Fake AV TOAD Ads

This one isn’t an email I know it is something that has been around awhile. I’ve seen a lot more of these in the past week or so.

First, a web browser is presented an ad in the middle of a news article that looks like a continue button to read the rest of the story. If the user would scroll down just a bit, they’d see the rest of their article but they see a “continue” button and click it without thinking.

Here is a screenshot of the ad seen.

Once clicked, they are initially brought to a Google ad landing page that just presents another Continue button:

Once they click this Continue button, they’re brought to the fake ad page, which tries to put the browser into full screen mode, shows malware alerts and has a computer generated voice warning about a malware infection. This is intended to cause a panic in the user so they’ll call the provided phone number, which would result in a likely fraudulent charge or perhaps a refund scam.

Note my virtual environment here shaded the screen and prompted for permission to go full screen. The URL is in the z13.web.core.windows.net subdomain, owned by Microsoft. Doing a search for this subdomain provides a number of discussions about the volume of malicious sites hosted here. I recommend blocking this subdomain for all environments.

-Matt

Leave a Reply

Your email address will not be published. Required fields are marked *