1. Welcome to the community at SNOWMAN'S RAINCOAT REVIEWS.

    You are currently viewing our discussion boards as a guest which gives you limited access to view most conversations and access our other features. By joining our free community you will have access to participate in discussion threads and post topics, communicate privately with other members, respond to polls, participate in contests and special real time events, use the chat room and much more!. Registration is fast, simple and absolutely free so please, join our community today! To sign up, click on the big button on the top right sidebar that says "Sign up Now!"

    If you have any problems with the registration process or your account login, please contact us.
    Dismiss Notice
  2. Hello Guest! Our records indicate that you have never posted to our site before! Why not make your first post today by saying hello to our community in our Introductions forum and telling us a little about yourself? Become an active part of the SRR community now and make new friends!
    Dismiss Notice
  3. Please do *not* post any photos on the forum. If you want to share a image, you can post a text link to it that is hosted on another site. Members who do not follow this rule will lose posting privileges. Thank you for your cooperation!
    Dismiss Notice

Chinese Adware Malware Attack

Discussion in 'tech talk' started by Snowman, Oct 11, 2017.

  1. Snowman

    Snowman Your Host

    This week my laptop started displaying Chinese Adware on selected websites, including Xenforo sites such as this one and some Wordpress sites. This malware is very intrusive and persistent. I have spent hours already trying to rid it without success. It tried several virus scanners and malware scanners in addition to various tools recommended on malware help forums and they do not find anything. Rolling back the system and resetting the browsers did not help.

    Weirdly, the SAME problem is now cropping up on my Amazon Fire tablet! I vary rarely share files between my laptop and Fire tablet and mostly just use it to read common, mainstream websites when I am on the go.

    I am actually starting to wonder if my router is infected. Not too long ago I got a new one at Amazon on sale. It was a unknown Chinese brand (Wise-Tiger).

    Apparently Chinese (and Korean) Adware is a big problem now from what I am reading, but I haven't come across many solutions. The articles mostly just alert people about it. Earlier this year "Chinese Fireball" was said to infect 250,000,000 people. And there are many others. And by the way, I not visit Asian websites as I cannot speak the languages.

    Has anyone else had this problem? Are there any tech gurus who can assist? Please help if you can.

    P.S. - I rarely visit Asian websites due to the language barrier and have not been doing so lately.
     
    Last edited: Oct 11, 2017
  2. ginko23

    ginko23 Supporting Member

    My contact in the White Hat Hacking community says that to her knowledge there is not a “new” virus/adware/malware program going around based out of China. That said hackers are working 24/7/365 somewhere in the world.

    The software that detects these works in one of two ways, it either looks for a string of code or it looks for a sequence of actions. In either case if this malware is being run by a nation-state they have someone sitting on the malware and will tweak it to defeat the detecting program update. Therefore the best tools available may not detect the problem.

    Did your homepage change?

    I assume that you are using the Widows browser:

    Do you have Firefox or Chrome installed? Are they having the same problems?
    Did you recently install any freeware?
     
  3. Snowman

    Snowman Your Host

    Yes I am speaking about Windows (8.1). Chrome and Internet Explorer 11 are having the same problems. I haven't tried it yet on Firefox. On my Amazon tablet it appears on Silk (running Android).

    My homepage has not changed and nor have I noticed any link redirects.

    Here's an example of one type of pop-up that appears on the bottom right of the screen. The actual ad and graphics rotate - there are about 6 of them so far. It has other tricks up it's sleeve.

    xenforo_chinese_popup_sshot-4.jpg
     
  4. Snowman

    Snowman Your Host

    The adware/malware can also overlay itself on top of other photos on the page. It typically covers up the bottom 1/6 of the photo and displays several, rotating links - some of which seem to be related to the message text. If you look it at without using your mouse, it is a smaller text link, and when you hover over it, the ad expands and becomes bigger with moving video clips. The size of the display changes to match the size of the original photo.

    A third variation of the adware attaches itself to the very bottom of the page at the footer. The adware adds on a variety of links that appear like news articles with small photos - dozens and dozens of them.

    The picture below is the 2nd variety when you hover over it.

    xenforo_chinese_popup_sshot-3.jpg
     
  5. ginko23

    ginko23 Supporting Member

    Do you have some type of cloud sharing between your computer and tablet (that you know about)?

    You might try checking both your computer and tablet on a safe wifi connection other than your home.

    Check for router malware
     
    • Winner Winner x 1
  6. Snowman

    Snowman Your Host

    Found the solution! The router was compromised. The primary DNS was configured to point to my ISP. However, the second DNS was configured to point to an advertisement company in China. That's probably why the ads only popped up every 4th page or so.

    Wow, I wonder if Wise Tiger is responsible or my system was hacked somehow? I am actually leaning toward the manufacturer. I am always running Malwarebytes Pro in addition to a virus protection software and my system was clean. This wasted a lot of my time. If so, what a bunch of dickheads. My system is a lot faster now also. :rage: :sour:

    That article was very helpful Ginko. Thanks.

    BTW, all you guys should check your DNS router settings from time to time. This wasn't really on my radar before I encountered this incident and it seemed sort of far fetched.
     
    • Friendly Friendly x 1
    Last edited: Oct 12, 2017
  7. ginko23

    ginko23 Supporting Member

    Slightly off topic but timely info.

    Don’t use pop-ups links for any software updates.
    Read/scan every page on legitimate websites that require you to agree/continue.

    This morning it was announced that Equifax was hacked again, kinda. What actually happened was that a pop-up, “Your Adobe Flash is out of date” [click here] showed up whilst on their page. It may not necessary and probably was not their fault that these pop-up appeared.

    You are insane if you use any pop-up to up date or download software particularly Flash.

    Anyone that has surfs porn sites get these on a daily bases. In the case of Adobe Flash it seems that they update their software about twice per month. Always go to the Adobe site to download the updates. That actually applies to any software updates.

    ALL POP-UP UPDATES BAD.

    Remember these hackers are professionals. I’ve been phished twice since going MAC and both of these were from pop-ups while on legitimate websites.

    One was immediately after the Yahoo email hack a few years ago. I got a pop-up that said,” As you know Yahoo was hacked, fortunately your account was not involved but we recommend changing your password anyways” Looked legit to me and I followed the link. In this case all they got was my address book that resulted in all my contacts getting uber-spamed.

    The second time was when iCloud was created several years ago. I got an official looking pop-up from Apple (not) saying, “you really need to set up your iCloud account to take advantage of all the new and great things available on your MAC”. As they were walking me through the process they said,” Time to update your Credit Card on-file information”. Red flag. Closed it down and immediately changed my password. In this case nothing was compromised.

    More recently somehow MacKeeper showed up on my computer despite years of avoiding it. It turns out that I downloaded it as a recommended tool while downloading a software update from a legitimate company. What happened was I was downloading a software up date, after hitting send they show the licensing agreement that you must Check [agree], then I got a page that I didn’t read that said, “We have cool add-ons” [click continue], this downloaded MacKepper that is a pain in the ass to get rid of.
     
    • Informative Informative x 1
  8. Snowman

    Snowman Your Host

    It's pretty infuriating that Equifax was hacked the first time. I am speechless that it was hacked again. It really sounds like their computer security team are a bunch of boobs. I locked my credit report and added fraud alerts. I suggest that others do the same if they indicate your data has been breached.

    There is no charge at this time due to the hacking incidents.

    "Due to the cybersecurity incident, we are offering all U.S. consumers identity theft protection and credit file monitoring through TrustedID Premier. No other subscription products are available for purchase at this time. If you want to access an Equifax product you currently subscribe to, please log in here."

    Cybersecurity Incident & Important Consumer Information | Equifax
     

Share This Page