done a million times.  I know more recently with the need for money due to lawsuits you have been putting more ads on.  I use an adblock and typically do not see them.  However this was on a customer computer.

 

I tried to pause an autoplay video ad about Ellen Degeneres and it launched a full scam tech support page with multiple tabs and popovers.  I then tested on my PC in incognito mode and got the same video and ad.  Reloading after this produced other ads for things like extra gum that did not have fraudulent popups on pause.

 

I know this goes against what Bleeping stands for and is not intentional, but the more ads you put, the more bad ones will sneak through.  Hopefully your ad network is responsive to complaints as this one is possibly very bad both for your users and your reputation.


Edited by BradTheGeek, 15 August 2016 - 02:19 PM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:58 AM

Posted 15 August 2016 - 02:37 PM

Hi Brad.

What page were you visiting?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:58 AM

Posted 15 August 2016 - 02:39 PM

Thanks..will look into it. Do you remember the domain so i can blacklist it? I think this is from the video in the downloads?



#4 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 15 August 2016 - 03:00 PM

This happens to a lot of websites. The problem is that the website owners do not have control over the advertiser's content. 



#5 BradTheGeek

BradTheGeek
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 15 August 2016 - 03:22 PM

This was on the download page for adwcleaner, after clicking the green download button, the page that shows a video to use it has a preroll ad.  I did not think to copy the domain, of which there were two.  It opened one scam page (with a fake status window rendered in it, making closing it difficult for a naive user, and a second page that was similar.  I assume all the download pages could be subject to the same ad.

 

It is the scourge of ad networks, and why our firm heavily recommends adblockers to end users.



#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:58 AM

Posted 15 August 2016 - 03:28 PM

I will try and find the domain and blacklist it. Thanks for letting me know.



#7 BradTheGeek

BradTheGeek
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 15 August 2016 - 03:47 PM

Update.. I went to the download page and reloaded several times, this ad is in the rotation.  I took screenshots which also expose the url.  They are below...

 

Image one shows the ad.  It does not occur on pause, but anywhere else on the image to follow the ad link.  I must have misclicked to find it the first time.

Image two shows the status popover.

Image three shows the fake status popover which would confuse users trying to close the window

(which has loud warning audio as well)

 

http://imgur.com/a/7AqyL



#8 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:11:58 PM

Posted 15 August 2016 - 04:56 PM

I noticed that in the screenshot you are NOT signed in.

If you SIGN IN to BC, you won't see any ads.

Of course, there will be those who search for a download and maybe find it here. They won't realize they have to sign in in order to NOT see the ads.

#9 BradTheGeek

BradTheGeek
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 16 August 2016 - 10:12 AM

I know that if I sign in there are no ads.  However, many times me or another tiech is with a client in person or remotely, using their PC.  We could xfer tools in from another PC or off a storage device, but we do not log in to personal accounts on a client PC.  This is why I saw it in this case, and would in any case when dealing with a client or directing a person to you for assistance or tools.

 

Thanks for being responsive and blacklisting the domain.  Another reason to like this place.  I hope the lawsuits go well.


Edited by BradTheGeek, 16 August 2016 - 10:13 AM.


#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:58 AM

Posted 16 August 2016 - 10:34 AM

Agreed..trying to find the Url. Once I get it, it will be blacklisted.



#11 BradTheGeek

BradTheGeek
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 16 August 2016 - 12:34 PM

It is in the screenshots I posted above (imgur link).  I did not want to paste it directly for someone to follow.



#12 BradTheGeek

BradTheGeek
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 16 August 2016 - 12:38 PM

I wouldn't follow this link. :)

 

One day I am going to set up a honeypot VM and call some of these numbers just to mess with them.  



#13 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:11:58 PM

Posted 16 August 2016 - 12:40 PM

One day I am going to set up a honeypot VM and call some of these numbers just to mess with them.


If you do let us know how it goes with them. It would be a very interesting read.

#14 BradTheGeek

BradTheGeek
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 16 August 2016 - 12:44 PM

It is a matter of spare time.  If I do it I will want to try several runs and screen record them with the phone audio added.  Snapshotting a nice infected VM and a clean VM to see some of their tactics will be fun.  I will play the dumb user until I see fit to yank the rug out from them.  I don't really have the budget, but getting a prepaid CC to further lure them into work could be interesting as well.



#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:58 AM

Posted 16 August 2016 - 01:16 PM

i deleted the link. That link is the ultimate landing page, but not the advertising domain. Need to find that.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users