Menu
Reply
Well-informed
  • 1.23K
  • 41
  • 175
Registered: ‎09-07-2010
Message 31 of 52 (215 Views)

Re: Can anything be done to stop these annoying "survey" interruptions

[ Edited ]

mojouk1 wrote:

shanematthews wrote:

mojouk1 wrote:

I think its unacceptable that the VM staff/Mods have yet to respond to this potentially dangerous attack or put out any warnings to their customers on their website. 


If VM were to issue warnings for every kind of possible way an end user can screw up, they would be competing with wikipedia for page count Smiley Tongue

VM doesn't control the internet, they don't control your PC they don't control the actions you take, they can only suggest so much, using common sense on the internet along with a decent AV and a decent browser with an adblocker installed will pretty much cut your rate of infection down to near zero, sadly common sense is one of the rarest things that exists these days


Did you read my previous post? I have very highly rated malware and anti-virus software on my PC, both paid full versions and it got past both. I also use an ad blocker but still got this infection on my computer (its doubtful an ad blocker would have helped in this case anyway). Seeing as this virus is imitating VM surveys in order to steal money I think VM have a duty to warn their customers in a much more visible manor rather than post a thread in a forum that most customers wont see.


I have AV and a simple adblocker, not had any kind of infection in years, ergo you did something wrong somewhere that allowed the malware access to your system, my AV is a free one and most of the time i don't even run any specific anti-malware tools, i have a single adblocker on my main browser, software alone will not protect an end user from themself, and again, if VM were to warn you about every single possible infection you could get we would be talking about documents so long nobody would even read them in the first place

how exactly do you propose to even reach every single user? i've never even bothered to set up a VM email address and the only emails i get are billing related nothing else, the virus isn't imitating VM surveys its just grabbing your ISP name and sticking it in the text field, its really not hard to get that kind of information you know and its by no means VM specific, careless people will get infected no matter how much you warn them about it

Always exploit the weakest link in the chain, the human component

Superuser
  • 7.44K
  • 455
  • 1.96K
Registered: ‎10-07-2014
Message 32 of 52 (213 Views)

Re: Can anything be done to stop these annoying "survey" interruptions

[ Edited ]

I think theres more than one thing going on here- I think cybmoles got it about right. I dont think this is malware in the traditional sense of something installed on your computer, but rather a web server end thing. Like BenMcr says, its easy to look at your IP and say "yeah thats a VM IP" then serve a malicious popup. 

There are a number of examples of this attack vector and its usually from an ad on the site you are browsing, not the site itself. The attacker loads a compromised HTML file to the adserver and sets the pop up up that way.

The way round that is a decent ad-blocker/pop up blocker rather than AV or Anti-malware- nothing installed, nothing to detect, so scans will come up clear.

 


Reply
0 Kudos
On our wavelength
  • 41
  • 0
  • 7
Registered: ‎21-11-2016
Message 33 of 52 (208 Views)

Re: Can anything be done to stop these annoying "survey" interruptions

[ Edited ]

This is not a pop up in the normal sense as my browser can be closed and i'll be working or playing a game and it will open the browser and show this bogus survey, thats how i knew it was fake in the first place. Its more than just a pop up if its instructing the browser to open when its not running. I'm not saying VM should inform customers of every virus that can infect their computers, that would be ridiculous, but I feel they could have a warning on the home page somewhere that will have a better chance of being seen by more customers as this is targeting VM customers in this instance. And just because you have been lucky enough not to be infected by this it does not mean someone that has is doing something wrong. As far as i'm concerned I've done everything I can to be safe online. If I got this virus with the protection I have in place then anyone can get it, its just a case of looking at the infected page/video on social sites such as FB from what I've read.

Reply
0 Kudos
Well-informed
  • 1.23K
  • 41
  • 175
Registered: ‎09-07-2010
Message 34 of 52 (194 Views)

Re: Can anything be done to stop these annoying "survey" interruptions


mojouk1 wrote:

This is not a pop up in the normal sense as my browser can be closed and i'll be working or playing a game and it will open the browser and show this bogus survey, thats how i knew it was fake in the first place. Its more than just a pop up if its instructing the browser to open when its not running. I'm not saying VM should inform customers of every virus that can infect their computers, that would be ridiculous, but I feel they could have a warning on the home page somewhere that will have a better chance of being seen by more customers as this is targeting VM customers in this instance. And just because you have been lucky enough not to be infected by this it does not mean someone that has is doing something wrong. As far as i'm concerned I've done everything I can to be safe online. If I got this virus with the protection I have in place then anyone can get it, its just a case of looking at the infected page/video on social sites such as FB from what I've read.


Thats the part you're missing, its not targetting VM customers, the popup will be linking a web page that is doing a lookup and formatting the text accordingly, its VERY easy to do a whois lookup on the connecting IP and grab the text of the ISP and format accordingly, VM customers will see VM and BT customers will see BT https://eigde79682.i.lithium.com/t5/image/serverpage/image-id/27496i6956173FBB342B3A?v=1.0 exact same fake survey page for a talktalk user, note the ID on the page is identical, its not even randomly generated lol https://malwaretips.com/blogs/wp-content/uploads/2015/05/Isp-survey.com-Virus.jpg same template in use 2 years back, different image and text because obviously people can just search for that text http://i.imgur.com/rACW2ko.png same template again etc

This is just a generic malware using easily and freely accessible information stored on the internet to serve a generic survey page that either earns them money per survey completed or tries to install more malware on your system or is just used to try and get personal information out of you to use for future scams, there isn't anything VM specific about it

On our wavelength
  • 41
  • 0
  • 7
Registered: ‎21-11-2016
Message 35 of 52 (169 Views)

Re: Can anything be done to stop these annoying "survey" interruptions

Regardless of the type of malware, its point of origin etc its still directing this at VM customers. BT and Sky customers may or may not get a similar fake survey pretending to be from these ISP's but thats not my concern. Its pretending to be from VM in my case and its using the VM name and their reputation. If a customer was fooled by this and lost thousands of pounds would they be happy that VM appeared to not warn them even though they knew about this?

Reply
0 Kudos
Well-informed
  • 1.23K
  • 41
  • 175
Registered: ‎09-07-2010
Message 36 of 52 (163 Views)

Re: Can anything be done to stop these annoying "survey" interruptions


mojouk1 wrote:

Regardless of the type of malware, its point of origin etc its still directing this at VM customers. BT and Sky customers may or may not get a similar fake survey pretending to be from these ISP's but thats not my concern. Its pretending to be from VM in my case and its using the VM name and their reputation. If a customer was fooled by this and lost thousands of pounds would they be happy that VM appeared to not warn them even though they knew about this?


And as i've said, numerous times now, its not targetting a specific group, its just generic malware, VM cannot warn you about every instance of malware or every website that may or may not use the VM name, its impossible to track and its impossible to list, Vm already has warnings in place not to click suspicious links including this http://community.virginmedia.com/t5/Security-matters/Fraudulent-Surveys/td-p/2848898 sticky which has been present on these forums for nearly 2 years, there is nothing more they can do, these fake surveys are not new, and there isn't anything VM can do to stop someone using whois data to lookup an IP to render text on a website for malicious reasons or otherwise, there is no way to warn all users anyway and even if you do email or write to them you have no way of knowing they understood what was in the letter or even read it, and even then it will still likely make no difference in the level of infections anyway especially in situations where the PC is shared with other users

Wise owl
  • 3.28K
  • 156
  • 710
Registered: ‎28-08-2009
Message 37 of 52 (150 Views)

Re: Can anything be done to stop these annoying "survey" interruptions

if you want virgin to fix it, in any sense of fix it, that is never going to happen. And I for one don't want to continue that debate

But If you want to stop it happening on your pc that is easy.

You need the url that appears in the browser, then you block that address from working. E,g by a hosts file edit, or by using open dns custom  locks.

For info on how to use hosts file to block, Google or ask.

I am assuming it's the same Fake survey url each time, but even if there are several different ones it is still a simple block.

Ps if something is opening your browser, all by itself, while you are working or playing offline, then you have an infection, that's for sure.

No sense fretting about how it got there, just apply tools to find it and zap it as per previous advice and links

 

Reply
0 Kudos
On our wavelength
  • 41
  • 0
  • 7
Registered: ‎21-11-2016
Message 38 of 52 (120 Views)

Re: Can anything be done to stop these annoying "survey" interruptions


shanematthews wrote:

mojouk1 wrote:

Regardless of the type of malware, its point of origin etc its still directing this at VM customers. BT and Sky customers may or may not get a similar fake survey pretending to be from these ISP's but thats not my concern. Its pretending to be from VM in my case and its using the VM name and their reputation. If a customer was fooled by this and lost thousands of pounds would they be happy that VM appeared to not warn them even though they knew about this?


And as i've said, numerous times now, its not targetting a specific group, its just generic malware, VM cannot warn you about every instance of malware or every website that may or may not use the VM name, its impossible to track and its impossible to list, Vm already has warnings in place not to click suspicious links including this http://community.virginmedia.com/t5/Security-matters/Fraudulent-Surveys/td-p/2848898 sticky which has been present on these forums for nearly 2 years, there is nothing more they can do, these fake surveys are not new, and there isn't anything VM can do to stop someone using whois data to lookup an IP to render text on a website for malicious reasons or otherwise, there is no way to warn all users anyway and even if you do email or write to them you have no way of knowing they understood what was in the letter or even read it, and even then it will still likely make no difference in the level of infections anyway especially in situations where the PC is shared with other users


My last words on this subject.

Why should VM's customers have to try and protect themselves from this potentially very dangerous malware, when as in my case at least, had taken every reasonable steps to prevent it from happening? If they have known about this for 2 years then surely they have had plenty of time and the resources to track the individuals responsible for this, shut them down and bring them to justice. And i repeat, a thread in a forum that most customers wont see is not really going to prevent some customers fooling for this scam. You and I have the experience with such matters to understand the risks of these attacks but there are thousands of VM customers for one reason or another that will not. They could send an email to customers informing them of this security risk at the very least just as my bank did when there was a security attack from fake emails.

Reply
0 Kudos
Wise owl
  • 3.28K
  • 156
  • 710
Registered: ‎28-08-2009
Message 39 of 52 (111 Views)

Re: Can anything be done to stop these annoying "survey" interruptions

[ Edited ]

mojouk1 wrote:


My last words on this subject.....

i do hope so.

but  have you lost interest in fixiing/cleaning  your own PC then ?

PS a fake survey is not very dangerous malware. It is just an effective way of parting greedy fools from some of their money. Darwin would approve Smiley Happy


 

Reply
0 Kudos
On our wavelength
  • 41
  • 0
  • 7
Registered: ‎21-11-2016
Message 40 of 52 (106 Views)

Re: Can anything be done to stop these annoying "survey" interruptions


cybmole wrote:

mojouk1 wrote:


My last words on this subject.....

i do hope so.

but  have you lost interest in fixiing/cleaning  your own PC then ?

PS a fake survey is not very dangerous malware. It is just an effective way of parting greedy fools from some of their money. Darwin would approve Smiley Happy


 


I had it fixed in a few hours. My concern is with other VM customers, a concept you don't seem to grasp. Your reply goes a long way to understanding your mentality.

Reply
0 Kudos