Jump to content

David H. Lipman

  • Content Count

  • Joined

  • Last visited

  • Days Won


Posts posted by David H. Lipman

  1. A Google Search on; 8004859316  shows that number is associated with an established Tech Support Scammer/Spammer.

    I don't know why you are showing picture of text on paper and I don't understand the history of the software purchase and installation.  It sounds like a version of Malwarebytes' software was repackaged with some remote access software.

    The best place to obtain Malwarebytes software is directly from Malwarebytes and a license or licenses from a reputable reseller.

    I suggest you have your PC checked out by a trained Malware Removal specialist.  Please read this;  I'm infected - What do I do now?  and then  create a Post in;  Windows Malware Removal Help & Support


    US FBI PSA - Tech Support Fraud
    US FTC Consumer Information -  Tech Support Scams
    US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio
    US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams
    Malwarebytes' Blog - Search on - "tech support scams"
    Malwarebytes' Blog - "Tech support scams: help and resource page"



  2. FBI Warns of Sextortion Attempts in Arizona


    PHOENIX, AZ—The Federal Bureau of Investigation is warning the public about recent incidents in Arizona involving sextortion. The FBI is seeing cases that involve an adult coercing teenagers through social media into producing sexual images and videos online.

    Sextortion can start on any site where people meet and communicate. Through deception, manipulation, money and gifts, or threats, the predator convinces the young person to produce an explicit video or image. When the young person starts to resist requests to make more images, the criminal will use threats of harm or exposure of the early images to pressure the child to continue producing content.

    The FBI advises on these tips to help protect you online:

    1. Be selective about what you share online, especially your personal information and passwords. If your social media accounts are open to everyone, a predator may be able to figure out a lot of information about you.
    2. Be wary of anyone you encounter for the first time online. Block or ignore messages from strangers.
    3. Be aware that people can pretend to be anything or anyone online. Videos and photos are not proof that a person is who they claim to be.
    4. Be suspicious if you meet someone on one game or app and they ask you to start talking to them on a different platform.
    5. Be willing to ask for help. If you are getting messages or requests that don’t seem right, block the sender and report the behavior.

    If you believe someone you know has been a victim of sextortion, contact the FBI Phoenix Field office at (623)466-1999 or report the crime online at tips.fbi.gov.

    For more information about Sextortion, including resources for teens, schools, parents and caregivers click here: https://www.fbi.gov/news/stories/stop-sextortion-youth-face-risk-online-090319



  3. Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight


    Earlier this month, Red Canary detection engineers Wes Hurd and Jason Killam came across a strain of macOS malware using a LaunchAgent to establish persistence. Nothing new there. However, our investigation almost immediately revealed that this malware, whatever it was, did not exhibit the behaviors that we’ve come to expect from the usual adware that so often targets macOS systems. The novelty of this downloader arises primarily from the way it uses JavaScript for execution—something we hadn’t previously encountered in other macOS malware—and the emergence of a related binary compiled for Apple’s new M1 ARM64 architecture.

    We’ve dubbed this activity cluster “Silver Sparrow.”

    Thanks to contributions from Erika Noerenberg and Thomas Reed from Malwarebytes and Jimmy Astle from VMware Carbon Black, we quickly realized that we were dealing with what appeared to be a previously undetected strain of malware.

    According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany.

    Though we haven’t observed Silver Sparrow delivering additional malicious payloads yet, its forward-looking M1 chip compatibility, global reach, relatively high infection rate, and operational maturity suggest Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at a moment’s notice. Given these causes for concern, in the spirit of transparency, we wanted to share everything we know with the broader infosec industry sooner rather than later.

    The rest of this post will be organized into the following sections:

    • A technical analysis of two Silver Sparrow malware samples
    • An explanation of intelligence gaps and blindspots
    • Guidance on detection opportunities for Silver Sparrow
    • A list of indicators that we’ve encountered while investigating this threat


  4. No, not really.  That email address is only good if one finds a Web Site that is an Apple Phish or if if you if have a HTM or HTML email file attachment that, when rendered, becomes a Apple Phish and one discerns that it does a HTTP POST on harvested Apple related credentials.

    The email was not a Apple Phish.  As I wrote this is a variation of a Tech Support scam.  It wasn't even a scam in Apple's name as this was really in the name of Norton/LifeLock and Comcast/Xfinity.  It's not a scam on Apple. and we don't want to clog a Phishing email address with something like the above.

  5. Thank you.

    This is not a case of Phishing.  It is a variation of a Tech Support scam in the name of Norton™ LifeLock360 / Webroot® / Malwarebytes / McAfee® / Kaspersky .  Numerous forum members have posted about this type of scam.

    Please Reference:

    1. have received 3 scam emails about Malwarebytes account charges
    2. Fake Receipt?
    3. Your subscription for “Malware bytes Security” has been renewed.
    4. Phishing scam using malwarebytes subscription (cares@usorderreceipt02.co)

    Phishing is a process masquerading as a known entity where a web site, a PDF or other document uses content that emulates that entity and tries to get the victim to provide login credentials or Personally Identifiable Information (PII).  For example a compromised web Site may have content that looks like the legitimate Login for USAA.  However, it is all about harvesting a victims USAA account credentials.

    US FBI PSA - Tech Support Fraud
    US FTC Consumer Information -  Tech Support Scams
    US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio
    US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams
    Malwarebytes' Blog - Search on - "tech support scams"
    Malwarebytes' Blog - "Tech support scams: help and resource page"



    • Like 1
  6. New FTC Data Show Massive Increase in Romance Scams, $304M in Losses


    More consumers than ever report falling prey to romance scammers, according to new Federal Trade Commission data that show consumers reported losing a record $304 million to the scams last year.

    A newly released data spotlight shows that the amount consumers reported losing to romance scammers is up about 50 percent since 2019, and has increased more than fourfold since 2016.

    Scammers draw people in using pictures stolen from around the internet, building false personas that seem just real enough to be true, but always having a reason never to meet in person. Eventually, the supposed suitor will ask for money from the unwitting consumer. The impact can be major, with the median loss reported to the FTC being $2,500—more than ten times higher than the median loss across all other frauds.

    The COVD-19 pandemic has resulted in people staying physically distant, providing ample reason for consumers to look for relationships online and providing a swath of new reasons for scammers to use to put off meeting in person. 

    The spotlight notes that while many people report the romance scam started on a dating site or app, even more report that the scam originated from contact through social media. While the asks for money sometimes begin with a story about a medical emergency, consumers reporting the largest losses often said they believed the scammer had actually sent them money. Many people reported that these instances turned out to be elaborate money laundering schemes, such as for fraudulently obtained unemployment benefits.

    According to the spotlight, consumers most often report sending money to romance scammers by wire transfer or in the form of gift cards. Reports of gift cards used to pay romance scammers were up by nearly 70 percent over 2019.

    The FTC provides tips for consumers on how to spot romance scams and protect themselves at ftc.gov/romancescams


    • Like 1
  7. To sum this up...

    To make a real determination upon any email, we would need to see the email in RAW Format.  That is the email full header and body of the message in its raw, uninterpreted and non-rendered, state.

    How one retrieves that depends on the email client or web browser.  For example in AOL Webmail you open the intended email choose; More ---> View Message Source

    Without examining the RAW Email contents, everything is all speculation.

    The following is an example of a redacted email's Full Header from a US House of Representative's email in RAW Format...

    Received: from
     by atlas208.aol.mail.bf1.yahoo.com with HTTP; Thu, 18 Feb 2021 15:29:46 +0000
    Return-Path: <#########@mail.house.gov>
    Received: from (EHLO serg-bulk3-h.house.gov)
     by with SMTPs; Thu, 18 Feb 2021 15:29:46 +0000
    X-Originating-Ip: []
    Received-SPF: pass (domain of mail.house.gov designates as permitted sender)
    Authentication-Results: atlas208.aol.mail.bf1.yahoo.com;
     dkim=pass header.i=@house.gov header.s=august2019-msgb-hg;
     spf=pass smtp.mailfrom=mail.house.gov;
     dmarc=pass(p=NONE) header.from=mail.house.gov;
    X-Apparently-To: <redacted>; Thu, 18 Feb 2021 15:29:46 +0000
    X-YMailISG: ik7g2gwWLDufalaLfVs38U9Od7cHkh8V9jx_hvtiGwH4csCj
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=house.gov; h=message-id :
     list-unsubscribe : mime-version : from : to : date : subject :
     content-type; s=august2019-msgb-hg;
     pPZBnB3AgWTBRuaUgnvdhu2wJx+XNcHdjn5UdTWaMVZRPVscZdaygHI9NiI+yr/ivAsY gA== 
    Received: from FIRESIDESERV03 (firesideserv03.us.house.gov [])
    	by serg-bulk3-h.house.gov ( with ESMTP id 11IFTkXv013631
    	for <redacted>; Thu, 18 Feb 2021 10:29:46 -0500
    envelope-from: ########@mail.house.gov
    Errors-To: bounce@emanager.house.gov
    X-Errors-To: bounce@emanager.house.gov
    Message-ID: <T4sraud6emUE4yrVFPOL+4nARk5aNJ2r800E1vp2NM84FLH4rhPErpqC5xtTWHbvBsDpgQFgfCHmxpIGlkDW2Hp7QO2Bgi5s/isgQuL28S2684AuPTNI8MDv/4JbLSbshnczS8yrjO4jPXApEVzfjXYPoSDp3HYMikKSgaWChuZxeXBTkvz4sErrzShm9rp+@fireside21.com>
    X-House-Vendor-Seg: unmanaged
    List-Unsubscribe: <https://#########.house.gov/forms/emailsignup/?Delete=true&MessageID=539&Email=<redacted>&Submit=true>
    Precedence: bulk
    MIME-Version: 1.0
    From: "Congressman #######" <##########@mail.house.gov>
    To: <redacted>
    Date: 18 Feb 2021 10:29:46 -0500
    Subject: Join me Friday for a virtual veterans roundtable	
    Content-Type: multipart/alternative;
    X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369,18.0.761
     definitions=2021-02-18_06:2021-02-18,2021-02-18 signatures=0
    Content-Length: 12316



  8. It was like a hidden dialogue.  A Ghost.  You could see a window but it was white with no content and the scan did not occur.  However, I can't remember if there was an actual error message.  I had to kill that Ghost window or something like that and then "Open Malwarebytes" from the tray icon at which point I saw the 30 day security summary pop-up and what happened became apparent.  Once that was closed I could perform the Right-Click context scan of the intended folder.

    • Thanks 1
  9. In regards to;



    What’s New in 1.0.1173:

    • Onboarding wizard: Something went wrong page
    • Onboarding wizard: Forgot password
    • 30 day security summary pop-up
    • Improved detection and remediation     
    • Improved performance



    The 30 day security summary pop-up interferes with a Right-Click context scan of a file or folder.  MBAM generates errors while trying to conduct  scan until the dialogue is cleared.


    • Thanks 1
  10. The simple answer -- No.

    I'll compare it to having a bully in your neighbourhood.  You write poetry, sonnets and stories in notebooks.  That bully has gotten a hold of some of your writings.  Replacing the notebooks with new ones won't mitigate the issue.  You'd have to change your habits of how you store and move those notebooks around as well as any/all interactions with that bully.

    In your case understanding mitigating cyber threats and how you interact with technology is the key to your solution.  It begins with understanding what is a computer "virus" is and how it compares and is differentiated with trojans as well as Potentially Unwanted Programs (PUPs) and how one gets infected.  It will continue by understanding threats and having Situational awareness as well as understanding what constitutes "vulnerabilities" and exploitation of those vulnerabilities.

    In other words, the key to mitigating your problem is within you and not by simply changing hardware.

    • Like 1
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.