collapse


M Gee

  • Road Captain
  • Country: us
  • Posts: 1698
  • Liked: 1453
  • The user formerly known as hiero
Live-stream malware, adbots, security warnings
« on: July 18, 2018, 17:59 »
Just an FYI heads-up. Some of you already know all of what I'm about to say, some don't. For instance, Drummer Boy experienced a Windows security alert hijack today while watching a Tiz-cycling pirate stream. He mentioned in live chat he'd never heard the like before, and when you get one, it definitely gets your attention.

For the most part, these hijacks don't do any damage. Most don't contain the really nasty-steal-your-passwords-and-your-contact-list-or-ransomware malwares. But some will.

So, some words of warning. For instance, that Windows-security-alert hijack - when your speakers start screaming "Warning, warning, Windows security has detected a severe virus . . ." yada yada yada "CALL THIS NUMBER" etc etc. Just close the page. I don't care what you were doing - close the page. If your browser acts normally now, fine. If it doesn't , close the browser. If you want, you can just close the whole browser the first time - but don't wait until you pass "GO", just close it.

And we all know about those sneaky adverts that don't show you a proper "Close this window" button. You click on the X in the box to close it, and up pops a new window. They've gotten worse in the past couple of years. If you accidentally click them, you may get some malware downloaded, or perhaps even installed.

The pirate sites are bad, but they aren't the only ones. I've seen other sites fall prey to malware adverts. And I suppose some of those malware adverts are hijacked adverts. Anything to make a buck!

So, just have a caution. Microsoft doesn't have any soundblaster security alerts. If your connection page gets hijacked, close it. You may have to close the browser to close the page. You MIGHT even have to open the task manager to shut the browser down. But don't click thru.

I've been live-streaming via pirate streams for years now, but I think those days are coming to an end. I don't do it now unless the stage is particularly good. I would rather download someone else's recording to watch later, than put up with all the malware adverts to use the pirate sites. BTW, I've never considered steephill.tv to be a pirate site, but some people do place it in that category. And I HAVE had that "Windows security alert" page hijack happen while on steephill.

Now, maybe I'll figure out how to use a good Aus proxy, pay for SBS coverage, and watch livestream that way! Then I don't have to tolerate P&P!
  • ReplyReply
  • . . .He had the bit between his teeth, and he loiked the taste, mate . . .

    Mellow Velo

    • Road Captain
    • Country: wales
    • Posts: 2232
    • Liked: 2300
    • Awards: 2015 CQ Vuelta Game winnerVelogames Classics Champion 20142013 CQ Ranking Giro Game
     I had one when watching Tiz cycling a couple of weeks back.
    I just closed down and re-started.
    No problems to report.
  • ReplyReply
  • "Science is a tool for cheaters". An anonymous French PE teacher.

    AG

    • Monument Winner
    • *
    • Country: au
    • Posts: 6511
    • Liked: 3915
    • Awards: Winner, 2013 National Championships prediction gameFan of the Year 2013
    if you have a good Aus proxy - you dont need to pay for SBS, it is free to air.   :)
  • ReplyReply

  • M Gee

    • Road Captain
    • Country: us
    • Posts: 1698
    • Liked: 1453
    • The user formerly known as hiero
    if you have a good Aus proxy - you dont need to pay for SBS, it is free to air.   :)

    Hold on hold on. Free to air is different from live streaming. "Free to air" needs an antenna and a TV receiver. Do you mean that SBS livestreams their broadcast? That would be a BIG WOW! And a super-big :cool!
  • ReplyReply

  • Drummer Boy

    • Road Captain
    • Country: us
    • Posts: 2167
    • Liked: 2424
    • Awards: Post of the year 2015
    Thanks for this thread.

    I think I've stated previously that live streaming is not what it used to be. I really miss CyclingHub. Those feeds were great, and if things went down a, backup would soon appear. But there was no way the powers-that-be were going to tolerate that site forever. Oh well.

    I usually go to Steephill myself, but more and more of those links are to paywall sites. I used to have great luck with the Eurosport links for the English broadcast, but it's been much more difficult this year to get anything reliable.

    One thing that never really works for me is the link attached to the Velorooms Live Chat. Those LIVE TV links are almost always sketchy.

    I had never even heard of Tiz-Cycling until very recently, and at first I had tremendous luck with them. But like most good things, that quickly faded. Today's little episode, as mentioned in the OP, was the weirdest thing I've ever encountered. The Tiz main page even stated, "Be careful with the ads" a warning I had never seen before, and I should've just exited right away. But there was one of those opaque squares in the middle of the screen, with no content, and with a tiny exit X in the upper corner. I come across those almost every time I'm trying to watch a pirate stream, and usually clicking the X makes the window disappear and the stream comes to the forefront.

    Not this time though. As I mentioned in the chat, a crazy stream of download icons started spouting off like a fountain from the middle of my screen, while an alert sound started beeping from my speaker. At that point I was unable to close anything, but I was able to force my Mac to restart. So that's what I did. Once I was rebooted, I checked my downloads folder and there were FORTY different download files, all marked "unknown download." So I sent those to the trash, and as far as I can tell, everything is working fine for me.

    My main question is, if the alert sound itself is fake, why would they make that part of the malware?
    I just don't understand how messing with people is an effective way to spread whatever is they're trying to spread. The more feeds get hijacked, the less likely people are to use them. I just don't get the math here.
  • ReplyReply

  • Drummer Boy

    • Road Captain
    • Country: us
    • Posts: 2167
    • Liked: 2424
    • Awards: Post of the year 2015
    if you have a good Aus proxy - you dont need to pay for SBS, it is free to air.   :)
    Yeah, I used to use then Hola extension for Chrome, and it worked pretty well for getting those Aussie feeds from Steephill. But I don't use Chrome very often, and I was having some weird issues in the past and suspected (based on some things I had read) that Hola might have been contributing. So I deleted it. But that was with an older OS, so I might give it another try...especially with Alpe d'Huez looming on the horizon!
  • ReplyReply

  • M Gee

    • Road Captain
    • Country: us
    • Posts: 1698
    • Liked: 1453
    • The user formerly known as hiero
    Thanks for this thread.

     . . .live streaming is not what it used to be.  . . . no way the powers-that-be were going to tolerate that . . .
    I had never even heard of Tiz-Cycling until very recently, and at first I had tremendous luck with them. But like most good things, that quickly faded.  . . .

    Not this time though. As I mentioned in the chat, a crazy stream of download icons started spouting off like a fountain from the middle of my screen, while an alert sound started beeping from my speaker. At that point I was unable to close anything, but I was able to force my Mac to restart. So that's what I did. Once I was rebooted, I checked my downloads folder and there were FORTY different download files, all marked "unknown download." So I sent those to the trash, and as far as I can tell, everything is working fine for me.

    My main question is, if the alert sound itself is fake, why would they make that part of the malware?
    I just don't understand how messing with people is an effective way to spread whatever is they're trying to spread. The more feeds get hijacked, the less likely people are to use them. I just don't get the math here.

    My experience is very much like yours.

    Some answers.
    *Macs are just as prone to malware as Win.
    *Shutting the box down is a good answer when this stuff happens. If that is what it takes, don't hesitate.
    *Deleting the downloads is A-ok.
    *The "Alert" is a page hijack, works through various scripting techniques, and it is intended to get you to click through to another site that will tell you it can fix your computer - or it will get you to call a "computer tech" service. The "computer tech" service scam makes money by charging the target sucker (you) for a service (which is bogus).
    The other way these things make money is to install malware that collects your data and resells it. Unless you are a prime target like John Podesta was (google it). If you are that big a bigwig, then you don't need my advice because you can afford people that know more than me!   :o :lol  People like that are subject to direct social engineering attacks - somebody tries to fool YOU, specifically YOU, by knowing something about how you respond, and the payoff for them is your passwords.

    *The security alert hijack is not associated with the host pages - like steephill or tiz-cycling. They are taking advantage of those pages. Since sites like steephill and tiz-cycling go with the adverts, and the adverts are provided by companies who bundle, they really don't have much control over getting hijacked. The hackers are working the system - and not to our benefit.
    *The other adverts make money for the person who gets them viewed or clicked thru. Some of those people, obviously, will resort to any shady technique to get you to view or click thru. The advert sponsor may not even be aware of the shady techniques that the ad posters use. It's like the spam spreaders of a few years back (and still there). These ad posters get paid for getting a click-through. So they are gaming the system to make money. SOME of them will also game the system by using the ads to spread malware - which malware provides a 2nd income stream for them.
  • ReplyReply

  • AG

    • Monument Winner
    • *
    • Country: au
    • Posts: 6511
    • Liked: 3915
    • Awards: Winner, 2013 National Championships prediction gameFan of the Year 2013
    Hold on hold on. Free to air is different from live streaming. "Free to air" needs an antenna and a TV receiver. Do you mean that SBS livestreams their broadcast? That would be a BIG WOW! And a super-big :cool!

    yes they livestream the broadcast (SBS on Demand) - they actually have a great app for tablets that streams it as well (Skoda Tour Tracker )
  • ReplyReply

  • Arb

    • Road Captain
    • Country: an
    • Posts: 2332
    • Liked: 542
    They are pretty good at blacklisting VPNs though.

    Good thread, I agree the dodgy streams are getting worse (for all sports not just cycling). I recently got a "security warning" while trying to get to a legit site.
  • ReplyReply

  • Gotland

    • Hot Prospect
    • *
    • Country: se
    • Posts: 472
    • Liked: 404
    • Awards: New Member of the Year 2013
    A bare minimum of add-ons on firefox when watching dodgy streams should be ublock origin, privacy badger and https everywhere. Possibly no-script too, but it breaks sites and demands a little bit of fiddling to get sites working. If you can't be bothered with Linux, but for extra safety, consider installing a virtual machine onto your  box and use some mainline Linux distro.
  • ReplyReply
  • "Emma is Queen of consistency" Peloton Watch

    M Gee

    • Road Captain
    • Country: us
    • Posts: 1698
    • Liked: 1453
    • The user formerly known as hiero
    A bare minimum of add-ons on firefox when watching dodgy streams should be ublock origin, privacy badger and https everywhere. Possibly no-script too, but it breaks sites and demands a little bit of fiddling to get sites working. If you can't be bothered with Linux, but for extra safety, consider installing a virtual machine onto your  box and use some mainline Linux distro.
    The problem I've had with VMs in linux is the video quality. It is worse than bad - it was 1992 primitive last year when I was playing with it. No way it could handle anything over 480 pixels, as I recall. I agree w/ you on no-script. I'll check out the others.
  • ReplyReply

  • Tashatam

    • Coach Potato
    • Country: gb
    • Posts: 1
    • Liked: 0
    I note you don't mention the reason why Tiz Cycling is currently using a "stream with adverts", even though it has been publicised repeatedly on the site.  So to set the record straight, it is because the "owners" of the Tour de France, are more interested in preventing people from watching the race than in more essential matters such as crowd control.  If ASO haven't managed to sell a license to some broadcaster in your country, no Tour de France for you unless you watch a pirate stream or use a VPN to hack into a legal stream such as ITV Hub or Eurosport Player.

    You don't mention that the site has been telling people how to avoid problems with those ads ever since that stream came into use.  And you suggest that Cycling Hub was closed down by the authorities, which was not the case at all.

    So perhaps the purpose of your post was negative publicity as part of the campaign to shut Tiz Cycling  down?
  • ReplyReply

  • M Gee

    • Road Captain
    • Country: us
    • Posts: 1698
    • Liked: 1453
    • The user formerly known as hiero
    . . .

    So perhaps the purpose of your post was negative publicity as part of the campaign to shut Tiz Cycling  down?

    Simple answer to that. No.

    And Tiz puts up adverts to make money. No skin off my nose - it keeps him online. As a pirate site, he's been top-notch, afaic.
  • ReplyReply

  • AG

    • Monument Winner
    • *
    • Country: au
    • Posts: 6511
    • Liked: 3915
    • Awards: Winner, 2013 National Championships prediction gameFan of the Year 2013

    So perhaps the purpose of your post was negative publicity as part of the campaign to shut Tiz Cycling  down?

    settle down there ...

    MG was highlighting an issue with computer security - something we are all concerned about when using pirated feeds.

    If you read further back he says


    *The security alert hijack is not associated with the host pages - like steephill or tiz-cycling. They are taking advantage of those pages. Since sites like steephill and tiz-cycling go with the adverts, and the adverts are provided by companies who bundle, they really don't have much control over getting hijacked. The hackers are working the system - and not to our benefit.



    we are talking about hacking and malware - not trying to get tiz cycling (or anyone else) shut down
  • ReplyReply

  •  

    Recent Posts

    Re: Men's Kits 2019 by Servais Knavendish
    [December 10, 2018, 16:45]


    Re: Men's Kits 2019 by Leadbelly
    [December 10, 2018, 16:27]


    Re: Riders & team Twitter tweets (noteworthy and/or frivolous) by Leadbelly
    [December 10, 2018, 14:43]


    Re: [2.2] Vuelta al Tachira by Leadbelly
    [December 10, 2018, 12:12]


    Re: [2.1] Vuelta a San Juan by Leadbelly
    [December 08, 2018, 14:22]


    Re: [2.2] Vuelta al Tachira by Leadbelly
    [December 08, 2018, 11:42]



    Top
    Back to top