What are Free-tl pop-up notifications?

Pop-up notifications from Free-tl sites are a spam campaign that aims to earn money from pay-per-view and pay-per-click advertisements. There is an entire chain of such sites, created by the same group of cybercriminals and existing for the same purpose. Frauds who stand behind all this lure people into pressing the “Allow notifications” button that appears as soon as one enters the site. This demand may be framed as a form of captcha, DDoS protection, or the like.

List of domains involved in a scam

One particular source of the redirections to Free-tl sites is by browsing sites with illegal or explicit content. Websites that host pirated movies or games, adult sites – clicking anything on such pages may trigger the redirection to the scam site that will ask you to allow notifications. That twisted form of cooperation is what makes me warn people against using such sources of software and movies.

Interesting thing about the pop-up spam sites is that they work only after the redirection. Simple checks show that opening the scam page requires a correct link. Visiting the root domain, without the additional parameters in the URL, will return either a 404 error or a boilerplate that says the URL is for sale.

How dangerous are Free-tl pop-ups?

Once the user allows notifications from one of the Free-tl websites, it bombards them with pop-ups. These notifications appear in the system tray, offering gambling, adult sites, or trying to scare the user by saying the system is infected. Clicking on a pop-up will send the user to a website with questionable content. It is also common to see phishing pages promoted in such a way, which forms the main concern of this pop-up spam.

Another angle of the problem is the offer to install some questionable software to solve non-existent problems. You might encounter a so-called Microsoft tech support scam page or a site that pretends to scan your PC, falsely reporting that there are hundreds of malicious programs running at the moment. To make it harder for the user to quit, scammers make these sites open in a full-screen mode, so there is no visible way out. Of course, unless someone presses the Escape button.

But scams and phishing aside, the key issue with all this is the fact that constant pop-ups are extremely annoying. Because of the way Windows shows notifications, they will appear on top of any app that is currently running. It’s simply hard to concentrate on your task when you constantly hear and see banners popping up one after another. And, well, it will be quite an embarrassing moment when your boss walks by while there is a pop-up with hot girls around you on the screen.

How to remove Free-tl pop-ups?

It is possible to remove the pop-up source manually, through the browser interface. For this, go to your browser settings, find notification settings and remove all the sites that are listed as ones that can send notifications. Reload the browser to apply the changes.

Disabling browser pop-ups (scroll images)

There is also the second step – malware removal. It is possible that the Free-tl pop-ups appearance is caused by the activity of adware or browser hijackers. These two malware types often cause redirections, and may alter web browser settings to their needs. For that reason, I recommend scanning the system with GridinSoft Anti-Malware: it will clear whether there is something malicious on your device, or not. Download it, install and run a Standard scan: this will check the places where the said malware typically keeps its files.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post Free-tl Pop-Up Virus appeared first on Gridinsoft Blog.

What are check-tl-version pop-up notifications?

Pop-up notifications from Check-tl-version sites are a spam campaign that aims to earn money from pay-per-view and pay-per-click advertisements. There is an entire chain of such sites, created by the same group of cybercriminals and existing for the same purpose. Frauds who stand behind all this lure people into pressing the “Allow notifications” button that appears as soon as one enters the site. This demand may be framed as a form of captcha, DDoS protection, or the like.

List of domains involved in a scam

One particular source of the redirections to check-tl-version sites is by browsing sites with illegal or explicit content. Websites that host pirated movies or games, adult sites – clicking anything on such pages may trigger the redirection to the scam site that will ask you to allow notifications. That twisted form of cooperation is what makes me warn people against using such sources of software and movies.

Interesting thing about the pop-up spam sites is that they work only after the redirection. Simple checks show that opening the scam page requires a correct link. Visiting the root domain, without the additional parameters in the URL, will return either a 404 error or a boilerplate that says the URL is for sale.

How dangerous are Check-tl-version pop-ups?

Once the user allows notifications from one of the check-tl-version websites, it starts bombarding them with pop-ups. These notifications appear in the system tray, offering gambling, adult sites, or trying to scare the user by saying the system is infected. Clicking on a pop-up will send the user to a website with some rather questionable content. It is also pretty common to see phishing pages promoting in such a way, which forms the main concern of having this pop-up spam.

Another angle of the problem is the offer to install some questionable software to solve non-existent problems. You might encounter a so-called Microsoft tech support scam page or a site that pretends to scan your PC, falsely reporting that there are hundreds of malicious programs running at the moment. To make it harder for the user to quit, scammers make these sites open in a full-screen mode, so there is no visible way out. Of course, unless someone presses the Escape button.

But scams and phishing aside, the key issue with all this is the fact that constant pop-ups are extremely annoying. Because of the way Windows shows notifications, they will appear on top of any app that is currently running. It’s simply hard to concentrate on your task when you constantly hear and see banners popping up one after another. And, well, it will be quite an embarrassing moment when your boss walks by while there is a pop-up with hot girls around you on the screen.

How to remove Check-tl-version pop-ups?

It is possible to remove the pop-up source manually, through the browser interface. For this, go to your browser settings, find notification settings and remove all the sites that are listed as ones that can send notifications. Reload the browser to apply the changes.

Disabling browser pop-ups (scroll images)

There is also the second step – malware removal. It is possible that the check-tl-version pop-ups appearance is caused by the activity of adware or browser hijackers. These two malware types often cause redirections, and may alter web browser settings to their needs. For that reason, I recommend scanning the system with GridinSoft Anti-Malware: it will clear whether there is something malicious on your device, or not. Download it, install and run a Standard scan: this will check the places where the said malware typically keeps its files.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post Check-tl-ver Pop-Up Virus appeared first on Gridinsoft Blog.

Let’s figure out what this scam is, and how to stop Re-Captha-Version pop-ups.

What are Re-Captha-Version pop-up notifications?

Re-Captha-Version is a browser notification spam campaign that takes place on an eponymous website. An entire network of such sites has similar names and content. All of them aim at one thing – forcing users to allow notifications, under the guise of anti-robot captcha. This makes possible the main course of this scam – huge numbers of pop-ups that flood both the web browser and system notifications.

List of domains involved in the scam

Websites like Re-Captha-Version commonly appear after the redirection from another site, or following the click on the suspicious banner somewhere on the Web. If you try visiting such websites apart from the malicious redirections, they will likely return a white screen or various error messages. In some cases, they work, but the content is the same as the first time – just the offer to enable pop-up notifications.

But what for all this is running? Promotions that such websites show are extremely cheap, but their volume multiplied by the number of victims gives quite a substantial profit. Considering that these frauds will advertise other malicious actors, the profit may be smeared through several cybercriminal groups. And while there are ways to earn more, and in a legitimate way, pop-up spam campaigns are extremely easy to run. This is what causes these fraudulent sites to keep going.

How dangerous are Re-Captha-Version pop-up notifications?

Despite what they look like, pop-ups are a rather dangerous thing, especially when dozens of them appear in a short period. The main effect is distraction: pop-ups will keep appearing even after closing the browser. They clutter the notification tray, making it impossible to find the alerts you need.

But the key danger hides in the content of those promotions. Pages and offers they promote are not even remotely relevant. Moreover, the links these advertisements lead to are often just clickbait websites or outright phishing pages. The longer all this happens, the more likely for the user to accidentally click one and get into a sticky situation.

How to remove Re-Captha-Version?

Removing pop-ups from the browser involves two steps – disallowing sending notifications to all sites and scanning your system for threats. The first one is manual – you need to go to your browser settings, open the page with notification settings and delete all entries there. Then, reload your browser for the changes to take effect.

Disabling browser pop-ups (scroll images)

For the second step – scanning for threats – I recommend using GridinSoft Anti-Malware. Ads can lead to the installation of unwanted software. But aside from this, the appearance of Re-Captha-Version website may be the sign of adware activity. To ensure that your device is clean, run a Standard scan and let it finish – it won’t take long.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post Re-Captha-Version Pop-Up Virus appeared first on Gridinsoft Blog.

What is malvertising in Google Search?

First, let’s check out key definitions, as they may be unfamiliar to some users. Malvertising is a shortening from “malicious advertising”, which says for itself pretty well. Ads in Google Search, on the other hand, are trusted, as they carry the name of the biggest search engine. Days before, they proved to have a robust check-up mechanism that weeded out potentially harmful things from search results. Things have changed around the last few months, exactly, in November 2022. Malicious ads that tried to mimic downloading pages of legitimate tools filled the search results, often dumping the genuine page to the 4-5th position in results.

As Microsoft tightens loose ends and macro-based malware droppers become more difficult for Threat Actors to leverage – data traffickers are increasingly abusing SEO poisoning and/or malvertising.

Intel via @malwrhunterteam & @wdormann pic.twitter.com/iKy7yEN3g2

— vx-underground (@vxunderground) January 18, 2023

These links generally try to fake not only the header of a page but also the URL address. They include the name of a program, and a couple of keywords to look legitimate. Words may be added through a dash symbol, or as a second-level domain. The top-level domain, meanwhile, is usually something cheap, like .click or .top. Such TLDs cost around a dollar, and usually require no documents to register. More expensive domains, like a classic .com, may be used as well, so don’t accept them as a quality mark.

Some fake advertisements may include a so-called domain cloaking. The starting URL will be 100% legitimate, like youtube.com or twitter.com. Once you click, a cloaking mechanism will trigger, and throw you to a site that is completely different from the one you were seeing in the URL bar. This approach is more about tricking people into calling fake support or installing “a recommended security tool”.

Generally, malicious ads appear on search queries related to popular free programs. By now I found malicious ads for the following programs and software packages:

• Blender
• VLC Player
• Oracle VM VirtualBox
• Notepad ++
• LibreOffice
• Capcut
• OBS Studio
• CCleaner
• WinRAR
• Rufus
• Adobe products
• Zoom Video
• AMD and nVidia drivers
• Python libraries

Why do they appear?

First and foremost reason for the appearance of these ads is poor control of advertising content by Google. Sure, the company is not a vice squad, and should not retain the utterly high quality of advertising. But it is subpar for the image of such a company to allow purely fake ads to be posted, especially at top search result positions. Some time before, the same “pandemic” happened on YouTube. Massive amounts of copy-paste scam charity fund advertisements, giveaways, fake promotions of a new iPhone/Samsung with 80% discount – they were not just of low quality or unconvincing. All these things point to some serious problems within Google’s team that is in order for reviewing advertisements to post.

Another side of the coin is scoundrels who actually organise this mess. Most of the time, events of this sort are aimed at spreading malware. The more such methods are available, the more sustainable the hackers’ “business”. At the edge of 2022, Microsoft finally banned the execution of macros that come from the Internet. Macros are MS Office applets that allow dynamically-updated content to the documents. The breaches in the mechanism used to handle them are so easy to exploit that hackers were using it massively to drop the malware payload. After that ban, crooks started searching for another remedy for their shady deeds. And Google Search ads happened on their way.

Is Google Search malvertising dangerous?

Google has immense user coverage. With over 8 billion queries a day, it makes search results probably one of the biggest advertising networks under the sun. One malicious ad may be seen by millions, and thousands will click it. When there are at least 10 topics that contain malicious Google ads – things go worse by orders of magnitude.

Last night my entire digital livelihood was violated.

Every account connected to me both personally and professionally was hacked and used to hurt others.

Less importantly, I lost a life changing amount of my net worth

— NFT God (@NFT_GOD) January 15, 2023

Above you may see a sad story of a Twitter user with the nickname NFT God, who got some serious damage after being baited to download OBS Studio via such a fake link.

As research shows, most of the time malware that is delivered after following that link aims at stealing data. The file you are offered to download is not malware itself, it is a malignant script whose sole purpose is to contact the C&C server. It, in turn, sends malware to your device, using a connection that the script has established. Spyware that arrives in such a way will give no chance to your privacy. Ransomware is yet another malware type that may arrive through such an approach.

Other possible instances of Google Search malvertising contain tech support scam offers. That is the case when a group of rascals imposes legit tech support. They usually take the name of Microsoft, and the banners usually contain “urgent security note from Microsoft”. Such a note says your PC is either blocked or flooded with malware, and you need to contact their “support” urgently. The number posted on the banner leads you to a scam tech support that will force you to either give remote access to your PC or install a questionable program “to clean the system”.

How to protect me from Google Search malvertising?

Google used to pay a lot of attention to its ads. Possibly, it just has some problems with retaining concentration, thus the problem will be fixed pretty quickly. But it is always better to hope for the best and be ready for the worst.

• Avoid advertisements in Google Search. Even if you see them having a link to a legit site, it is not always representative of where it will send you. When the top search results consist generally of ads, scroll down to find the links to genuine pages.
• Use a different search engine. Being the biggest search engine does not always mean having outstanding search results. Some people prefer DuckDuckGo because of its claims about being free of tracking and telemetry. However, it may fit the case of fishy ads in Google Search as well. You are free to try any of the ones present on the market.
• Apply using decent anti-malware software. Only by having a tool that can effectively say if the file you’ve got from the Internet is clear or malicious will you be sure about your actions. Having one which is able to block access to malicious sites will seriously mitigate the problem. GridinSoft Anti-Malware is the one that can fulfill both needs – malware detection and network security. Constant database updates allow it to retain efficiency even against the latest threats.

The post Google Search Malvertising: Fake Ads of Free Programs in Google Ads appeared first on Gridinsoft Blog.

A historic legal event took place when, after accusations of unlawful discrimination put in the design of the targeted advertising system employed by Meta, the company agreed to cease using the tool and pay the penalty of around $115,000.

The source of the news is the June 21 official statement of the U.S. Department of Justice.

The Department of Housing and Urban Development (HUD) has investigated discrimination in Meta ad-serving software. The official charge (of discrimination) issued by HUD on On March 28, 2019 was a nudge to start the disputed lawsuit. The fact is that in order to select the audience for advertisements for the sale and rental of housing, the Meta ad distribution system employs the criteria mentioned in the Civil Rights Act of 1968, namely its eighth and ninth parts, also known as Fair Housing Act. This law states that the sale or rental of housing must not involve discrimination on the part of the property owner, and this applies to both the transactions themselves and the advertising that precedes them. Advertising must not discriminate against the audience based on race, sex, gender, religion, sexual orientation, etc. The prosecution argues that this is exactly what happens when the ad targeting system, based on the data mentioned, does not allow part of the audience to see some ads at all. At the same time, people are not even aware of such filtering.

Significantly, this is the first time the law has been applied to digital advertising and digital targeting mechanisms. The U.S. Department of Justice noted that the Meta agreed to develop a new tool under the supervision of the DoJ. The new product must exclude discrimination and be built on other filtering criteria. The U.S. Attorney for the Southern District of New York, Damian Williams, said that if Meta continues to use discriminatory technologies, the civil rights lawsuit will not be dismissed and litigation will continue.

For the time being, Meta has a settlement of the lawsuit and seven months (until December 31) to come up with the revised ad-targeting tool. Otherwise, the corporation would have to stand before a federal court.

The post Meta to Give up its Discriminating Ad-Targeting System appeared first on Gridinsoft Blog.

Five years back a poll was carried out and results shows security-conscious browser users overwhelmingly voted Firefox as the most secure. But during the annual Pwn2own hacking contest in March 2014, Firefox was exploited four times with zero-day attacks, making it one of the least secure browsers.

To complicate matters further, a 2013 comparative analysis of five popular Web browsers by NSS Labs found that Internet Explorer outperformed its competitors. Even so, the NSS Labs research showed that no single browser uniformly protected users against the majority of security threats and privacy risks.

If no single browser is bulletproof, the next best thing is to make sure your favorite browser is as secure as possible. Here are some ways you can enhance the security of your browser and be hackproof:

1. Configure your browser’s security and privacy settings

Review your browser’s privacy and security settings to make sure you’re comfortable with what’s checked or unchecked. For example, look to see if your browser is blocking third-party cookies, which can enable advertisers to track your online activities.

For specific browser security and privacy settings, read the recommendations and steps outlined in the Department of Homeland Security’s “Securing Your Web Browser”. The guide also explains browser features and their associated risks, such as ActiveX, Java, certain plug-ins, cookies, and JavaScript.



2. Keep your browser updated

Frequently, browser updates are released to plug recently discovered security holes. So it’s important to always keep any browsers you use updated.

3. Sign up for alerts

Consider setting up Google alerts for your browser to stay current on any emerging security issues. If you use Internet Explorer, for example, create a Google Alert using the keywords Internet Explorer security, or something similar. You can opt to receive instant, daily or weekly alerts whenever news articles or other content relevant to that topic hits the Web.



4. Be cautious when installing plug-ins

Plug-ins and extensions can sometimes put you at risk. For instance, earlier this year, it was discovered that some Chrome extensions can change service or ownership without notification to users. As a result, Chrome’s regulations for extensions is changing this June to keep extensions from becoming anything other than “simple and single-purpose in nature,” according to Google.

5. Make sure you have an AV installed

Potentially unwanted programs (PUPs) can slip past when you install any sort of software. These little buggers can switch browsers on you without warning and you might never even notice. Keeping a reputable antivirus program like GridinSoft Anti-Malware installed is one of the best ways to keep PUP from hijacking your browser and ruining your day.



6. Install security plug-ins

The majority of plug-ins and extensions are safe, however, and some can help bolster your browser’s security. Here are three suggested—and free—browser extensions for added security.

• HTTPS Everywhere

The Electronic Frontier Foundation and The Tor Project jointly developed this Firefox, Chrome, and Opera extension. HTTPS is a communications protocol for securing communications over a computer network, vs. the standard HTTP protocol, which is more widely used but less secure. (The ‘S’ in HTTPS stands for ‘secure.’) HTTPS Everywhere encrypts communication with many major websites to help secure your browsing experience.

• LongURL.org

If you’re on Twitter or Facebook and you see a shortened link embedded in an interesting post, you might click it without a second thought. But shortened links have been known to mask malicious links. If you’re unsure of a shortened link, copy and paste it into the search box at LongURL.org. You’ll see where the link would take you, without having to actually click through to the site. LongURL.org is also available as a Firefox browser extension.

• Use Internet Protection from GridinSoft Anti-Malware

Internet Protection feature blocks all suspicious sites in your browser. Also, it’s prevents downloading of dangerous applications.

The post How can you enhance the security of your browser? appeared first on Gridinsoft Blog.

Alas!

The browser starts to act stupid, redirecting and taking you places filled with creepy adverts or worse yet, issuing warnings of possible harm if you don’t “Update Your Flash Player.” And while the naïve would likely fall for the trap, smart and tech-savvy individuals may automatically note the adware running in the background. But as ubiquitous as the phenomenon is, adware attacks are a discreet way cyber criminals are using to make money off the unsuspecting.

Though it is probably the most popular way of telling that you are under attack, there are other subtle and perhaps less ferocious cyber attacks. There’s a form of adware gradually going mainstream. Besides redirecting, the virus goes ahead and alters your default search engine to something weird.

You start your PC, ready to browse the web, but once you key in whatever you need to search the web, you are redirected to a page with bizarre search results. It happens often and hurts the unsuspecting!

Pop-ads are yet another sign your computer is under an immense adware attack.

Simple as they appear, these pop-ads can be a source of immense misery, hurt your typical browsing habits and perhaps steal valuable data as you browse.

Many other times, these malicious occurrences make the PC act slower than it normally does, including lowering the average browsing speed and how the computer executes simple tasks. Of course, the phenomenon becomes more suspicious when you note the occurrence yet your PC doesn’t have a heavy program running or when you’re connected to a fast internet.

How Adware Works

Generally, these malicious tools are embedded into ‘free-ware’ or pirated software and act as part of a bundle of payment to the proprietor of the freely downloaded software.

Adware is simple software that comes with integrated advertising materials, including those that trigger redirects and pop-ups.

Mostly, the adware is activated whenever the tool that it is embedded in runs and the PC is connected to the internet.

At the moment, many software developers offer their products as “sponsored software” so that the ad pays for the free services provided. It is a pretty common type of adware and may continue until the user pays to register and thus unlock the ad off the software.

Regardless of how they work, these malicious attacks are very much annoying. Pop-ads waste a lot of time, while redirects and the slowing down of the PC hurt the ordinary performance of the computer. Aside from these, adware can set the stage for various other attacks, including spyware, ransomware and virus attacks.

How to avoid Adware

Tip #1 Never click any suspicious-looking pop-up windows and ads
Tip #2 Don’t answer or reply unsolicited emails and messages
Tip #3 Exercise utmost caution when downloading free software applications

Above all, invest in the best malware removal software. GridinSoft Anti-Malware does a great job!

The post Adware Everywhere: Who Knows What Is Happening? appeared first on Gridinsoft Blog.

What Is Adware And Is It As Lethal As The Other Malicious Programs?

Adware or ad-sponsored software could be subtly harmless or aggravatingly consistent and deadly, depending on a couple of factors.

Mostly, the program is designed to benefit the marketer by collecting information regarding the target’s preferences. But that’s not where their work stops!

It will embark on removing all browser’s restrictions, change programs and browser setting and even alter the most preferred home page, all these happening without the PC owner’s consent. It would sound like a joke until endless and annoying ads pop-up out of nowhere.

However, some Adware programs are rather tolerable, primarily serving as the direct channel to deliver sales messages without those bothersome features. Software like Skype comes with adware in the form of embedded adverts, and they are specifically there to aid in the cost of development. Upon purchasing the premium version, ads are done away with altogether.

More lethal and irksome types that do all kinds of ills, from changing the browser’s default search engine to issuing stupid warnings to trick into buying an item exist. These far more insidious types don’t ask for permission to portray an ad. Typically, they thrive in illegal websites and display all kinds of ad banners, pop-ups, and other bizarre information, often in a more forceful manner.

At least, there are six different and terrifying ways cunning marketers are using to promote and showcase their items. Some of the most prevalent forms of adware include:

1. Numerous, intimidating ads and banners that cover the entire web page or blur the relevant information.
2. In-text ads with information – they tend to appear in-between the page.
3. Automatic video adverts that start to play once the page is opened.
4. Redirects from the main browser page – you are redirected to a particular web store and prompted to buy an item.
5. Pop-ups and pop-unders – you’re led to an online store or a blank page and teased that you’ve won a lottery so that you can submit your details.
6. Couponware, Reminderware, Loyaltyware, PPV, CPV, PopUps, Pop Unders, interruptive, interstitials.

Scammers are scheming and usually target import details such as the computer’s IP address, email address, names, credit card information and other personal data. All of them will be auctioned off to third-party marketers for a colossal sum of money. Quite honestly, adware programs are virtually infinite, and it get’s quite hard to stop all of them. However, just ensure you’ve got a premium, reputable anti-malware software.

The post 6 Terrifying Samples How Marketers Use Adware appeared first on Gridinsoft Blog.