News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Firefox users don’t be fooled: The “Contact Windows support” message is fake.

    Home Forums AskWoody blog Firefox users don’t be fooled: The “Contact Windows support” message is fake.

    Tagged: 

    Viewing 12 reply threads
    • Author
      Posts
      • #1999817 Reply
        woody
        Da Boss

        Scary. Dan Goodin at Ars Technica takes a shovel to this message, now appearing in Firefox: Apparently the message appears as the result of a bug in F
        [See the full post at: Firefox users don’t be fooled: The “Contact Windows support” message is fake.]

        4 users thanked author for this post.
      • #1999825 Reply
        Microfix
        AskWoody MVP

        reminds me of the GWX popup where the red [x] didn’t work..
        Have MSFT set a new acceptable standard employed by miscreants?
        one wonders..

        Win7 Pro x86/x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 |
        1 user thanked author for this post.
      • #1999824 Reply
        anonymous
        Guest

        It makes me sad that people sadly still fall for this kind of stuff. But thanks for the heads up.

      • #1999855 Reply
        anonymous
        Guest

        All the more reason for folks to become familiar with about:config  for Firefox settings and disable some of the allowed web page actions that can sometimes be exploited. That and the usual no-script and other related plugins.

        Really no webpage should be able to trap and divert the Red X event from closing the browser or any little x for a browser tab. Well It’s time to sit back and wait for Mozilla to fix that issue and I’m still on Firefox 69.0.1 for a little while longer.

        I wish Firefox/Mozilla would list and offer for download the 3 most recent updates instead of only the latest available update so users had an easier way of updating to one of the 3 most recent Firefox updates instead of the newest version only. I was getting ready to update to 69.0.3 but then Firefox 70 dropped and I’ll always wait a week or 2 before installing the latest just to see what may be broken.

        All that auto restart the browser where it left off functionality has always been ripe for exploitation as well and that’s more functionality to disable.  Browsers have all become mini OSs in their own right but wrapped in sieve instead of a properly sandboxed environment.

        1 user thanked author for this post.
        • #1999865 Reply
          Microfix
          AskWoody MVP

          In the same vain, this is precisely why I stick with ESR versions of firefox, for stability, reliability without daft hiccups and in using about:config with security extensions, anchored down.
          IDN_show_punycode ring any bells with anyone?

          Win7 Pro x86/x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 |
          2 users thanked author for this post.
          • #1999948 Reply
            anonymous
            Guest

            Yep. There wasn’t really any excuse for that was there. There are many others that ring my bell and yours as well, I’m sure (e.g. disabling userChrome.css and userContent.css by default), but I don’t want to get OT …. kids today.

            – CA –

        • #1999886 Reply
          OscarCP
          AskWoody Plus

          I hope this gets fixed quickly, for FF regular users’ sake. Considering the bad reviews the new version of FF is been getting, I am staying with version 69.0 until some security problem affecting 69.0 seriously requires an upgrade to 7x.y, whatever ‘x’ and ‘y’ might  be by then. Now days I use FF only occasionally, so it’s upgrade issues are not necessarily a big concern for me. As to this latest problem with FF, from what I have been reading here, it looks like it affects only the version: 70.0. (Right?)

          This is in contrast with the situation with IE11, that I no longer use, so it is also not my default browser anymore (Waterfox is that now), but one needs to keep updating, as soon as it is safe to do so, because it is closely linked to the operating system. That is one more reason for seriously considering signing up with some outfit offering support service for Win 7 after EOL.

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      • #1999874 Reply
        anonymous
        Guest

        This may be a dumb question, but it sounds as if all one needs to do is open Firefox and one will be hit with this scam page. Is that really true, or does one need to land on an infected site or ad or … etc. in order to be hit?

        • #1999945 Reply
          anonymous
          Guest

          The payload is delivered via Javascript (not Java). At present, it appears to originate from one or more ad networks (scam Windows support site ads). If the browser loads an advertisement with the “bad” Javascript, then ooops!

          Adblockers (e.g. uBlock) and NoScript (stops script from executing) add-ons should prevent the problem from occurring.

          – CA –

          1 user thanked author for this post.
      • #1999899 Reply
        Ken Sims
        AskWoody Plus

        The prompt is from Basic Authentication on the site and is just another scam attempt.

        The only Firefox issue is being unable to Cancel out of it or close the window normally.

        And even that is probably just a tight Javascript loop and probably not actually a bug in the strict sense.

      • #1999951 Reply
        anonymous
        Guest

        Since someone asked, most every flavor and version of Firefox can be downloaded here:

        Mozilla Direct

        – CA –

        2 users thanked author for this post.
      • #2000142 Reply
        DrBonzo
        AskWoody Plus

        I hope this doesn’t sound abrasive and perhaps I’m missing something – and I hope someone will tell me if either of the preceding is the case – but what’s the big deal here? These sorts of pop-up windows used to occur from time to time with IE 11. Sometimes the only way out was to force a shutdown of the computer. So, is the big deal just that it’s happening with FireFox, or that when Firefox is restarted the pop-up window appears again, …, or, something else?

        Also, you do have to land on an infected site or ad in order for the pop-up window to appear, correct? The Ars Technica article almost makes it sound like the pop-up window appears just by opening Firefox.

        • #2000170 Reply
          OscarCP
          AskWoody Plus

          DrBonzo, the Ars Technica article speaks of an infected site, so, according to that, it is not something within FF that will cause the problem to show up as soon one starts it and one’s homepage comes up (unless one’ homepage is infected…)

          Also, it is a scam to trap people clueless enough to make the phone call the ominous message directs them to make to a certain phone number to get the Register “unlocked”, which is where, in reality, the evil deed is to be completed. This is pretty much the Web version of the “We shall start legal proceedings against you unless…!” telephone scam. People not clueless, such as yourself, only have to put up with the momentary discomfort of, at worst, having to restart their machines. But it is annoying — and it shouldn’t happen, in the first place. This looks to me like another black eye for Mozilla & FF.

           

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

          2 users thanked author for this post.
      • #2000262 Reply
        Hopper15
        AskWoody Lounger

        This hit me one day when I was using firefox this past September. It totally locks up your browser.  Indeed The only way I could close firefox was through the task manager

        • This reply was modified 6 months, 3 weeks ago by Hopper15.
        • #2000601 Reply
          anonymous
          Guest

          Yes and then Firefox(on its restart) detects that It’s been closed via the non usual, in the Task Manager manager, method of killing the process so Firefox(Other Browsers as well) have functionality to auto recover the Abended(Abend in IBM/Computing parlance is: abnormal end) Browser Session and right back to the same session with the locked UI Script nefariousness that’s blocking the Window’s Red X functionality, and it’s deja vu all over again.

          Firefox’s issue is that Firefox’s disable popups actually does not disable all the different popup events when the user turns on popup blocking in Firefox so the end user needs to go into the about:config Firefox settings and set that string of different pop-up event permissions to null/blank and disable some of kit and all of caboodle.

          Some web pages my not function properly with all the Firefox popup functionality really disabled but I have found that it’s necessary in order to stop all the popup related nefariousness that happens on some webpages. IE’s popup blocker blocks more popup events when enabled and then queries the user with an Option to temporarily enable popups on a web page for that browser session only.

          But I really do not trust any web browser auto Browser/Tab session recovery solutions being enabled as that’s so ripe for nefarious abuse.

      • #2000259 Reply
        anonymous
        Guest

        If I read the code correctly, what it appears to be doing is redirecting the user to admin@current.site, which causes Firefox to display a user/password prompt. Right after that prompt, it redirects you to the page again, which creates a loop, displaying the user/password prompt again. And since Firefox’s authentication prompt is modal (which it has been since 3.0 at least), you can’t click on the main window, and so you can’t close the page.

        The proposed fix right now seems to be to simply not allow URLS in the user@site format. Though, personally, I think the real fix is to do just to make the authentication prompt not be modal. That’s been proposed for years.

        Chrome’s authentication prompt is not modal. It is a simple overlay. And that is why this cannot affect it.

      • #2000395 Reply
        John
        AskWoody Lounger

        I don’t use Firefox a lot, but in the past Firefox has always had more issues with these fake security sites. I remember a couple weeks ago using Firefox and came across one of these attacks while on Reuters.com. I was reading a article and all of a sudden I was redirected to a fake security warning site.

        • #2000639 Reply
          anonymous
          Guest

          That’s why folks need their security software’s Browser Plugins for real time web protection to catch the redirects and block them and warn the user. But it really looks like no-script is the best script because of the lack of vetting requirements placed on websites and those website’s ad partners that are the primary source of the problem.

          It’s getting to the point that all web based ads/ad scripts need to be pre-vetted by some oversight vetting agency and some methods of vetting all the ads in advance for all sorts of potential abusive Web Based/Scripted nefariousness. So until that happens then no-script/other Plugins are really necessary.

          Really that Red X in the upper right corner should be generating an OS level event even when the mouse pointer is just hovering over that Red X Button client area and if the Application is unable to service the close request the OS should maybe intercede after a few button clicks and the OS should ask the user of they want to kill the process.

          Those Modal Dialog Boxes should never have allowed that Red X Button Press event to remain trapped at the application level. It’s really the OS that needs to be in the loop and in MS’s case it’s Windows after all so the OS always needs to respond to that Red X button event regardless of the application’s state.

      • #2000645 Reply
        fernlady
        AskWoody Lounger

        I’m using FF 70.0.1 with uBlock Origin. Do I also need “NoScript Security Suite”?

        Windows 7 Home Premium x64 AMD Group A Realtek PCLe GBE Family Controller

        • #2000759 Reply
          anonymous
          Guest

          NoScript might nullify this malicious kind of advertisement. NoScript’s policy of default denial makes it a good idea to use alongside uBlock Origin as you have to think about granting specific permission of which domain’s scripts run inside a page.

          • #2000762 Reply
            fernlady
            AskWoody Lounger

            I’ll give it a try. Thank you.

            Windows 7 Home Premium x64 AMD Group A Realtek PCLe GBE Family Controller

      • #2000773 Reply
        OscarCP
        AskWoody Plus

        This is a really curious fact: I use Waterfox for most things. It is, in fact, my default browser both in the Win 7 PC and in the Mac. Use Firefox: very rarely (at most once every third or fourth blue moon) and I have never had, nor do I have now, this problem people using FF are experiencing, or any other that resembles it. And Waterfox is a fork of FireFox that, in many respects, hews closely to FF.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

    Viewing 12 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Firefox users don’t be fooled: The “Contact Windows support” message is fake.

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.