The Exploit

Comcast, a large internet provider for many home and business users, was the target of a sophisticated social engineering / malware attack. The new tech support threat, outlined by MalwareBytes, tricks users into thinking they have an infection on their computer and that they should call a fake Comcast tech support number to remove said infection. The exploit/malware is delivered through an infected website that a user can browser to through a google adword ad found on the Xfinity search page.

The exploit works as follows:

  1. The user will search the Xfininity portal
  2. An ad appears comparing Comcast to DirectTV
  3. If the ad is clicked it will redirect the user to an infected website that installs malware on the users machine
  4. The malware then opens a fake Comcast webpage stating that the computer is infected and to call tech support to remove the infection
  5. The tech support number directs you to the attackers help desk in which they charge a fee to remove the infection that they put there.

Be Safe

More and more, legit-looking advertising served on major websites turns out to be malicious. Attackers and scammers pay for and post ads that they hope you will click on. But if you click on those ads, you get redirected to a compromised website. That malicious site might infect your computer with ransomware, and/or display popups that claim your PC has a virus and tell you to dial a toll-free number. If you call that number it will be answered by scammers who claim they are Microsoft or another legitimate company but will try to charge your credit card to fix your computer. What to do? You need to stay vigilant at all times and “Think Before You Click“:

  • Don’t click on links in emails but go to the website you want to visit using your browser.
  • Do not click on display ads on websites but go to the website you want to visit using your browser.
  • If you get popups that claim your computer has a virus and you need to dial a toll-free number, close your browser, and if this happens in the office, call your IT helpdesk or

In the office, IT will update your computer with the latest versions of software, but at the house you also need to update your applications to their latest versions. If you don’t do that, and you wind up on a compromised website, it will try to install malware on your computer. Remember, both in the office and at the house, you need to “Think Before You Click