Jump to content

David H. Lipman

Experts
  • Content Count

    14,265
  • Joined

  • Days Won

    1

About David H. Lipman

  • Rank
    Dave

Contact Methods

  • Website URL
    http://multi-av.thespykiller.co.uk

Profile Information

  • Location
    Jersey Shore USA
  • Interests
    Malware Research, dSLR Photography, Numismatics & Surf Fishing

Recent Profile Visitors

103,923 profile views
  1. Understanding STIR/SHAKEN - ( Secure Telephony Identity Revisited / Secure Handling of Asserted information using toKENs ) Public Key Infrastructure ( PKI ) for telephony. "Criminals and unscrupulous robocallers often alter the calling number of their outbound telephone calls in order to deceive the called party. This deception can be as simple as changing the calling number so it appears that a neighbor is calling. This deception increases the chance that the called party will answer a robocall. In other cases, the deception may be more malicious such as a fraudster impersonating an IRS agent in order to steal a tax refund. This practice of altering the calling number of a telephone call is known as spoofing. The Federal Communications Commission (FCC) has been encouraging the telecommunications industry to develop a solution to stop robocalls and spoofed calling numbers since 2014. The industry’s response has been to develop a new technology standard called STIR [1] (Secure Telephony Identity Revisited) and SHAKEN [2] (Secure Handling of Asserted information using toKENs) which defines how telephone service providers should implement the STIR technology to ensure calling numbers are not spoofed. How STIR/SHAKEN works STIR/SHAKEN uses digital certificates, based on common public key cryptography techniques, to ensure the calling number of a telephone call is secure. In simple terms, each telephone service provider obtains their digital certificate from a certificate authority who is trusted by other telephone service providers. The certificate technology enables the called party to verify that the calling number is accurate and has not been spoofed. The details of how SHAKEN uses public key infrastructure is explained in our whitepaper on Certificate Management for STIR/SHAKEN." https://transnexus.com/whitepapers/understanding-stir-shaken/
  2. The Windows Group Policy Editor, gpedit.msc, is native component only in Windows 10 Professional and Windows 10 Enterprise, and not the Home version.
  3. I don't believe there is one. MBAM does not enumerate all files and then scan them. MBAM just scans structures until they are completed.
  4. Thanx Ron. If it is a vulnerability on XP and Windows 7, Windows Vista is not affected ?
  5. One would have to view or let Outlook Preview an email that is stored in a PST. The email can't auto-perform this. Thus, this is most likely associated with the email InBox and not an email stored in a folder.
  6. Who knows. Perhaps the Romanian site was also known to be a Command and Control (C2) site associated with Ransomware but co-located on the same IP. But as I noted Romania is well documented as being associated with spam. That ties in more with email than Ransomware. What is often the case, it is MORE important to detect and block a given site than correctly classify or give a detection for a specific identification. For example a given malware may be detected generically or heuristically and not detected specifically as a particular family named trojan. Same goes for classification of a web site. I dealt with a site that was a Fraud site that was committing a DMCA violation by stealing another Forum's content but it was classified as "Phishing" and not "Fraud".
  7. That's correct. Outlook.exe would connect to a TCP port for SMTP, POP3 and/or IMAP. Otherwise, it could be an email that was received. Time is the key. What were you doing in email at the time the MBAM Pop-Up notification came to be?
  8. It is not evidence of malware because the external communication came from ...\Office16\OUTLOOK.EXE which is Microsoft Outlook email. But it is indicative of something that transpired within the email client and since it handles email, one presumes that it is sourced to a particular email message. If you can isolate the particular email message, delete it.
  9. The question is... What in you email needs to go out to gown-plan.com [ Web site is hosted by Next Stride SRL, Romania ] over TCP/UDP port 58109 ? Romania is well known for producing spam.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.