1. Please take 30 seconds to register your free account to remove most ads, post topics, make friends, earn reward points at our store, and more!  
     
    TalkBass.com has been uniting the low end since 1998.  Join us! :)

Getting Malicious Pop-ups? Win 250,000, Free iPhone, Amazon gift cards, etc?

Discussion in 'Forum Usage Help' started by paul, Feb 6, 2018.


  1. paul

    paul Staff Member Founder Administrator

    Jul 20, 2000
    Texas
    First, clear your browser's cookies/cache/history every time this happens. It's caused by a malicious ad that some ad network sneaks through. The popup itself does NOT mean that you're infected with malware, but if you tap any of the popup's links, run malwarebytes.org to clean your system.

    This issue is not specific to TalkBass but it an ongoing industry wide issue that they are addressing with ads.txt and TAG as well as other things. It's just not fixed yet.

    If you can, TAKE A SCREENSHOT of the malicious popup. That will grab your phone's time as well. If you can post in this thread the screenshot, or exactly what time it was you got the malicious popup, we can attempt to seek and destroy some of the culprits via ad log files. Please also let us know what timezone you're in.

    This is quite a common problem with smartphones of all breeds but mostly affects Android smartphones. Thanks for your help!

    android amazon gift card pop up - Google Search

    Removed: Congratulations You Won Virus on Android

    How to remove "Congratulations Amazon User" pop-ups (Survey Scam)

    Here’s why the epidemic of malicious ads grew so much worse last year
     
    Last edited: Feb 7, 2018
    Mike.C. and twinjet like this.
  2. I keep getting this seemingly bogus Amazon pop up with a spinning wheel of fortune. Now I am also getting a screen saying I have a virus but it looks like a phishing attack. It only happens while I am looking at Talkbass.

    I wanted to ask if your site is running some kind of Amazon promotion that pops up this wheel of fortune give-away widget, or anything remotely like that. Thanks.
     
    Bassist Jay and Alik like this.
  3. HeavyDuty

    HeavyDuty Supporting Curmudgeon Staff Member Gold Supporting Member

    Jun 26, 2000
    Suburban Chicago, IL
    I’ve not seen anything like that, but as a supporter I don’t see ads. In my experience issues like this are often related to a “rogue” ad being served up by Adsense or the like.

    @paul , FYI.
     
    Bassbeater likes this.
  4. paul

    paul Staff Member Founder Administrator

    Jul 20, 2000
    Texas
    Whenever this happens, can you take a screenshot and post it here.

    That way we can get the exact time it happens, look it up in the ad logs, and nuke the rogue advert.

    Thanks!
     
    Last edited: Feb 17, 2018
  5. charlie monroe

    charlie monroe Gold Supporting Member

    Feb 14, 2011
    Buffalo, NY
    I travel extensively for my work.
    I do not have this experience when I am at home in Buffalo.

    Last week, in New Orleans, TB was almost unusable on my iPhone 6s w/Safari.

    I returned home and the site functioned as intended.

    I am now in Kissimmee and I am getting hammered again. I will add a screenie shortly.

    Is it possible that this is a regional thing?
     
  6. Oddly

    Oddly Unofficial TalkBass Cartographer! Supporting Member

    Jan 17, 2014
    Dublin, Ireland.
    Assuming you're using local wi-fi hotspots or similar, I've read that a lot of these aren't nearly as secure as we'd like...
    I can't find it right now, but I've read a very interesting article about how certain companies like Starbucks actually collaborate with data-mining companies etc.
     
  7. charlie monroe

    charlie monroe Gold Supporting Member

    Feb 14, 2011
    Buffalo, NY
    IMG_0819.PNG IMG_0820.PNG IMG_0821.PNG
     
    /\/\3phist0 and HolmeBass like this.
  8. charlie monroe

    charlie monroe Gold Supporting Member

    Feb 14, 2011
    Buffalo, NY
    I am running iOS 10.3.1

    Apple has me convinced that updating every time they ask me to is not always in my best interest ;)
     
  9. charlie monroe

    charlie monroe Gold Supporting Member

    Feb 14, 2011
    Buffalo, NY
    Good thought, but I am using my cellular data plan.
     
  10. Oddly

    Oddly Unofficial TalkBass Cartographer! Supporting Member

    Jan 17, 2014
    Dublin, Ireland.
    I never win anything...maybe I should get an iPhone?:D
     
    wesonbass and charlie monroe like this.
  11. filmtex

    filmtex

    May 29, 2011
    There seems to be a lot of interest in the online “security” community about these ads. I’ve been running several betas -iOS, Mac OS and browsers- and I don’t think anyone is really sure exactly what’s going on -or at least aren’t sharing very well. I don’t see these on either my iPad, iPhones or either of my Macs, from talkbass.com that is, but I do get them on misc. other sites.
    Wish I had more to offer but, at least the admins here seem to be quite proactive. Good on em. Let’s keep the screenshots coming and maybe, collectively, we can get a handle on it. Might not be a bad idea to add - platform, OS, version, browser and version, and now, it seems ISP as well to the screenshots if you feel comfortable doing that.
    Just my 2cents. Thanks for listening.
     
  12. paul

    paul Staff Member Founder Administrator

    Jul 20, 2000
    Texas
    Thank you so much for the screens, I've submitted them to my rep and they will go on the attack: based on your IP and the time shown on the screenshots they can search the ad logs and zap the bad advertiser. Yes it could definitely be a regional thing, as these "rogue ads" (in this case they're called "forced redirects") can be targeted to specific regions or networks. They are not specific to any one ad network, affecting everything from Google Adsense to Amazon ads. The industry is trying to get ahead of these forced redirects by using various technologies but for now searching and destroying every one is the only way to do it.

    Be sure to clear your browser's cookies/cache as this can help to stop recurrences.
     
    HeavyDuty likes this.
  13. paul

    paul Staff Member Founder Administrator

    Jul 20, 2000
    Texas
    Yeah "forced redirects" are a real problem in the entire online advertising universe. The industry is trying to get rid of them with the ads.txt initiative and other initiatives, but for now the bad guys are one step ahead.

    Thankfully we have a great ad ops team that takes time to look in the ad logs to find these rogue ads. A screenshot will show the exact time the ad was delivered, and I can grab the user's IP from the post, so no other info (browser, isp etc) is needed.
     
    S-Bigbottom and HeavyDuty like this.
  14. filmtex

    filmtex

    May 29, 2011
    Good to know. You folks rock TB. Keep up the good work.
     
    twinjet likes this.
  15. HeavyDuty

    HeavyDuty Supporting Curmudgeon Staff Member Gold Supporting Member

    Jun 26, 2000
    Suburban Chicago, IL
    Do you have a link to one of these discussions? The admin at another forum I use refuses to believe these can be anything other than my problem. I’d like to lightly oil the link and shove it up his try to educate him.
     
    S-Bigbottom and charlie monroe like this.
  16. filmtex

    filmtex

    May 29, 2011
    You bet. Here’s one from Apple.com forums and anther from malware tips.com and virusresearch.com to name a few. The beta forums have restricted access, but those should help. I hope!
     
    HeavyDuty likes this.
  17. paul

    paul Staff Member Founder Administrator

    Jul 20, 2000
    Texas
    These are definitely NOT end-user problems. Nor does it mean that the other admin's forum has been "hacked" in any way. They're simply coming in through AdSense and any other ad network. Here's a quote from my ad operations manager regarding @charlie monroe 's deluge of redirects:

    He's using iPhone and Safari to browse, which is a strong combo for malicious ads for some reason.

    Also, it's the weekend. The malicious guys launch these campaigns in the hopes that tech teams are not working and they can't/won't address the issue.

    I'm curious if he's getting targeted more due to his cookies that are on his machine/phone... So clearing that cache would be helpful I feel.

    I'm getting this info over to the tech team and they will have a look and crush the offender. ​
     
  18. charlie monroe

    charlie monroe Gold Supporting Member

    Feb 14, 2011
    Buffalo, NY
    Apparently not. I cleared my cache and cookies.

    I was then hammered before I could complete the login process, lol.
     
  19. Mushroo

    Mushroo Supporting Member

    Apr 2, 2007
    Massachusetts, USA
    I've been getting these constantly on my Android phone despite clearing all history, cookies, and browsing data.
    Screenshot_2018-02-17-16-11-48.
     
  20. charlie monroe

    charlie monroe Gold Supporting Member

    Feb 14, 2011
    Buffalo, NY
    Welcome to the party :D
     
    Mushroo likes this.

Share This Page