Windows 10: Sudden Phishing Attack or Rootkit or Virus ????

I have no idea what is happening. I have seen the attempt just this afternoon on three of my networked PC's but, SO FAR, Malwarebytes AntiMalware Premium has blocked attempts on all three. Malwarebytes says "Malicious Website" - "Category: Phishing". This PC system is Windows 10 (Build 18362.628) and besides Malwarebytes, I have Bitdefender Total Security installed. The other two PC's where I have seen the same blocked attempt, are also Windows 10. The blocked attempt is outgoing, where "C:\Windows\System32\svchost.exe" is trying to connect to Domain: ipv4.login.msa.akadns6.net - IP Address: 40.90.137.126 - Port: 443

Can someone please tell me what is going on? I have temporarily disabled Bitdefender Anti-Virus module on one machine and I have started an online scan with the "Sophos Virus Removal Tool".

Thank you!!

:)

 

phishing scam?

Hi Marie,

There are different types of Phishing scam, and the one that you received might be probably a
"Deceptive Phishing" or "System Reconfiguration Attacks". For you to prevent receiving a phishing email and to be more aware about scams, we suggest that you report it by following the steps on this
link. There are tips as well on the said link on how to determine a phishing email.

We're looking forward to your feedback.

 

Phishing attacks

Since purchasing a new Windows 10 / Edge PC less than a month ago, it has undergone two phishing / malware attacks.
The perpetrators would like you to think that their messages are Microsoft generated (I have screenshots if anyone is interested).
Note that both Windows Defender and McAfee LiveSafe are active on this machine.



Is there a way to block these attacks? Thank you.



Carter

 

Phishing attacks

There is currently a thread pinned at the top of the Virus and Malware, Windows Defender forum where discussions relating to the Edge browser Start page (part of MSN) receiving such phishing attacks, including "Technical Support" scams, had occurred in depth.

This example shows clearly that these attacks are most typically occurring via the advertising networks and certain specific ads displayed by the primary website being visited, in this case MSN.com.

So the point here is that the malware purveyors have moved from attacks delivered directly from websites that they've previously infiltrated and injected with malware to sending often non-malicious (e.g. no true malware) web page popups containing phishing
or other scam related content.

With these popups the use of anti-malware applications tends to be less effective, since there's no true malware involved to detect. Though some security applications such as Malwarebytes Anti-Malware and possibly others attempt to detect and block these
via the scripts or other content, this has seen varied success and doesn't truly get at the root of the problem.

Looking more closely at the problem, it soon becomes evident that those who've chosen to move away from leaving a browser open on popular websites that contain advertising, such as MSN, Yahoo or similar news sites, are having fewer issues. That's because
the built-in Windows 8.1/10 or 3rd-party applications they're often using aren't directly browser driven, so the advertisements are typically handled differently as well.

If you're not willing to make this drastic of a change, the other option is to look seriously at the Privacy settings in the browser and Windows itself relating to privacy and advertising.

Phishing and similar attacks are typically targeted at those individuals or user accounts seen as likely to respond, so configure Windows to not "Let apps use your Advertising ID..." and limit other types of tracking via browser settings such as "Send Do
Not Track requests..." to sites visited or "block Third-party Cookies". These settings will make any advertisements displayed less likely to be of personal interest, but also less likely to be chosen as a potential target for these phishing popups.

Ad Blocker applications may work at least partially, but have the negative effect that they tend to slow the browser and are really just treating the attack after the fact, while the above settings keep the user and/or PC they're using from being chosen
as a target in the first place. Or in the case of not using the web browser, avoiding the problem altogether.

None of these techniques are foolproof, but they are the easiest solutions available until you can completely make the transition away from the now outdated and problematic web browser as a method for accessing daily information via the Internet.

Rob