Thought I Got Hacked Today..OT But Beware !!

Just a browser thing most likely, same thing as the phony FBI virus. To get rid of it just close your browser and shut it down from the task manager.

Sent from my XT1053 using Tapatalk

Sue Google.

Browser thing my sweet patootie, where's the username and password dialogue come from then?
It's a "Drive By" attack by code in adverts, often implemented by ads on websites which allow the advertisers to manage and modify their own advert code.

yeah happened to me the other day, big red flag went off and I said to myself - "since when would microsoft care this much about anything" shut er down and fired er back up and it was gone...

Good one Boomer.

Your first line of defense against an attempt like this is common sense. It's not logical to get a "login prompt" when you are using a browser.

This was likely a script or flash file downloaded as part of an ad.

Unfortunately, most web sites have some javascript included in their web pages. Without ads, this page has javascript files from 4 different sites. With ads, the number of javascripts skyrocket, and the source of of the scripts are unknown.

To fight it, I use "NoScript" add-on to disable all scripts except from expected sources. I also use adblock to stop ALL ads. That step is necessary because George does not have control over what ads are dynamically added to his website. Plain text ads do come through.

Maybe someone can tell me what all this means -



Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgITBmXQScesTbnDcZ9oirToRMgbBDANBg kqhkiG9w0BAQsF
ADCBtTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMR AwDgYDVQQHEwdD
aGljYWdvMSEwHwYDVQQKExhUcnVzdHdhdmUgSG9sZGluZ3MsIE luYy4xPTA7BgNV
BAMTNFRydXN0d2F2ZSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbi BTSEEyNTYgQ0Es
IExldmVsIDExHzAdBgkqhkiG9w0BCQEWEGNhQHRydXN0d2F2ZS 5jb20wHhcNMTUw
MzE4MjE0ODA4WhcNMTcxMDI4MDM0ODA4WjB+MSIwIAYDVQQDDB kqLmhvc3Rpbmct
c2VydmljZXMubmV0LmF1MSswKQYDVQQKDCJWZW50cmFJUCBHcm 91cCAoQXVzdHJh
bGlhKSBQdHkgTHRkMRAwDgYDVQQHDAdPZmZpY2VyMQwwCgYDVQ QIDANWSUMxCzAJ
BgNVBAYTAkFVMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg KCAQEArqSpOvUm
6wsbCqFGo8swQBU4717FmJ4oGjDOToY1EMuNVMcozSiEMkyVLP SojK2sDKrjjTK2
SlV1R8gxys+YWimx0+ZbAs5tRAb/TlJhk1J/B4d+sQf/8qUj47VkN3OrWcS+mBFG
o9zj0iKQobEDkRRfbpKpaDbuQXS1lM8ETIiRnCTAhF516kYwEc zaL73AKZFqxGYA
+SRCae+ZROc6pOqT7E4eANeW1A2Uh5SiDoan5x/r/1ZuE3p8ymLY+YuN++3DLm60
vQa8zVoXPZoGx6hOiI4Pgha2u/+IOBOGfyaeyfqV8MjF95qYq+xzhnPeTyqkeE5B
/iB0j7tresM9mQIDAQABo4IBsjCCAa4wDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1 UdDgQWBBQzs745
C5D6qO2bUAXX0I4a6b5b0TAfBgNVHSMEGDAWgBTKzh0YA3ceHP N8WLKacKgIgBb0
rjBIBgNVHSAEQTA/MD0GDysGAQQBge0YAwMDAwQEAzAqMCgGCCsGAQUFBwIBFhxo
dHRwczovL3NzbC50cnVzdHdhdmUuY29tL0NBMD0GA1UdEQQ2MD SCGSouaG9zdGlu
Zy1zZXJ2aWNlcy5uZXQuYXWCF2hvc3Rpbmctc2VydmljZXMubm V0LmF1MDYGA1Ud
HwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudHJ1c3R3YXZlLmNvbS 9PVkNBMl9MMS5j
cmwwcQYIKwYBBQUHAQEEZTBjMCYGCCsGAQUFBzABhhpodHRwOi 8vb2NzcC50cnVz
dHdhdmUuY29tLzA5BggrBgEFBQcwAoYtaHR0cDovL3NzbC50cn VzdHdhdmUuY29t
L2lzc3VlcnMvT1ZDQTJfTDEuY3J0MA0GCSqGSIb3DQEBCwUAA4 IBAQBlCujSKAlE
/uWsPPVz30X1fZ/FBCpFARF5LJEI/sqltm3YgfO5U7bglXdC3nbnTsmwdoGS5sOB
6YGJSZ1XXmwIi39R2bC3FWR1CMR3oGMTrlNYba7FrnIxZQtHzZ qcWcyRYDcx/Xd0
voM/6fBJJBrRYA3RKKz52rQdbDNI/s8+qTDNet9VUbOhgc4bDyJWS7wrPk4sb/IB
2UUXvt/RGYYHKhMpVftpXDiqH1fm05bv+d0fs+wHjphEWs3tRRY4nkqJl wQ/wW4i
GQ0SPYxfeENbQ2iFR6p3axxI5W7b7OAau8IV1+J8kcU4h4F8xj skR8Ez52Z9Su9V
Qwcmh99WMKp0
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIQSyxmRvQ0d1tn3zSgTdUE5jANBgkqhkiG9w0 BAQsFADBI
MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ2 9ycG9yYXRpb24x
FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTE0MTAwMTE5Mj IzNloXDTI0MDky
ODE5MjIzNlowgbUxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbG xpbm9pczEQMA4G
A1UEBxMHQ2hpY2FnbzEhMB8GA1UEChMYVHJ1c3R3YXZlIEhvbG RpbmdzLCBJbmMu
MT0wOwYDVQQDEzRUcnVzdHdhdmUgT3JnYW5pemF0aW9uIFZhbG lkYXRpb24gU0hB
MjU2IENBLCBMZXZlbCAxMR8wHQYJKoZIhvcNAQkBFhBjYUB0cn VzdHdhdmUuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49Oohl JHBJ/juiQTmibO
S28pHvCCp1bPOc6elQ62DCYE/A14JXUtI8yaUc9nFjh6dNzR7KjFPEq/qDplQl7f
1Tvh5ifBNNP2wQ6e820TWlPO4HhR/5g4+3iFmJ1N7kFrxDp1/P8e3+9lcJsXckXC
tfFkQ9slogJqnaCsipgdrH4gQhicFAL5YqHw2AKfctZLSPpxhI 3xISMV/lIQwZPW
I2221v9ALckokh5pW6dTK8x8yNUUye1zt5msWzqunfBjVYVUj5/LXu46hS99Mfxu
80ARJRyHsXIuHbMzwVXGqKVPZfKAdHBl5e3ElCjNwNy+Hgi09v S7PoAUhjCf/wbO
nQIDAQABo4IBczCCAW8wEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUys4d
GAN3HhzzfFiymnCoCIAW9K4wDgYDVR0PAQH/BAQDAgGGMEgGA1UdIARBMD8wPQYP
KwYBBAGB7RgDAwMDBAQDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi 8vc3NsLnRydXN0
d2F2ZS5jb20vQ0EwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2 NybC50cnVzdHdh
dmUuY29tL1NUQ0EuY3JsMGwGCCsGAQUFBwEBBGAwXjAlBggrBg EFBQcwAYYZaHR0
cDovL29jc3AudHJ1c3R3YXZlLmNvbTA1BggrBgEFBQcwAoYpaH R0cDovL3NzbC50
cnVzdHdhdmUuY29tL2lzc3VlcnMvU1RDQS5jcnQwHQYDVR0lBB YwFAYIKwYBBQUH
AwIGCCsGAQUFBwMBMB8GA1UdIwQYMBaAFEIythb6BP3+XUt6w/33TEAdWkOvMA0G
CSqGSIb3DQEBCwUAA4IBAQBN/Qb6x5VSQHIt/FqvXAkjfCI7jwXGzRoxThavUqv0
pJr1azXKv2L2ye9Sl4OCqiDHZ8ZJZ/Z19Ae1yvGTpG++0O5dWTHZ8qy/JSj17Mg1
vWiefVpJKtkYflzhC9B9/eB3QuKVTRKDqm1ZC9kbm3MWOwtnEOw4WURWS1X2v4Hv
2AJaXe11ZRqjx7/c6U50tYp3eVpRDCw7bOIXRffLG0oibhjHiEu8dgq7KkTSrx9m
QFS6T2x9GLiJKhj2mEfPuGr73TfBPyKsRBymOpG67LThKVnwoU fH3pghA6VkZp5Z
1Vm6AcDm+eelf5XPvZtNve4evLVPYueA3TmGyxXh1m2d
-----END CERTIFICATE-----

Do I ignore it and try to access the site anyway? It's a forum I am on for Toyota Surfs. They are a JDM grey import version of the older 4Runners.

Joe,

It's a phishing scam, happened to me. The only way I found to get the page to close was to hard shut the pc down (things like {ctrl}W to close the page didn't work etc). All kind of threats about my credit card details are being transmitted (that would have been a good trick, as I don't keep them on the pc), this is Microsoft, contact this number etc etc. Then rebooted as normal. No sign of anything wrong.

Ian

Ian, never had anything like this happen before. I don't know how it got by the virus program and Adblock which I run.

This is what I found when I searched the link that was in my history to the page that popped up.
Virus program says they are all safe links.



JL...............

Same sort of scam on the UK sites containing the Heading of whatever Police authority telling that the computer has been locked due to viewing illegal sites and the only way to unlock involves sending money electronically to some site. Known as "The Cheshire Police" scam over here.

If you try to shut down via Task Master, you invariably get the start up screen with a red rectangle with a circle and dot in the bottom right hand corner of the screen which means TM hasn't worked.

Go for power off hard shutdown to eliminate.

Regards Ian

I've seen this twice when clicking a story or article link on Facebook.

I, too did the "power off hard shutdown to eliminate" with no ill effects.

"Let's be careful out there!" Sergeant Phil Esterhaus from Hill Street Blues

Mike

I hit a strange Amazon link in Google yesterday.
It was one of those "prove you're not a robot" type the jumbled letters things.

while we are in the neighborhood: A thing I have encountered two times. somebody out there has found a way to override the volume control and mute. you run the sound down and mute, it turns the sound to max. you turn it down again, it restores it to max. I can't believe that has not been peddled to every jerk on the web

I keep a headphone jack plugged in to block this action via hardware.

I've been seeing a lot of those phishing links lately. Usually the link is labeled as an "Ad". I just close the page and go to Amazon directly to do my search for the item.

The major web browsers have decided to block access to web sites that use an SSL cert (short for certificate) that is invalid. This is a good move, since the cert is supposed to do two things; It proves that you reached the real "toyotasurf.asn.au" and it provides a key part for encrypting the data as it goes back and forth. Getting a cert can be expensive and it can be a hassle, so many web sites just use the main one provided by their ISP.

It's a bad thing since many folks will simply override the error without knowing what it means.

toyotasurf.asn.au uses an invalid security certificate. The certificate is only valid for the following names: *.hosting-services.net.au, hosting-services.net.au Error code: SSL_ERROR_BAD_CERT_DOMAIN

The basic idea is that you do not want to override it if you will ever use that site for any financial or confidential purpose. You also want to disallow any scripts from a site with a bad cert, since you don't know if the scripts are actually from the site that you wanted to visit.

EDIT: You should also never override a bad cert if you use the same username or password that you use on any site that is used for financial or confidential business.