Jump to content

David H. Lipman

Experts
  • Content Count

    14,254
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. Understanding STIR/SHAKEN - ( Secure Telephony Identity Revisited / Secure Handling of Asserted information using toKENs ) Public Key Infrastructure ( PKI ) for telephony. "Criminals and unscrupulous robocallers often alter the calling number of their outbound telephone calls in order to deceive the called party. This deception can be as simple as changing the calling number so it appears that a neighbor is calling. This deception increases the chance that the called party will answer a robocall. In other cases, the deception may be more malicious such as a fraudster impersonating an IRS agent in order to steal a tax refund. This practice of altering the calling number of a telephone call is known as spoofing. The Federal Communications Commission (FCC) has been encouraging the telecommunications industry to develop a solution to stop robocalls and spoofed calling numbers since 2014. The industry’s response has been to develop a new technology standard called STIR [1] (Secure Telephony Identity Revisited) and SHAKEN [2] (Secure Handling of Asserted information using toKENs) which defines how telephone service providers should implement the STIR technology to ensure calling numbers are not spoofed. How STIR/SHAKEN works STIR/SHAKEN uses digital certificates, based on common public key cryptography techniques, to ensure the calling number of a telephone call is secure. In simple terms, each telephone service provider obtains their digital certificate from a certificate authority who is trusted by other telephone service providers. The certificate technology enables the called party to verify that the calling number is accurate and has not been spoofed. The details of how SHAKEN uses public key infrastructure is explained in our whitepaper on Certificate Management for STIR/SHAKEN." https://transnexus.com/whitepapers/understanding-stir-shaken/
  2. The Windows Group Policy Editor, gpedit.msc, is native component only in Windows 10 Professional and Windows 10 Enterprise, and not the Home version.
  3. I don't believe there is one. MBAM does not enumerate all files and then scan them. MBAM just scans structures until they are completed.
  4. Thanx Ron. If it is a vulnerability on XP and Windows 7, Windows Vista is not affected ?
  5. One would have to view or let Outlook Preview an email that is stored in a PST. The email can't auto-perform this. Thus, this is most likely associated with the email InBox and not an email stored in a folder.
  6. Who knows. Perhaps the Romanian site was also known to be a Command and Control (C2) site associated with Ransomware but co-located on the same IP. But as I noted Romania is well documented as being associated with spam. That ties in more with email than Ransomware. What is often the case, it is MORE important to detect and block a given site than correctly classify or give a detection for a specific identification. For example a given malware may be detected generically or heuristically and not detected specifically as a particular family named trojan. Same goes for classification of a web site. I dealt with a site that was a Fraud site that was committing a DMCA violation by stealing another Forum's content but it was classified as "Phishing" and not "Fraud".
  7. That's correct. Outlook.exe would connect to a TCP port for SMTP, POP3 and/or IMAP. Otherwise, it could be an email that was received. Time is the key. What were you doing in email at the time the MBAM Pop-Up notification came to be?
  8. It is not evidence of malware because the external communication came from ...\Office16\OUTLOOK.EXE which is Microsoft Outlook email. But it is indicative of something that transpired within the email client and since it handles email, one presumes that it is sourced to a particular email message. If you can isolate the particular email message, delete it.
  9. The question is... What in you email needs to go out to gown-plan.com [ Web site is hosted by Next Stride SRL, Romania ] over TCP/UDP port 58109 ? Romania is well known for producing spam.
  10. Malwarebytes' signatures will target the AutoRun worm and the anti exploit module will prevent the OS from being infected. There is no reason to format the Flash Drive unless it was really empty to begin with or it is new. There are KNOWN events where Flash Drives are deliberately made to be malicious and are then sold in that state. Packaged and sealed products from known manufacturers and vendors have the lowest propensity for this. Used drives bought 2cnd hand have a much higher propensity of bearing a malicious payload.
  11. En inglés por favor El Emotet es un troyano, no un virus. Virus Total no siempre vuelve a seleccionar la detección de Malwarebytes 'Anti-Malware (MBAM). MBAM utilizará la detección heurística para detectar malware que no está disponible en el motor de MBAM que se usa en Virus Total. Si tiene el archivo físico, adjúntelo en un archivo ZIP, RAR o 7zip en Newest Malware Threats
  12. That helps... gpedt.msc <> gpedit.msc So if it is trying to hide in plain site by a slightly altered name, that could mean something. It could be named .msc but that may be a label and not a file extension. Look in the Control Panel applet "Program and Features" for "gpedt.msc"
  13. It is the Group Policy Editor. Please leave it alone. Reference: https://www.ghacks.net/2017/06/10/windows-msc-files-overview/
  14. This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current
  15. Yes. There is no malware on your PC as a causative factor. They are just malvertisements. Yes.
  16. David H. Lipman

    customer

    This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. This is not malware but it is malicious activity. It is also not a sign of iPower being "infected". Email headers can be forged and they make it seem like the email was sent by the recipient but if you look at the email headers in RAW format, you will see that the email did emanate from another source. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.