12-23-2018 8:16 AM
For the past six to eight weeks, my AT&T home page has been under attack by an "Adobe Looking" Pop-Up asking to update Flash Player by down loading a new version. Norton has no record of the 'apparent' URL ( ctnew.beastvocal.host/hyllkjit/f7aaaed3/?n=644823345) nor has there been any other sort of nefarious activity among the Bookmarks on my MOJAVE iMac. This site has been blocked numerous times, but keeps returning as the URL probably cycles the address to avoid such blocking.
Seems to me AT&T needs to review, analyze and detoxify ads, pop-ups and other cycling displays for ever-evolving Phishing, hacking or invasion attempts from its home page. Without a 'HazMat Suit' for my operating system, I'm not charging into this attempt any further. I will leave it to those who have invested in large dollar protective code to eradicate things like this.
Solved by: Go to Solution.
12-24-2018 8:42 AM
AT&T Internet customers with a connection speeds of 3.0Mbps or higher can download the Internet Security Suite free of charge. Learn about all the great features of AT&T Internet Security Suite powered by McAfee, including keeping your computer safe and running smoothly.
Please let us know if this information is helpful to you. We are always eager to assist. Lafayette, AT&T Community Specialist
12-30-2018 7:00 AM
Thanks Employee Contributor. I know of the AT&T security package by McAfee, but have chosen NORTON for added flexibility and more Apple friendly utilities and scans. Again, it seems there are no reasonable 'solutions' at the user level as the source URL's evolve with each new "Fake Adobe" Pop-Up. I've counted thirteen so far. I am confidant the fix needs to be at the HOME SCREEN ad displays that are supplying the Pop-Up take over attempts. So far it is merely aggravating, but may become more lethal as I am not the only user, and other family members may opt NOT to 'close and restart' the browser.
12-30-2018 6:11 PM
If you didn't like what ATTCares suggested why did you mark it as a solution?
I'm curious about those "popup ads". When I go to start.att.net I see a little banner ad just below the top blue band and above the slide show frame. I also see two ad frames, one above the other (one happens to be a video), on the right side of the slide show frame. But nothing is popping up in the way I use the term, i.e., covering all or a portion of start.att.net. Each ad, as annoying as they might be, is in its own frame on the page and not "popping" up.
If you are actually seeing ad's "popping up" covering start.att.net then something else is causing that and it isn't att. Which browser are you using? Have you tried a different browser to see if it has the same behavior?
01-06-2019 9:42 AM
Hi & Happy New Year XyZZy!!
The answer to your 1st question is easy. I am completely acceptive of the corporate contributor's reply pointing me toward AT&T provided security 'solutions' for invasion attempts. As I noted in my reply, the solution lies more with the Web Site - WebMaster who programs the channels for the ad or "Ad Choices" to verify the ad channels used on the home page are free from malware, trojans, viruses or phish attempts.
These invasion attempts aren't the customary "pop-up" ad presentations we have been familiar with for decades. These appearances are transfers or diversions to a rapid series of URL's until it lands on one of an apparently selected group of sites that seems to have a 'download' to your hard drive under the guise of a Flash Player update. I listed one URL site in my Dec 23 post, reported to NORTON. Another more recent is: (HyperLink Removed)
The displayed "Adobe Update" screen appears like this:
Any involved user would recognize that the source URL was not that of Adobe's, nor is it displayed in the customary notification from Adobe for an authorized update to Flash Player.
Again, these screens appear only after a series of URL's are displayed in rapid succession (almost like trying to trace a cell phone call) before landing on an apparent selection from a list of URLs that are linked to either the "install" or "close" button, activating some download to target disk. NORTON has no history of these web site/URLs.
So far, there is no apparent invasion to report that either NORTON or I am aware of.
01-06-2019 1:35 PM
Happy New Year to you too.
I don't know where that (popup) dialog is coming from -- your browser or your some other process on your Mac -- but it's not coming from any of the att web pages. They don't ever produce popups like that. I don't care if Norton (or any other AV software) finds nothing. The simple first checks I would do is check your login items and extensions/addons in your browser if any (did you try a different browser? Which browser is that, safari?). If it's nothing obvious there you may have to dig deeper (e.g., check the process list, look for launch agents/daemons, etc.). You can google search for possibilities and/or post to the appropriate Apple Support Communities forum.
01-07-2019 7:40 AM
Thanks again _xyzzy_ ... It is Safari, the most recent Mojave release. I'm looking into Chrome or FireFox as a test environment on a partitioned or remote drive. But first, you're right. I'm headed to the Apple Forums with the same information - although these forums tend to be more critical and less forgiving. (Go Figure)
I'm looking into extensions (as you suggest) and internet network logs, but those 'events' are more than just a handful of entries. I still have the impression that these appearances are related to the cycling ad frames arrayed on the AT&T home page.
In any event, thanks for applying your grey cells to this. You've given an added process to look at.
01-07-2019 11:29 AM
I'm looking into Chrome or FireFox as a test environment on a partitioned or remote drive
FYI, unless the cause is outside of safari, i.e., your OS is corrupted in some way, you should know that you can have any number of browsers on your system. They are all independent of one another. You don''t need to set up separate partitions with entirely separate boot systems just for that. When I suggested to try different browsers I meant simply download them and try them in your existing system. If the problem occurs in them then the cause is your system. If it doesn't then the problem is localized to just your safari.
01-08-2019 8:02 AM
The "separate" concept was only to isolate all new based browsing from ANY other SAFARI-sourced attributes of historical elements just as an overly cautious approach, _xyzzy_. I am 'ancient' enough to remember when Apple OS systems were virtually immune from intrusions and the PC Virus worlds. With your added viewpoint, I'm narrowing down the probable source of these invasions. With luck & persistence they WILL be eliminated.
Thanx again for your input
01-09-2019 10:38 AM
UPDATE this morning... Hi, _xyzzy_ !! The response from Apple Support and the Community was fast and accurate.
Are you sitting down?
It seems the diversion attempts are related to the ads playing in the various areas of the AT&T home page. I was given an article link to the web site 2-spyware.com (there are others, too) that has described my situation and environment exactly. Community reports that had the same issue with the AT&T home page until they followed the resolution instructions and the events have not recurred, though the caution was that they may re-infect as Taboola serves up ads to many web pages and home pages.
Here is the hyperlink to the web page with the pertinent info. Part of the fix involves editing cookies and 'Quick Web Site Search' entries. We'll see what transpires...
This was the paragraph that hooked me:
"Hackers compromise the ad network to push malicious ads"
I'll know this week if the solution is real... Just thought you should see this.
01-09-2019 11:24 AM
Hope you find it. Doesn't look that there's any attempt to really hide it in the system too deeply from what that article you referenced said.
Off topic, but something you should know about posting in these forums when wanting someone to know you are referencing them. Just reference a screen name in a post is no guarantee that person will see it unless they just happen to recheck the thread. Sometimes its easy to miss a thread in the large list of titles.
The preferred way is to type an @ in the reply. You will see a list of posters to the thread you are replying to in a popup menu. Click the name you want to address and it will appear after the @. That way the person gets a notification -- a count next to the bell in the top right of this page. Then the referenced user can check their notifications to find out which thread did the referencing. Only the creator of the thread doesn't need that kind of referencing since they get a notification of updates to their thread. So you should have gotten a notification of updates to this thread but by me typing @HackPhishPopUp as an illustration you should also have additional notification.