David H. Lipman

Experts
  • Content count

    12,674
  • Joined

  • Last visited

  • Days Won

    1

About David H. Lipman

  • Rank
    Dave

Contact Methods

  • Website URL
    http://multi-av.thespykiller.co.uk

Profile Information

  • Location
    Jersey Shore USA
  • Interests
    Malware Research, dSLR Photography, Numismatics & Surf Fishing

Recent Profile Visitors

99,825 profile views
  1. Malware & Personal Information

    No. Not unless you have specific information on a particular malware detection known for data harvesting. You should also think about the role the computer plays. A "personal" computer used by a singular person may have personal data. A "family" computer, used by family members, should not have personal information on it. This is to prevent that personal information being obtained by other family members who should not have access to it as well as any "mistakes" a family member may make that "you" may not make.
  2. Adblock extension site-blocks

    So you are " stating MBAM is falsely blocking these sites ". I will request this thread moved to; False Positives --> Website Blocking
  3. Adblock extension site-blocks

    Are you requesting these sites to be blocked or are you stating MBAM is falsely blocking these sites ?
  4. Why did MBAM flag Azureus.exe as malware?

    Other than being an Outbound connection to the IP, everything else is conjecture. inetnum: 46.172.192.0 - 46.172.223.255 netname: KRYMINFOSTROY-NET country: RU org: ORG-KRYM1-RIPE admin-c: MANG1-RIPE tech-c: MANG1-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: KRYMINFO-MNT mnt-routes: KRYMINFO-MNT mnt-domains: KRYMINFO-MNT notify: alexnvis@gmail.com created: 2010-12-27T16:47:47Z last-modified: 2016-04-14T10:19:02Z source: RIPE sponsoring-org: ORG-Vs35-RIPE organisation: ORG-KRYM1-RIPE org-name: Krym Infostroy Ltd. org-type: OTHER address: Russia, Simferopol, Kievskaya 136 e-mail: admin@megabit.pl.ua abuse-c: AR30404-RIPE mnt-ref: KRYMINFO-MNT mnt-by: KRYMINFO-MNT created: 2010-12-13T14:48:33Z last-modified: 2015-01-16T21:27:58Z source: RIPE
  5. How do I brush up on my IT skills?

    To understand malware means to understand an operating system in-depth and malicious activity. That all begins with a good foundation in programming starting with machine code and ending with interpreted and compiled languages. CompTIA A+ only concentrates on hardware and a little on networking. For understanding distributed computing and capacity planning you'll need to understand computer technology and thus a Baccalaureate in Computer Science is suggested.
  6. How do I brush up on my IT skills?

    What are your objectives ? Database administration Domain administration Computer forensics Ethical hacking Penetration testing Network protocols and Routing Help desk Web site administration Distributed computing
  7. Why did MBAM flag Azureus.exe as malware?

    46.172.212.116 - Belongs too the Russian Federation. Is that OK with you ?
  8. Right ! - You won't. It's fake. It's a con. Did you view the PDF or Flash ScreenShow of FakeAlert screens ?
  9. Your PC was not the cause of this event and the FakeAlert does not drop malware. Below are two graphics of two other sites using the same syntax. I know this series well.
  10. It is 100% fraud, not a hoax. It is not a hoax because it is not a fake story and their is deliberant intent for its creation. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. I have created a 1series of videos generated from these fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version ** I submitted this site on your behalf; Microsoft FakeAlert Reference: US FBI PSA - Tech Support Scam 1. Also located at "My Online Security" - Some videos of typical tech support scams
  11. ANSWERED Malicious webpage after logging in to Yahoo

    RE: Microsoft FakeAlert I have submitted the FakeAlert on your behalf so this site can be blocked.
  12. 01.04.

    And I thought that to be an "Easter Egg".
  13. Understanding about malwares

    Like I wrote, there really isn't an "infected" picture concept. They are designed to be malicious. Regular pictures ( graphics ) that we use every day don't get "infected" and in the cases of such malicious graphics it takes VB script, JavaScript or some utility to extract it. Even a malicious graphic by itself is harmless. Like a pathogen in a Petri Dish or vial, it is contained and safe to handle. That is just as long as you don't open it or break the container.
  14. Understanding about malwares

    The concept of an "infected" graphic is a complex subject matter and one can not easily state a graphic can be infected. To be infected, one has to have a legitimate graphic file where malicious code is injected into it and when the graphic is rendered it infects a system. That just doesn't happen. Just like a Tick can carry Lyme disease and Rocky Mountain spotted fever, the Tick is not infected with those diseases. It carries them. Graphic files such as GIF may be deliberately malformed to exploit a vulnerability in a graphic file rendering subsystem such as GDIPlus. There is a concept called steganography where algorithmically a binary can be embedded withing a graphic file. One legitimate use of Steganography is to embed an object to secure digital copyright over the content. One illegitimate use of Steganography is to embed stolen documents in graphic files in order to exfiltrate data in "plain site". There have been experiments where malware has been embedded within a graphic file and there have been implementations as a malware delivery system. However, they require a file extraction utility or function to remove an executable binary from within the graphic file. It is a very inefficient system and thus rarely used. There have been some Brazillian Banker ( aka; Bancos ) files that have a malicious binary mathematically added to a graphic file. A compromised web host may have files dropped that may appear as a JPEG but when you view them, its like viewing static. Nothing but noise. Not even a Jackson Pollack order in chaos type image. However a Banload trojan may download said file and will go to to an Offset Value such as 0xAAE in the graphic and XOR the rest of that JPEG with a value such as 0x80 and extract a DLL or EXE file. However that JPEG was not "infected". It was designed to be malicious and is thus a a kind of trojan. This is done so the files can "hide in plain site". If one comes across the JPEG, it appears to be just that, a JPEG. it is only when you know the Offset and XOR Key value do you know there is more to the file than meets the eye. If a DLL or EXE was hosted directly AV software or a human can easily detect and remove it/them. By using such a scheme the file will have a longer life span on that compromised host. Thus extending the efficacy of the malware's objective. In short, viewing and working with graphical files one will not get one infected. Graphic file by themselves are not "infectors". They can be carriers and they can be malformed to Exploit a vulnerability but they do not directly infect systems. Since they are not infectors, they do not spread malware.