Jump to content

Web Access Protection - A Concern


itman
 Share

Recommended Posts

When checking out a screen shot posting on a file share site in a security forum I frequent, hxxps://imx.to/i/1yj02x , Eset detected what appears to be redirect to a malicious porn site based on what other forum posters related:

Time;URL;Status;Application;User;IP address;SHA1
2/12/2019 4:27:17 PM;https://afeuvqrsswz.com;Blocked by internal IP blacklist;C:\Program Files\internet explorer\iexplore.exe;XXX-XX\XXXX-XXX;216.21.13.15;021415D73D02C6247001BAD6E5C9BC6E220F34FC

Eset displayed the above as a small desktop popup alert upon access to the web page. However, the file share web page was still displayed. At that point and knowing better, I should have exited the web site. Instead, I clicked on a "Continue" link displayed which resulted in a locked flashing browser screen with a loud alarm sounding, a voice stating I was infected with malware, and a phone number I needed to call to resolve the issue. Obviously, this was fake malware and I resolved it without issue. However, an average user might have been duped into responding to the fake malware. 

My question is should Eset not have blocked the file share web page from displaying or terminated its connection thereafter at initial IP blacklist detection time? 

Edited by itman
Link to comment
Share on other sites

  • Administrators
10 minutes ago, itman said:

My question is should Eset not have blocked the file share web page from displaying or terminated its connection thereafter at initial IP blacklist detection time? 

I assume that the file share web page is not malicious but it was a malicious iframe, ad or whatever that was blocked.

Link to comment
Share on other sites

3 minutes ago, Marcos said:

I assume that the file share web page is not malicious but it was a malicious iframe, ad or whatever that was blocked.

That sounds reasonable but I would recommend that a full Eset alert be displayed which would allow the user to terminate the web page connection.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...