Not sure if there is a better method than what I am about to do, but recently the frequency of phishing attacks to get people to click on fake updates for Firefox have increased and I want to put an end to this potential issue.
Initially the issue was once in a while this pop up would happen. But more recently its been happening more often then before with my daughter and my wifes computers having this pop up when on Facebook so its getting triggered somewhere in Facebook.
All computers are clean, no malware.
Many years ago i use to just add a entry to HOSTS file and have it redirect to 127.0.0.1 and that would kill off navigating to bad sites, but I havent had to do the HOSTS redirect to 127.0.0.1 HOME trick in years and there has to be better methods of killing off phishing.
So the issue thats popping up is this one as I shared a ways back:
http://www.computerhope.com/forum/index.php/topic,157201.0.htmlWhere a pop up that looks like you need to update shows and it tries to trick people into running a malicious script. The path to the script that is malicious is dynamically created and its a one time path. That is right as that system is targeted for phishing attack that path is live, but a second later the dynamic path is dead. I feel the group thats running this malicious phishing attack is doing this to hide what they are up to. This way if you bring the URL path to some authority and say they are up to no good, it cant be proven because the path is dead and its no longer offering download of malicious script from that dynamic URL.
So thats it, I am just going to kill off any and all URLs coming from where ever the host is so that it doesnt matter what dynamic naming convention is used beyond that of the domain name that is being uses for hosting phishing attacks.
We all run Firefox browser and I found this which I am hoping is going to be the solution:
https://addons.mozilla.org/en-US/firefox/addon/blocksite/But this doesnt stop the initially fishing attack from each domain, it would only allow ability to stop future phishing attacks from domains that have already been used to phish from, so I would need myself or family member to stop and contact me and then myself copy/paste the URL to notepad to add to my black list list. And then add that domain and wild cards to it so that any and all variant pathing is dead.
Is this the best direction to go with this or is there a proactive vs reactive method that I can implement that is free or low cost to stop this phishing nonsense?
Additionally its kind of a shame that the URL path to being able to download and run this script is dead a second after its phishing for you to run it. I'd really like to run it in a sandbox and see what exactly they are targeting. But the systems that this is popping up on are highly configured/customized systems and its not worth it to intentionally infect one of them the next time the opportunity arises. However maybe I could get my wife to use facebook from a VM and when it pops up in the VM contact me in which I would close out her facebook and run the script within the confines of the VM and see what its up to. However I am also tempted to just play it safe and not poke a stick at it and see if it bites and with what venom type.
The bad domains by the way are:
https: //eekumyoutube . org
and
https: //meihitravelfeeder . org
so far... there may be other domains using this same exact phishing method but I only have these 2 screenshots to see where they are originating from. Also to note that these sites have the GREEN VERIFIED LOCK symbol top left to make it look safe when its likely is far from safe.
[attachment deleted by admin to conserve space]