Endpoint Protection

 View Only

  • 1.  "Google Chrome Critical ERROR" Browser Hijack

    Posted Mar 09, 2018 03:04 PM
      |   view attached

    Have had 2 senior Exec. Assistants get this today from an email.  Both are running full versions of SEP 14.0.3876.1100

    How is this getting by SEP?

    Screen grab attached

     



  • 2.  RE: "Google Chrome Critical ERROR" Browser Hijack

    Posted Mar 09, 2018 03:12 PM

    SEP doesn't have a signature/detection available to detect it. Did it download a file or just go to a website? If a file then it will need to be submitted for analysis. If just a website then IPS would come into play. Again, no detection from it though so I believe the link can be submitted for analysis as well. I would suggest adding the site to your URL block list though. 



  • 3.  RE: "Google Chrome Critical ERROR" Browser Hijack

    Posted Mar 09, 2018 03:24 PM

    One user stated they where on eBay when they got it so I can't block that.  This is very disconcerting that SEP doesn't detect this!



  • 4.  RE: "Google Chrome Critical ERROR" Browser Hijack

    Posted Mar 09, 2018 03:27 PM

    They likely clicked on an advertisement on ebay that re-directed them to this site. Either way a detection wasn't available.



  • 5.  RE: "Google Chrome Critical ERROR" Browser Hijack

    Posted Mar 12, 2018 05:56 AM

    Hi thedominion,

    Thanks for the post.  This is a good example of how End User Security Awareness is absolute key.  SEP has various signatures against Fake Tech Support but the best and most appropriate defense is trained end users who can recognize the attempted scam.  Trained users are the best protection against social engineering, phishing, and so on.  Sounds like your senior Exec. Assistants were aware and knew not to call and to raise awareness of the scam.   



  • 6.  RE: "Google Chrome Critical ERROR" Browser Hijack

    Posted Mar 12, 2018 08:48 AM

    Yes we have a proactive program for phishing and the like but that does'nt answer why we pay Symantec for a product that doesn't detect drive-by scams like this?



  • 7.  RE: "Google Chrome Critical ERROR" Browser Hijack

    Posted Mar 12, 2018 08:51 AM

    SEP does detect it via the IPS component. It didn't detect this particular one though due to lack of a matching signature. No endpoint security product is 100% effective. The fact that you have a proactive program to teach your users about phishing is a nice security layer to have as well.



  • 8.  RE: "Google Chrome Critical ERROR" Browser Hijack
    Best Answer

    Posted Mar 12, 2018 09:33 AM

    Hi again,

    There are about 150 IPS signatures specifically against this sort of attack...

    Web Attack: Fake TechSupport Domains
    Web Attack: Fake TechSupport Domains 2
    Web Attack: Fake Tech Support Scams
    Web Attack: Fake Tech Support Website
    Web Attack: Fake Tech Support Website 10
    Web Attack: Fake Tech Support Website 100

    etc

    Those are constantly updated in response to the threat landscape.  Still, these attacks work largely through confidence tricks rather than malicious code.  End user education is always the most powerful defense against social enginnering. 

    The following guides are aimed more at consumers than enterprise customers, but are worth sharing:

    https://www.symantec.com/about/legal/anti-piracy/tech-support-scams

    https://us.norton.com/internetsecurity-online-scams-how-to-recognize-and-avoid-tech-support-scams.html

    Hope this helps! 



  • 9.  RE: "Google Chrome Critical ERROR" Browser Hijack

    Posted Mar 13, 2018 12:12 PM

    Hi again thedominion,

    Please do update this thread with any additional questions or mark it solved if you have received your answer.  It's still marked "Thread Needs Solution."