Highlighted
Trusted Helper

Scareware Leading to Malware Found with TWC embedded in Domain Name

Hi Spectrum,

 

On two seperate occasions on my Windows 8.1 laptop I have received scareware notices on my machine, when browsing at Yahoo.  But this time just now, it's different because there is a TWC site embedded in the domain, see here:

 

hxxp://tech-sk52.stream/guest/?a=AZ&pagex=0&s1=l208LTI2q8YWILV2kv89EjbI8sGWkq7fOkk7IPweQgW7ilsBET4nTgpwXhtd-1rZNty5ynhHF6UQOzACvKU_Sg%2C%2C&os=Windows&browser=Firefox&isp=Time%20Warner%20Cable%20Internet%20Llc&ip=98.144.XXX.XXX

 

I have replaced the "http" with hxxp to prevent accidental clickage.  Three things to note:

 

1.) I visited Spectrum's page with the different line-up plans about five minutes before the pop-up above as I type this.  This is on Firefox 57.

 

2.) The log out has shown an error message on all browsers that I have.  I reported this to moderator Tyleen who acknowledged that this is an issue, and would be sent to the security people.  The error still persists.

 

3.) Several customers over the last few weeks or so have reported expired encryption certificates.

 

With all three things, there may be old former TWC code that needs to be updated to Spectrum's system and check for host-server updates to the form.

 

Satch

3 REPLIES
Community Manager

Re: Scareware Leading to Malware Found with TWC embedded in Domain Name

Satch, 

 

Thanks for the information.  I have passed it along to the website team.  Specific to #2, they are working on a fix for the log out error and that should be resolved soon. 

 

James 

Expert

Re: Scareware Leading to Malware Found with TWC embedded in Domain Name

Problem is at this site: tech-sk52.stream/guest

Contact them...

 

Trusted Helper

Re: Scareware Leading to Malware Found with TWC embedded in Domain Name


MsRaye wrote:

Problem is at this site: tech-sk52.stream/guest

Contact them...

 


Hi,

I don't want to contact a site putting out scareware pop-ups.  At any rate, it just happened again on my Windows 8.1 laptop.  The early pattern seems to be that I go to the forums here, than read a story on Yahoo, (which has it's own sponsored pages that can lead to bad sites on occasion) than I get a malware link pop-up with a TWC site embedded in the URL.

 

Once again, I have removed the http and replaced it with hxxp:

 

hxxp://os-3lyer1.stream/guest/?a=AZ&pagex=0&s1=l208LTI2q8YWILV2kv89EjbI8sGWkq7fOkk7IPweQgW7ilsBET4nTgpwXhtd-1rZNty5ynhHF6UQOzACvKU_Sg%2C%2C&os=Windows&browser=Firefox&isp=Time%20Warner%20Cable%20Internet%20Llc&ip=98.144.140.100

 

Love being a part of this community, but there is a security risk out there with this forum that concerns me.  For starters, my guess is that the forum needs to be worked on so that it says https:/forums.Spectrum.com.  Maybe a plan to move to a new server?  James, can this be reported to the web host, Lithium?  Maybe they have an upgrade for the forums?

 

Satch