Posted on 01/19/2018 5:15:02 PM PST by markomalley
Internet security firm Malwarebytes recently discovered that a pair of extensions will not only hijack Chrome and Firefox, but will block any attempts to remove them from these two browsers. The version found in Chrome is a forced extension resulting from web pages that trick visitors into installing the extension via a JavaScript-based popup. The Firefox version stems from advertisements pretending to be an official manual update requirement warning posted by Mozilla.
Tiempo en colombia en vivo is the name of the invading Chrome extension. Malwarebytes doesnt provide any specifics about what this extension actually does to Chrome but presumably, it completely hijacks the browser to push technical support scams, drive click numbers on specific websites, or completely hijack web searches. The companys listing says it could spy on your web browsing activities too.
Its essentially force-installed by hijacking the browser on websites supporting the extension. If you try to leave the page, a popup appears asking to add an extension for exiting the page. If you select cancel, another popup will appear with an additional tick box that says Prevent this page from creating additional dialog. Check the box, hit OK, and the browser goes full screen with a popup revealing the name of the extension that is supposedly distributed through the Chrome Web Store.
Thinking its legit, Chrome users install the extension. But the problems only get worse for there. When Chrome users attempt to access the in-browser extensions section, they are directed to a fake extension page that doesnt list the installed, offending extension. Because this page is internal, disabling JavaScript doesnt fix the problem. The only way to regain control is to add disable-extensions after chrome.exe in the shortcut command line (which disables all extensions), or rename the 1499654451774.js file in the extensions folder.
Meanwhile, the Firefox extension takes a different route. Victims will see a web-based advertisement warning that Firefox requires a manual update. Taking the bait, they inadvertently install the offending extension, which prevents them from accessing the internal about:addons page by closing the tab. To remove the extension, you can restart Firefox in safe mode. Extensions are not active in this state, thus you can remove any add-on before restarting the browser.
If you are kept on a Firefox tab by JavaScript(s) that keep popping up with prompts, and you are unable to close the window in the usual way, you can terminate Firefox by using Task Manager, the company states. When you restart Firefox, it will not be able to restore the session for that tab.
Believe it or not, Task Manager is your best friend in Windows. Simply type CTRL+ALT+DEL, and you can open the Task Manager window to force-close any browser tab that refuses to close. You dont need to install anything to escape the clutches of a malicious web page. Even more, Google and Mozilla absolutely do not send warning advertisements on web pages to manually upgrade your browser. Updates are typically performed behind the scenes.
Will ad-block prevent this from popping up and wreaking havoc on computers?
Thanks for the heads up!!!
I start Firefox by default in safe mode, which supposedly bypasses all addons and extensions.
Here is my startup command for Firefox:
“C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
.
One of the functions of an ad blocker is to block JavaScript from blacklisted domains. If malware is being spread by malicious JavaScript from one of these domains, then the ad blocker will be protecting you.
E.g., my bank's website brings in JavaScript from several domains. One of these is the main domain of the bank itself and the others are from domains that the bank has, in effect, hired as subcontractors. These "subcontractors" are more likely to be compromised than the bank's domain; but since these subcontractors tend to serve ads, trackers and other forms of crapware, they tend to be on blacklists and will get blocked by ad blockers. Indeed, if I go to my bank's website with NoScript (my primary crap blocker) set to temporarily "allow all," then my secondary security extension (uBlock Origin, which is sort of an ad blocker) will block four of the bank's "subcontractors" because they are known, blacklisted sources of ads, web trackers and crapware.
In summary, ad blockers tend to protect you from notoriously dodgy subcontractors, but probably not from any malicious JavaScript that gets injected into the main domain of the web site.
.
Have just started using the Brave browser. It is the creation of the ex ceo of firefox who was forced to resign over political correctness. Great browser. Built in ad blocker.
Very fast. Great for mobile phones also. Highly recommend.
World governments need to make this sort of malicious activity a hanging offense.
Enough already!
World governments need to make this sort of malicious activity a hanging offense.
Enough already!
Use NoScript. Don't open email attachments. Life is good.
Ping.
You should also carry heat at all times to protect yourself from two legged predators, but there are also strict laws and penalties for predation.
Same should hold true for online criminal behavior.
bump
Same should hold true for online criminal behavior.
well, there are laws against "online criminal behavior," otherwise it wouldn't be criminal.
Fortunately, HTML is pretty safe once you disable scripting and bad actors like Flash and Java (not to be confused with JavaScript).
Ben using http://winhelp2002.mvps.org/hosts.htm (which i slightly edit) for years, thank God. Also Nuke Anything FF ext.
ping
Thanks to upchuck and bitt for the pings!!
Bookmark.
bump- been meanin to try this
Get Ublock Origin and script safe plugins for chrome.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.