Annoying recurring popup saying things like “Your Norton has expired” or “Your McAfee has expired”

This popup recurs every minute or sometimes less, while you are using your browser. It disappears, and you think it is gone, but then it is back.

What has happened is that the bad people have tricked you into giving permission to one of their servers running in the cloud to show notification popups in your browser. And now they are trying to use that fingerhold on your system to try and seduce/annoy you into downloading and installing some software that will do some actual damage. It is a phishing attack.

There are two main routes to disaster. Firstly, clicking on the link in the popup and downloading anything it points you to, no matter what it says it is.  Secondly, searching for a solution on the Internet and believing any of the posts that say you need to download and run program X to solve the problem. Almost all of these posts are from the same bad people.

The permission would have been set up by a website (probably hacked) that you visited. The permission grant will have been disguised as something you thought was okay to click the button to grant. You probably barely noticed.

What almost nobody will tell you is that all you need to do to get rid of the problem again is to go into your browser settings and turn off the permission you inadvertently gave to show notification popups. Simple, but true, and the bad people do not want the news to spread, so I am posting it on my own site and everywhere else that I can reach. How do you know this solution is safe? Well, nothing is hidden, you do all the actions yourself, and the only actions you take are to turn permissions off.

I got the right answer from this forum thread: https://support.google.com/chrome/thread/17013978?hl=en . Unfortunately, the good stuff doesn’t even show up until you expand to see all comments. It has been creatively buried. The good answer is by Dominic Diehl, posted on 23 October 2019, and here it is.

The rogue website tricked you into (1) granting notifications for a domain. Originally, this was becausenightisbetter.com, but there are now other variations. This site also installed a (2) service worker in your browser. Service workers have the ability to react on messages from some server. This can be useful, e.g. if you want to be notified of new messages of your favourite website. It can also be misused, if the remote server sends you annoying or even potentially harmful messages.

1) Turn off notifications for becausenightisbetter.com, or any other domains that look suspicious to you:

Chrome:
https://support.google.com/chrome/answer/3220216?co=GENIE.Platform%3DDesktop&hl=en

Firefox:
https://support.mozilla.org/en-US/kb/push-notifications-firefox#w_how-do-i-revoke-web-push-permissions-for-a-specific-site

2) Remove the service worker:

Chrome:
1. Open up the following URL to manage your service workers:
   chrome://serviceworker-internals/
2. Delete the entries of the malicious domains

Firefox:
1. Open up the following URL to manage your service workers:
   about:serviceworkers
2. Delete the entries of the malicious domains

Deleting a service worker should never be a problem, as it would be reinstalled the next time you visit the website

Garden hygiene

Coming back to my little neglected garden I have had, of course, to clear away quite a few of the usual Internet brambles. Some of them, however, turned out to have some surprisingly amusing flowers. Here are a few samples from my comment spam:

“On this modern day planet, it really is tricky to ignore the speed of time. Aside from the information that come for you from all directions, you can even experience the strain offered through the globe of manner. The style pattern always runs quicker then the calender.”

“It is not often that I come across a blog that is both educational and informative. You really hit the nail to the head.”

“I’m actually inspired together with your writing abilities and also with that the layout to your weblog. Is this a paid subject matter or did you customize it yourself? Either line of attack keep up the first-rate high quality writing, it can be uncommon to see a nice weblog such as this one today.”

“whoah this weblog is wonderful i love reading your posts. Stay up the great paintings!”

“Aw, this was a actually nice post. In concept I would for example to put in writing something like this additionally ? taking time and precise effort to make a very first-rate article?but what can I say?I procrastinate alot and by no method seem to uncover one thing done.”

You really couldn’t make it up, could you?

And therein…

And therein lies… well, anything I want, really. The rub, perhaps – apparently a bowling term for a green defect causing a deviation in the path of a bowl, back before Shakespeare. Never said I was perfect. Or the difference, according to Mark E. Smith, whose work was always going to be the inspiration for the name of this domain.

And I am… the author of Dave Green’s Weblog on MSDN, now departed the Microship. I linked this blog from there before I left, just in case of incredulity.