Solved

Mobgifts

  • 13 June 2012
  • 7 replies
  • 85 views

Hi, my name is John Deth. I'm a first time poster here.
Anyway, I've been using Webroot SecureAnywhere Mobile for the past seven months and am extremely satisfied with it (it runs faster, more efficiently and gives me fewer headaches than Netqin), but lately I've noticed a popup appearing on my mobile browser called "Mo.gifts.org" that tries to shut off the site I'm on and take me directly to their site. There's no way to even go to a new window, the only ways to escape are to either click OK on the popup or push the Home button, then go to Settings, then force close and clear the Browser. I should point out that I don't even go to any suspicious sites, these popups came up when I was on perfectly safe sites, namely ESPN.com.

What I'm wondering is this: Is Webroot aware of this problem and are they planning to take action to stop this potential threat?
 
**edit for useful subject line
-admin
icon

Best answer by JimM 19 June 2012, 19:24

View original

7 replies

Userlevel 2
Looks like this is popping up for both iOS and Android devices. I will ask our threat team what they think.
 
In the mean time, if you clear your browsers cache, does it still pop up?
 
Let us know of any recent apps that you have installed just  before this started.
 
More info:
Java script in the browser seems to be the enabler of the culprit. Site owners will need to deal with this in the mean time, as I don't see a way of security apps stopping this, at this time.
Userlevel 7
Hey JohnDeth,
 
Welcome to the Webroot Community and thank you for bringing this issue to our attention! :D
 
As djames pointed out, it seems like this (very persistent) "ad" has plagued a number of Android and iOS users and seemingly just started recently!
 
Our threat team is currently looking into this aggressive ad, but each isolated case gives them a better idea of what they're dealing with. I have opened a support ticket for you and am sending you instructions (to the email address you used to register here on the Community) to gather the necessary mobile logs. Please check your email for this message and we will continue the conversation along with troubleshooting steps through our support system!
 
Also, as a temporary workaround for this issue, you can disable Java Script in your default mobile browser. To do so, when you are in the browser, click or tap your Android menu button, tap "settings", and find the "Enable JavaScript" setting and un-check it (may show up under "settings" or you may have to tap "advanced" depending on your mobile device).
 
Thanks,
Userlevel 7
I would suggest putting in a feature request in the Ideas Exchange area for the ability to block hyperactive javascript ads via our browser, SecureWeb.  While all the feedback I'm hearing internally is that it's technically impossible to block the javascript in a third party browser or the Android default browser due to permissions involved in doing so, it may be possible to deal with this type of ad in our own SecureWeb browser.  I put in an internal feature request for this feature already, but it always helps to get momentum for any idea when the Community participates in moving it forward.  Please make a topic in the Ideas Exchange and add your kudos to it if you think this is worth doing.
Hi, I cannot get these ads to show up. Does it only happen in particular browsers? Or only in particular GEO areas, like UK, CA, but not US? What site(s) are you on when they happen and how long / how many page views before they start to popup? This is very interesting to me and I really would like to know the ad networks behind this.
 
Please let me know, thank you.
 
John B.
Userlevel 2
The person who started the thread mentioned ESPN.com, so you could try there.
yes I have been using my phone browser and going to espn.com and other sites users reported seeing these ads and they are not showing up. I have been using mine and a friend's phone, we both have galaxy s2's on sprint. When you were able to get these pops, were you on wifi? or using 3g/4g? I'm just trying to duplicate the issue but I can't so these pops can't be showing to EVERYBODY....there's gotta be something in common that all the people that are getting these popups share that I do not have.
Userlevel 7
John,
 
It's not necessarily a technical commonality that must exist on the device for the people who see these ads to be receiving them.  More likely the ads were streaming in via an ad server at a particular time and then ceased.  Looking around the internet, I'm seeing a lot of different websites being reported as sites that had this kind of ad on them for a period of time, but going to those sites now results in no malicious ad appearance.  That would be because the site admins had the offending ads removed.  Since this kind of awful ad is a detraction from any website, site owners seem to be pretty quick to have those kinds of ads removed quickly.

Reply