Malicious web threat
11-22-2013, 04:57 AM
#1
Senior Member
Thread Starter
Join Date: Oct 2010
Location: Spring Hill, Florida
Posts: 363
Malicious web threat
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
11/22/2013 7:40:30 AM,High,An intrusion attempt by blomzysod.in.ua was blocked.,Blocked,No Action Required,Web Attack: Malicious Exploit Kit Website,No Action Required,No Action Required,"blomzysod.in.ua (94.242.216.6, 80)",blomzysod.in.ua/zt3nujb/?2,"JMSEWINGROOM13 (192.168.0.2, 50098)",94.242.216.6 (94.242.216.6),"TCP, www-http"
Network traffic from blomzysod.in.ua/zt3nujb/?2 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me.
================================================== ====================
I just copied this from Norton. It appears EVERY time I sign into the Quilting Board. Does anyone else get this? How can I prevent this from happening other than letting Norton find it every day.
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
11/22/2013 7:40:30 AM,High,An intrusion attempt by blomzysod.in.ua was blocked.,Blocked,No Action Required,Web Attack: Malicious Exploit Kit Website,No Action Required,No Action Required,"blomzysod.in.ua (94.242.216.6, 80)",blomzysod.in.ua/zt3nujb/?2,"JMSEWINGROOM13 (192.168.0.2, 50098)",94.242.216.6 (94.242.216.6),"TCP, www-http"
Network traffic from blomzysod.in.ua/zt3nujb/?2 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me.
================================================== ====================
I just copied this from Norton. It appears EVERY time I sign into the Quilting Board. Does anyone else get this? How can I prevent this from happening other than letting Norton find it every day.
11-22-2013, 04:30 PM
#5
Super Member
Join Date: Mar 2011
Location: Louisiana
Posts: 2,440
I have not received this web virus, however, everyday when I login to the QB, my "Kapersky" virus protection comes on. It always tells me that it is blocking a malicious URL. It does not stay on long enough for me to read it in its entirety. When it shows again, I attempt to finish reading it where I left off. I was told a few months ago by "Kapersky" that someone is trying to hack into my computer and for another fee, besides the one I pay them annually, they will be able to take care of it. I cannot afford to do this and why should I pay for this when I have the protection from them already. Needless to say, my computer has been acting up a lot lately. Several days ago, I tried to login and when I did, it bought me to a page that said that I did not have the tools to view private messages. I was hesitant to follow the directions on this page because I did not know if this was legit or not. Also, every time I go into the QB and the first page comes up. There is always a large white mailing envelope on the screen that says "Urgent Messages". When I click on the envelope I am directed to the same screen about not having the tools to view private messages. I have reported this to Patrice and also to Contact and Information Procedures in detail. I am waiting to hear something. Incidentally, I just got my laptop out of the shop about a month ago. It had viruses and they cleaned it up. I was told by the guy at Best Buy that when the computer leaves their shop it is cleaned up. However, when you get it home and connect to your network, it just gets infected with viruses again. Its a vicious cycle. Sometimes I just feel like giving up the computer, its such a nuciance. I know this is misspelled but I don't have time to check the spelling. Good luck with your problem. Lucy
11-22-2013, 04:40 PM
#7
Senior Member
Join Date: Dec 2012
Location: Haverhill, MA
Posts: 498
Luce, before you click on anything, hover the mouse over the place where it says 'click here' and then look below in the lower left hand corner of your web browser, just above where your start button is (on firefox or chrome, it is on the other side over the date/time on IE) it will display the URL address of where that link is going.
So when you see something like that big envelope and you hover over it, before clicking, you should see in that url address that pops up something like http://www.quiltingboard.com/.... if it does not say that, it is a spam or something taking you to a virus loader.
Hackers and thieves will try to mask their links so that it looks like the website you are on, always the easiest way is to see the url address it is trying to take you to.
So when you see something like that big envelope and you hover over it, before clicking, you should see in that url address that pops up something like http://www.quiltingboard.com/.... if it does not say that, it is a spam or something taking you to a virus loader.
Hackers and thieves will try to mask their links so that it looks like the website you are on, always the easiest way is to see the url address it is trying to take you to.
11-22-2013, 06:54 PM
#8
Super Member
Join Date: Mar 2011
Location: Louisiana
Posts: 2,440
Malicious web threat
Luce, before you click on anything, hover the mouse over the place where it says 'click here' and then look below in the lower left hand corner of your web browser, just above where your start button is (on firefox or chrome, it is on the other side over the date/time on IE) it will display the URL address of where that link is going.
So when you see something like that big envelope and you hover over it, before clicking, you should see in that url address that pops up something like http://www.quiltingboard.com/.... if it does not say that, it is a spam or something taking you to a virus loader.
Hackers and thieves will try to mask their links so that it looks like the website you are on, always the easiest way is to see the url address it is trying to take you to.
So when you see something like that big envelope and you hover over it, before clicking, you should see in that url address that pops up something like http://www.quiltingboard.com/.... if it does not say that, it is a spam or something taking you to a virus loader.
Hackers and thieves will try to mask their links so that it looks like the website you are on, always the easiest way is to see the url address it is trying to take you to.
11-23-2013, 05:33 AM
#10
Super Member
Join Date: Jun 2009
Location: Owensboro, KY
Posts: 1,420
The computer guy who works on my computer tells me the best virus protection out there is the free protection offered by Microsoft. We've used Norton's (got a huge virus that locked up the entire computer), Kaspersky (got viruses that affected how it was used by changing my programs constantly), and AVG (lots and lots of problems). I'm about ready to listen to him and try what he says. It's for sure the ones we've paid big bucks for have not done the job. I'm very careful about what I open and download as well, but nothing is foolproof.
Thread
Thread Starter
Forum
Replies
Last Post
