Jump to content

David H. Lipman

  • Content Count

  • Joined

  • Last visited

  • Days Won


Posts posted by David H. Lipman

  1. If you are asking if Malwarebytes supplies malware samples to the general public.  The answer is no.

    However there is a quid pro quo for those who submit quality malware samples inline with the provided submission guidelines.    If the submissions are quality, Malwarebytes personnel, who are Malware Researchers, may choose to elevate that member to "Malware Hunters" status.  Once a member is in the group Malware Hunters, the member can then download samples that other members have submitted.


  2. A "Keylogger" is just another form of trojan.  One should not think just about this trojan sub-type of malware but should think holistically about the ingress of all sorts of malware.  This begins with practicing Safe Hex.  That means use Critical Thought about what you see and what is presented to you and ask those all important questions.  Understand Social Engineering and how its exploits the human vulnerabilities and emotions.  Don't willy-nilly click on URLs.  Have Situational Awareness and learn about the threats that were presented Yesterday and are being presented Today.  Performing them, and using an anti malware like MBAM or MBAM couples with a full anti virus application, will go along way in preventing malware from infecting your platform(s). 

    Yes, MBAM Premium specifically targets, blocks and removes Keylogging trojans.

  3. Large companies holding Personally Identifiable Information ( PII )  and their failure to protect that data and/or share that data without your expressed permission is a problem.  Limiting your exposure to having a large number of web sites having PII is a start.  For example if you have five doctors that each tell you to create an Internet, web, account, don't do it for any of them.  Send companies you have subscription and leases with a Right of Privacy and Opt-Out notification.   Tell them they are legally bound to protect your data and they are NOT allowed to share that data or collect meta data.

    However, if a stolen password is current and can be used at a banking or other financial site or a site that contains PII can lead to Identity Theft and can have greater and more profound consequences.

    You stated...
    " Also, once all that info is in the wrong hands, no amount of Password changing will make up for the SS #'s, mother maiden names, etc will get it off the internet. "

    With fixed data such as a SS#, yes.  However sites that have challenge questions or ask your mother maiden name have them change the information or ask something new.  This would go for any compromised challenge question answers.

  4. This is purely a scam and they send those emails out en masse hoping one or two bite at the bait.  

    Just delete the email and then change your email password to a new Strong Password just to make sure.

    Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach.  That is most likely how they had a partial password you had in the past.


    Please reference:
    US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims
    US FTC Consumer Information - How to avoid a Bitcoin blackmail scam
    MyOnlinesecurity - attempted-blackmail-scam-watching-porn
    BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites
    Malwarebytes' Blog - Sextortion emails: They’re probably not watching you
    Malwarebytes Forum sample thread - Got strange threating email.
    Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current



  5. It sucked and it should never have been created. 

    It was proof the Microsoft failed to learn the lesson of the "Coca Cola and Pepsi" dominance battle.  It created a data push platform using a lousy GUI and generated content where none was requested.

    Good Riddance !

  6. It's a matter of semantics.  It really doesn't hijack the Browser.  It uses code to overwhelm the browser and make it use an ever increasing amount of resources.  That is to lend credulity to the concept of being infected and the PC needing service and to give the impetus to make the call.  When a Browser is hijacked, it is forced to not visit the web sites you want to go to, it goes to the web sites the malicious actor in control of the software wants you to visit and see the content of.

    Killing the Browser process in a FakeAlert relieves the issue because the Browser is no longer hitting the FakeAlert web site and running its malicious code.  When a Browser is hijacked there is malicious code like a Browser Helper Object (BHO) or other form of DLL that is causing the Browser to act in a particular fashion.  Killing the Browser process does not change that fact.  Once the Browser is reloaded the Browser remains in the control of the software.  You have to remove that software that is plugged-into the Browser to stop the hijacking process.

    So, because the FakeAlert is driven by HTML that is only loaded when one visits the FakeAlert site, this isn't really a "browser hijack" as that is truly a function of software that has infected the computer and controls the Browser.

    One may state that I am splitting hairs and maybe I am.  I did not want to be pedant in pointing that out earlier in the thread because to the the victim, the ultimate effect is the Browser appears to be hijacked.  However because we have gotten into the minutia I think this fine point is worth detailing.  The vast majority, think that software on the PC drives the screens of the FakeAlert and they miss the fact that it is merely a form of malvertisement driven by a web page.  Since the actions of the Browser is merely HTML and Killing the Browser process ameliorates the problem, the Browser isn't hijacked.  To be hijacked, the Browser would still be affected when the Browser is restarted.

    exile360 touches on an interesting point, as I believe the Browser authors could do a better job in thwarting the code most often used in making the Browser use an ever increasing amount of resources.  You would still see the content [  FakeAlert-Screens.pdf  /  Flash Version ] but the Browser would not become unresponsive and make the PC crawl like a snail.


  7. Similar to these ?

    I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education.  They are all  videos from real web sites.  ALL are FRAUDS.

    All these have one thing in common and they have nothing to do with any software on your PC.  They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened.  From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds.


    I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf  /  Flash Version  In it you'll find several MAC/Apple related FakeAlerts which I believe you ae seeing.

    US FBI PSA - Tech Support Fraud
    US FTC Consumer Information -  Tech Support Scams
    US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio
    US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams
    Malwarebytes' Blog - Search on - "tech support scams"
    Malwarebytes' Blog - "Tech support scams: help and resource page"

    1.  Also located at "My Online Security" - Some videos of typical tech support scams


  8. 8 hours ago, Amaroq_Starwind said:

    Actually, @UltraDyne maybe you can give WehnTrust a try. Also, if the latest version of Firefox or Tor Browser still runs on Windows XP, then you can also use the Malwarebytes browser extension.

    A PC running an old unsupported OS that is a "standalone system!" where "...proprietary hardware and/or software being used with the machine that requires a specific OS and service pack level which prohibits installing any major updates/making any significant changes (such as installing SP3) " as indicated by the OP should not even be used for Internet Browsing. Tor is used for privacy, not INFOSEC/COMSEC.  When such a platform is not used in such a fashion, it becomes an Appliance and the role it takes in its environment precludes such activity.  However such a PC is still vulnerable to Internet Worms and TCP/IP exploitation, the Insider Threat and other activities that are heightened by the age of the OS and the lack of manufacturer support in an aggressive hacktivisim and exploit environment that we face Today.

    Such an Appliance needs isolation and protection.  For example, if it must be connected to the LAN then maybe there should be an external Firewall and/or Proxy node placed between the platform and and the LAN.  Blocking all but the required communication the Appliance is used for.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.