Possible Malware: Core Insight Express AI
|
|
OP
Joined: Sep 2009
|
core.insightexpressai.com
While I was working on the web site Lyric Wikia, I hit an edit button, a normal oft-used procedure for this site on which you add information about singers, albums, and so on. As I hit the edit button, I think a new window popped up. I must have closed it quickly, I don't know. It all happened so fast, like my browser got redirected. I was able to cut and paste the url in Google, which lead me to information about malware associated with insightexpressai.
I don't know what this means. I'm going to dig around my computer to see if anything looks odd. If anyone has any suggestions I'd appreciate it. I haven't seen anything like this before.
I have more info, but I would like to talk to an experienced person privately. Thanks.
Firefox 39.0.3
Edited to add: lyrics.wikia.com
Firefox addons: Ad Block Plus HTTPS Everywhere 1 Password Amazon add-on button YouTube High Definitoin
Last edited by deniro; 11/03/15 01:52 AM.
|
|
Re: Possible Malware: Core Insight Express AI
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
The Web site at core.insightexpressai.com has been used in the past by advertising malware aimed at Windows computers. It has never, to my knowledge, had a Mac version. It attempts a drive-by download of advertising malware if you're browsing from Windows, but as you're on a Mac, you should be okay.
|
|
Re: Possible Malware: Core Insight Express AI
|
|
OP
Joined: Sep 2009
|
Last edited by deniro; 11/03/15 05:58 PM.
|
|
Re: Possible Malware: Core Insight Express AI
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
PMing is turned off at FTM...has been since day one.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Possible Malware: Core Insight Express AI
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
PMing is turned off at FTM...has been since day one. That includes the moderators
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: Possible Malware: Core Insight Express AI
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
The last link contains these instructions for removing the malware from OS X: Then press return button to hold ‘alt’ on the keyboard and right click on the Finder icon to select Relaunch button. Close the window to browse to C: Windows, delete all executable files identical to systematic ones, such as svchost.exe and winlogon.exe in the sub-directories and remove temp folders under System32. There seems some confusion here, as Mac OS X doesn't have a C\Windows directory or a System32 directory. Generally, it seems like this site does two things: 1. On Windows, attempts to download software that causes its ads to pop up. 2. On Macs, attempts to pop up windows that are hard to remove--force quitting and then restarting the browser seems to resolve the issue. I haven't seen any evidence that it actually downloads malware to Macs, though.
|
|
Re: Possible Malware: Core Insight Express AI
|
|
OP
Joined: Sep 2009
|
If PM is turned off, then someone should delete that choice from the preferences under My Stuff.
|
|
Re: Possible Malware: Core Insight Express AI
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
Indeed. Unfortunately, the software doesn't offer a graceful way to do this; it can only be done by hand-editing the PHP code. And those changes disappear every time a new update is installed.
|
|
Re: Possible Malware: Core Insight Express AI
|
|
OP
Joined: Sep 2009
|
Today I was at YouTube when I was given a pop-up message that my version of Flash was outdated and that I should dowload the latest version.
Problem is, I didn't have Flash installed. I uninstalled it a long time ago. I still have the uninstaller. After this recent coreinsight hijack, I did a lot of housecleaning, including installing a new version of Firefox, deleting cookies and caches and so on, running Onyx.
Moroever, the Flash update started downloading on its own, and the file name didn't look like the usual Flash update filenames. I've downloaded many of them over the years, as you might expect. For one thing, the file name didn't include a version number and the file itself was dowloading quickly, suggesting a smaller file than usual.
I'd also like to say that, despite using AdBlock Plus and having pop-ups blocked in Firefox, I install encounter a lot of pop-ups. I'm on Firefox 39.0.3 because the new versions conflict with my version of 1Password.
I don't know if any of this means anything.
|
|
Re: Possible Malware: Core Insight Express AI
|
Joined: Aug 2009
Likes: 4
|
Joined: Aug 2009
Likes: 4 |
The latest version of Flash Player is 19.0.0.245, which was released a couple days ago. Go directly to adobe.com to acquire same.
When you install it, just before finishing it asks how you would like to access updates. I always check the box which states never to update automatically. I always go to Adobe independently.
I'm running Adblock Plus (2.6.11) on Firefox 41.0.2 with popups blocked as well and don't encounter popups at all.
|
|
Re: Possible Malware: Core Insight Express AI
|
|
Joined: Aug 2009
|
For one thing, the file name didn't include a version number and the file itself was dowloading quickly, suggesting a smaller file than usual. That particular part is actually normal. Adobe's been pushing a downloader for quite awhile now. You download this little thing, and it checks your computer to figure out what version you have and what updater works best for you, and then it downloads that instead, and runs it. It doesn't even have the common courtesy to download a normal installer, or even to somewhere you can SEE. It downloads to a hidden folder and launches the actual installer automatically. Makes it a pain to deploy to many computers.
I work for the Department of Redundancy Department
|
|
Re: Possible Malware: Core Insight Express AI
|
Joined: Aug 2009
Likes: 8
|
Joined: Aug 2009
Likes: 8 |
You can also check for updates and initiate the download process through the Flash Preference in System Preferences.
On a Mac since 1984. Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
|
|
Re: Possible Malware: Core Insight Express AI
|
|
OP
Joined: Sep 2009
|
Seems to be some confusion here.
I didn't have Flash installed because I don't use it anymore. I deleted it a long time ago along with any traces of it, e.g. prefs. I don't want Flash Player and I don't want to download it. I see no point in that.
Nothing should be downloading itself to my computer without my permission or any action from me. I've never been an "automatic update" guy.
One other dubious add-on, which I had enabled, is Clip Converter. Google revealed some people complaining that it downloaded malware.
Edit: Correction. I never deleted every trace of Flash. EasyFind tells me there are all kinds of Flash and Adobe files on my computer, most of which I know nothing about and therefore leave alone.
Maybe I will download a version of Flash and then uninstall it.
Last edited by deniro; 11/13/15 08:16 PM.
|
|
Re: Possible Malware: Core Insight Express AI
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Moroever, the Flash update started downloading on its own.... I dunno if there's such a thing as a maliciously crafted video, but that quoted segment stinks on ice.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
|
|