For a while I have been experiencing online ads that are not legitimate and are targeted at me personaly. Usualy they are ad images that are placed in ad slots but don't appear to be genuine. Recently I have experieced the same thing with youtube video ads. Ads that interupt a long video. I think it's aimed at me, not random. If I'm able to visit sites using Tor it doesn't happen. I would like to know how this is possible? What is the likely method being used? How would someone be able to place a video ad on youtube? I read somwhere that an image can be replaced with a "man in the middle" attack? Is there anything I can do to find out the cause?
Suspect ads targeted at me
- Thread starter JBonz
- Start date
- Status
- Nov 5, 2019
- 1,597
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Your FRST.TXT log is clean.
What you are possibly dealing with is PUSH notifications.
Follow the instructions on this topic.
blog.malwarebytes.com
Let m know if the problem is solved.
I'm nasdaq and will be helping you.
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Your FRST.TXT log is clean.
What you are possibly dealing with is PUSH notifications.
Follow the instructions on this topic.
Browser push notifications: a feature asking to be abused | Malwarebytes Labs
“I’m seeing a lot of ads popping up in the corner of my screen, and the Malwarebytes scan does not show...
blog.malwarebytes.com
Let m know if the problem is solved.
I don't think I have ever allowed notifications from any site although I may have been tricked into allowing them.
Take a look at this screenshot of an ad funeral-planning-kerrang-crop
I don't think this is genuine. It's in a regular ad slot on a website as if the image that was meant to be there has been replaced. I've read that it's possible to do that. It looks like a genuine ad and if I click on the top right corner I get the usual google message "why this ad". I've seen this ad several times in different places. Usually the images will be in regular ad slots.
Man in the middle attack to replace images: MITM Labs/Bettercap to Replace Images - charlesreid1
There's also the question of how you would show your own video ad to a user on youtube. Correct me if I'm wrong but I don't think it would be easy to do that.
Take a look at this screenshot of an ad funeral-planning-kerrang-crop
I don't think this is genuine. It's in a regular ad slot on a website as if the image that was meant to be there has been replaced. I've read that it's possible to do that. It looks like a genuine ad and if I click on the top right corner I get the usual google message "why this ad". I've seen this ad several times in different places. Usually the images will be in regular ad slots.
Man in the middle attack to replace images: MITM Labs/Bettercap to Replace Images - charlesreid1
There's also the question of how you would show your own video ad to a user on youtube. Correct me if I'm wrong but I don't think it would be easy to do that.
- Nov 5, 2019
- 1,597
Hi,
There are other means to send you ads.
What is phishing?
www.malwarebytes.com
Or, if the default browser is Synced with other devices.
Syncing issue
If the problem persists and you are Syncing Firefox it with other Devices reset it.
Navigate to this page and Remove it as suggested.
support.mozilla.org
When done restart the computer normally.
If all is well.
Return to your Firefox Account and Click the Connect button.
Reset the sync.
Restart the computer normally.
<<<>>>
Is the problem solved.
p.s.
Right Click on the image, can you get the Link address?
Copy and post it.
There are other means to send you ads.
What is phishing?
What is phishing? Protect yourself on the internet against attacks
Discover what phishing is, how it works, and how to protect yourself. Our easy-to-read guide helps you stay safe online with practical tips.
www.malwarebytes.com
Or, if the default browser is Synced with other devices.
Syncing issue
If the problem persists and you are Syncing Firefox it with other Devices reset it.
Navigate to this page and Remove it as suggested.
Remove a synced device from your Mozilla account | Mozilla Support
Disconnect a device from your Mozilla account and stop syncing its data.
support.mozilla.org
When done restart the computer normally.
If all is well.
Return to your Firefox Account and Click the Connect button.
Reset the sync.
Restart the computer normally.
<<<>>>
Is the problem solved.
p.s.
Right Click on the image, can you get the Link address?
Copy and post it.
I'm aware of phishing because I was caught out a long time ago when I was on AOL dialup. I gave everything away and AOL kicked me off. The phisher used my email to spam people.
I've never synced firefox with anything.
The link for the image I posted: Funeral Planning
I don't know if that site is legitimate. I contacted them and asked if the image is one of their ads but I've had no reply.
If I right click on the image sometimes I get a link and sometimes nothing.
I had something about a week ago. It was a web search using duckduckgo. I clicked on images and the ad was in the middle. The link was to a USA news site article about Trump. The image and the caption underneath were odd considering the Trump article but it made perfect sense to me and what is happening at the moment. It's not fraud. It's harassment by people who know me. Even if I don't manage to trace it to it's source I would like to know how they are doing it.
I've never synced firefox with anything.
The link for the image I posted: Funeral Planning
I don't know if that site is legitimate. I contacted them and asked if the image is one of their ads but I've had no reply.
If I right click on the image sometimes I get a link and sometimes nothing.
I had something about a week ago. It was a web search using duckduckgo. I clicked on images and the ad was in the middle. The link was to a USA news site article about Trump. The image and the caption underneath were odd considering the Trump article but it made perfect sense to me and what is happening at the moment. It's not fraud. It's harassment by people who know me. Even if I don't manage to trace it to it's source I would like to know how they are doing it.
- Nov 5, 2019
- 1,597
Hi,
I have not problem rendering the Funeral site.
===
Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
===
Check if you have an account that has been compromised in a data breach
haveibeenpwned.com
Change an address that has been compromised.
===
Pwned Passwords
haveibeenpwned.com
Change all Pwned passwords.
Use a difference password for each site.
Let me know of any remaining issues.
I have not problem rendering the Funeral site.
===
Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
===
Check if you have an account that has been compromised in a data breach
Have I Been Pwned: Check if your email has been compromised in a data breach
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
Change an address that has been compromised.
===
Pwned Passwords
Have I Been Pwned: Pwned Passwords
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
Change all Pwned passwords.
Use a difference password for each site.
Let me know of any remaining issues.
I don't see the attached Fixlist.txt. No problems with compromised email or passwords.
I think what is happening could be called ad fraud? https://www.cloudflare.com/learning/bots/what-is-ad-fraud/
Except the goal is not to make money but to harass.
I think what is happening could be called ad fraud? https://www.cloudflare.com/learning/bots/what-is-ad-fraud/
Except the goal is not to make money but to harass.
One theory that I have about this is that people can buy ads and effectively target them at me if the targeting critera is fine grained enough. I don't understand the ads system so I don't know how hard that would be. I've been told that for google ads the smallest group is 100 people. That might be enough to target them at me.
This is interesting about youtube video ads
It's possible that it's not malware or even dodgy from a legal point of view?
It's possible that it's not malware or even dodgy from a legal point of view?
- Nov 5, 2019
- 1,597
Hi,
It looks like some PUSH notifications.
Follow the directives on this page.
Browser push notifications: a feature asking to be abused
blog.malwarebytes.com
Is the problem solved?
It looks like some PUSH notifications.
Follow the directives on this page.
Browser push notifications: a feature asking to be abused
Browser push notifications: a feature asking to be abused | Malwarebytes Labs
“I’m seeing a lot of ads popping up in the corner of my screen, and the Malwarebytes scan does not show...
blog.malwarebytes.com
Is the problem solved?
- Nov 5, 2019
- 1,597
Hi,
Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
===
Please post the Fixlog.txt and let me know what problem persists.
Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.
Run FRST and click Fix only once and wait.
The Computer will restart when the fix is completed.
It will create a log (Fixlog.txt) please post it to your reply.
===
Please post the Fixlog.txt and let me know what problem persists.
It seems to have stopped after I posted some stuff on twitter complaining about it. The people who are doing it will be aware of that twitter account. It might still be happening but in a subtle way so that I can't be sure. The worst ads are pretty obvious so that I can be pretty sure that they're bogus. The obvious stuff had already stopped before I ran FRST with your fixlist.txt so if there's any difference it's barely noticeable.
I've started looking at wireshark so that I might be able to trace it if it starts happening again. I'm also going to take a look at the ads system to find out if it's possible to effectively target an individual.
I've started looking at wireshark so that I might be able to trace it if it starts happening again. I'm also going to take a look at the ads system to find out if it's possible to effectively target an individual.
- Status
Similar threads
