Windows 10 reached EOS (end of support) on October 14, 2025. For more information, see this article.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Fraud links being inserted into Firefox web pages - I have tracked some links to Blackmath.net and mobszo.com and I want to stop this.

  • 2 uphendule
  • 3 zinale nkinga
  • 17 views
  • Igcine ukuphendulwa ngu Wombat_AU

Radix_M
Radix_M
more options

links are appearing on some web pages in a similar form to AdWords but they are not AdWords. Worse, some are hidden in legitimate links on the web page. Clicking one of these opened a new tab that took me to a site that was after my cell phone number and the fine print said that by providing the number I was subscribing to a "premium content service". Any attempt to close the tab failed.

I have also noticed that I can no longer play videos. I have updated to the latest version of Shockwave and Acrobat but this has not solved the problem.

My suspicion is that either Shockwave or Acrobat has a security flaw in it that has been exploited. The links go to Blackmath.com and Mobszo.com before putting me onto a hotdeals.com web page based upon my location. I have taken screenshots of the process if anyone needs to see the process.

links are appearing on some web pages in a similar form to AdWords but they are not AdWords. Worse, some are hidden in legitimate links on the web page. Clicking one of these opened a new tab that took me to a site that was after my cell phone number and the fine print said that by providing the number I was subscribing to a "premium content service". Any attempt to close the tab failed. I have also noticed that I can no longer play videos. I have updated to the latest version of Shockwave and Acrobat but this has not solved the problem. My suspicion is that either Shockwave or Acrobat has a security flaw in it that has been exploited. The links go to Blackmath.com and Mobszo.com before putting me onto a hotdeals.com web page based upon my location. I have taken screenshots of the process if anyone needs to see the process.

All Replies (2)

cor-el
cor-el
  • Moderator
more options

Do a malware check with some malware scanning programs on the Windows computer.
You need to scan with all programs because each program detects different malware.
Make sure that you update each program to get the latest version of their databases before doing a scan.

You can also do a check for a rootkit infection with TDSSKiller.

See also:

Wombat_AU
Wombat_AU
more options

After much disabling and enabling etc I narrowed the problem (or similar) down to using the 'OneClickDownloader' "Extension" and 'Shockwave Flash' "Plugin".

Anti virus or malware etc scans were of no use.

Of course the Shockwave thingo is legit although it apparently has some exploit weaknesses.

My bad for installing an extension not from the mozilla extensions site. I have read elsewhere that another down loader program was doing the same thing... embedding scam links in to a web page using some list of common keywords.

So spread the word. Hope that helps. Regards.