courtsecurity.com dialog box has freaked me?

lugoteehalt · 11-02-2009, 12:03 AM

Know little about security and have only been on the internet for a few days, so imagine my dismay when I get a dialog box from "Court Security Group", which suddenly appears. The other boxes won't work untill I deal with it.

It has a blue ? and it says that there are indications of virus or malware and I should click OK for a free cleansing. Foolishly, perhaps, I click its 'cancel' button and it is replaced with another one saying: (this time with a red !) that the stuff need to be got rid of soonest.

So shut down the computer.

courtsecurity.com appears to be an unused site that is for sale. "Court Security Group" I cannot find with a cursory search.

Should I panic? It worries me that it was sort of more than a popup - other windows would not respond when it was open.

[it should have been: courtsecuritygroup.com, not courtsecurity.com]

aus9 · 11-02-2009, 12:46 AM

hi

if you are on linux...try firefox or its re-named cousin iceweasel and click on preferences and check the box to block popups

I went there and received no popups

smeezekitty · 11-02-2009, 01:55 AM

Quote:

hi

if you are on linux...try firefox or its re-named cousin iceweasel and click on preferences and check the box to block popups

I went there and received no popups

you shoud use firefox on windows and linux.
@the original poster
i dont think its going to do any harm if your on linux.

lugoteehalt · 11-02-2009, 02:12 AM

Thanks. Got the name wrong: it is courtsecuritygroup.com.

Entered courtsecuritygroup.com in google and got:

Quote:

Safe Browsing
Diagnostic page for courtsecuritygroup.net
What is the current listing status for courtsecuritygroup.net?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 12 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-11-01, and the last time suspicious content was found on this site was on 2009-11-01.
This site was hosted on 1 network(s) including AS1680 (NetVision).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, courtsecuritygroup.net did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 36 domain(s), including gudren.isuisse.com/, st-barths.com/, sepularmy.net/.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Updated 24 hours ago
©2008 Google - Google Home

Most of the links were highly suspicious of courtsecuritygroup.

Problem is: when I restarted the computer (or, perhaps merely started a new session, can't recall) and went back to the iceape virtual desktop the dialog boxes were still there. I clicked the close this X on the border and a page appeared with a lot of fast activity on it. Took about 1 second to (apparently) shut this down - but it might have done something to the computer in this period.

This is very paranoia inducing, only been on internet a couple of days. Could they have picked me up because I've been asking security questions?

How to find out if anything has been done to computer?

salasi · 11-02-2009, 03:33 AM

Quote:

Originally Posted by lugoteehalt

Problem is: when I restarted the computer (or, perhaps merely started a new session, can't recall) and went back to the iceape virtual desktop the dialog boxes were still there. I clicked the close this X on the border and a page appeared with a lot of fast activity on it. Took about 1 second to (apparently) shut this down - but it might have done something to the computer in this period.

This is very paranoia inducing, only been on internet a couple of days. Could they have picked me up because I've been asking security questions?

The rest of your message is consistent with a site that gives you pop ups telling you that your installation is corrupt/infected and that they will cure it for you. Mostly this is a ploy to get otherwise uninfected computers (or even people in a technical class that I'll call suckers with already-infected computers) to give them permission to install new malware.

Note that they don't much care whether your computer is already infected and don't check. All that they want is to give you new malware.

Unless you have clicked on something on their site, they probably have not been generous enough to give you new malware (and with things being what they are, their malware installer may well only do anything with Windows).

What is unclear to me is how you ended up at this site: did you go there entirely optionally (ie, you chose to go there) or did something else automatically take you there? The latter case would be worrying, in the former you may not have anything to worry about.

I doubt they have picked on you in any way; they don't much care who they get, provided that they haul people in.

At this point, if you had an intrusion detector I would advise you to give it a run; maybe you want to try root kit hunter, or something?

BTW, if you want something paranoia-inducing you might want to try
http://whattheinternetknowsaboutyou..../overview.html
just for grins.

tredegar · 11-02-2009, 04:53 AM

courtsecuritygroup.com is rubbish.

I run linux only and it tells me it is scanning my C: and D: drives (I don't have C or D drives, just / ), finding viruses and malware (a downright lie!).

Then it gives me a "Windows Security Alert!" and wants me to install and run install.exe which is no doubt some windows trojan / malware.

No thanks.

lugoteehalt · 11-02-2009, 03:21 PM

Thanks.

Quote:

Originally Posted by salasi

What is unclear to me is how you ended up at this site: did you go there entirely optionally (ie, you chose to go there) or did something else automatically take you there? The latter case would be worrying, in the former you may not have anything to worry about.

At this point, if you had an intrusion detector I would advise you to give it a run; maybe you want to try root kit hunter, or something?

It was the latter case:

Quote:

The latter case would be worrying

Installed rkhunter and ran it and about half of it was warnings:

Code:

System checks summary
=====================

File properties checks...
    Files checked: 133
    Suspect files: 104

Rootkit checks...
    Rootkits checked : 113
    Possible rootkits: 0

Applications checks...
    Applications checked: 3
    Suspect applications: 0

The system checks took: 1 minute and 44 seconds

All results have been written to the logfile (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

{Some typical excerpts from said log}

[20:22:40] /bin/chmod                                        [ Warning ]
[20:22:40] Warning: The file properties have changed:
[20:22:40]          File: /bin/chmod
[20:22:40]          Current hash: e90f00a3a78b488981af11de5dfc9934eb3c1616
[20:22:40]          Stored hash : dd7dbdf5138131e6ddb1f61c1f052a4c

[20:22:47] Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script text executable

[20:23:01] /sbin/modprobe                                    [ OK ]

To be frank I'm not much wiser. Perhaps was freaking unnecessarily because of inexperience.

The router keeps a small log on its website.

Tredegar: The dialog boxes said nothing about windows, but what you say is comforting.