Jump to content

David H. Lipman

  • Content Count

  • Joined

  • Days Won


Everything posted by David H. Lipman

  1. Q: Is it better to have more e-mail accounts, or fewer (or even 1)? Have as many as you want or as few as you want. It is not better or worse. It is whatever works for you, Q: Obviously I should use different passwords everywhere. But what about logins? Should I use a different login on every website/app? Yes. Reduce victimization by being less predictable. Q: Personal details I enter on various websites should be fake whenever possible, I presume? Enter NO personal details. Q: Creating accounts on online stores (like Amazon, E-bay, Aliexpress, local ones and alike). Is it okay to have an account (which obviously will have to have my real details, including my address) or should I use "guest" accounts whenever it is possible? Guest when possible and don't store Credit Card with the site. When possible, don't even create an account. Q: Malwarebytes Web[somethingDon'tRememberExactly] extension. Should I use it and is there any benefit to me using it if I already have Malwarebytes Premium? Yes. They are no longer Beta and act on web sites other than what Malwarebytes Premium does. Q: VPN. Should I use it? If yes, when should I use it? Yes. But the VPN provider must be fully vetted as what you are blocking others from seeing, THEY ( the VPN provider ) will see. VPNs are only needed if you use a mobile platform and jump onto Public WiFi. Q: If yes, which ones could be considered best/safest ones (I was looking into Windscribe)? I don't have an answer but I am sure another responder will.
  2. So, how is the End User supposed to know where to go ?
  3. It is a malvertisement and is web based and not based upon what's on your device. However, the malvertising web site will use the device's User-Agent and GeoIP to perform victim specific targeting.
  4. That's what I mean. Is F/P reporting now bifurcated ? If it is, I suggest a F/P Reporting sub-forum in Malwarebytes Browser Guard specifically for Browser Extension Add-Ons.
  5. Are F/P Reporting for web sites intended to be bifurcated between here and Malwarebytes Browser Guard - ( Chrome and Firefox ) ?
  6. You mean that non malicious, WikiMedia, web site that hosts legitimate sound bites ? Why do you think it is a malicious site that you have to worry about their sound bites ? If you thought it was malicious, why did you post the site so it is a live, clickable, link ? Think !
  7. Is this still a Beta or is it an official release ? ( same with Chrome )
  8. Malwarebytes - it is just a one word name. Steganography - https://en.wikipedia.org/wiki/Steganography " Steganography (/ˌstɛɡəˈnɒɡrəfi/ (listen) STEG-ə-NOG-rə-fee) is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos (στεγᾰνός), meaning "covered or concealed", and graphe (γραφή) meaning "writing". " Graphic files manipulated through steganography or mathematical manipulation are not executable. Graphic files are rendered. That means a program, utility or a OS construct opens the file and displays the graphic accordingly. Such a file will still be rendered and the graphic shown. It may be a low quality graphic or it may me very simplistic for its physical size but rendering it will not cause a malicious binary that was embedded within to be executed. This takes an external file whether it be a a Script ( VBScript, Powershell, Python, etc ) or a utility that has been hard coded to take the manipulated graphic file and extract the malicious binary and execute it. A graphic file that has been specifically crafted to exploit a vulnerability in a graphics rendering engine is another story. But it is still not an auto executable situation. For example a malicious web site may be setup to host the Graphic file that has been created to exploit a graphics rendering vulnerability. When the graphic is viewed by the victim, the web site will attempt to take advantage of the chaos created by the graphics rendering vulnerability and exploit it where the web site causes a malicious executable to be downloaded and run. Alternatively this may be done in a specially crafted MS Word or MS Excel document which uses take advantage of the chaos created by the graphics rendering vulnerability and exploit and cause an embedded ( OLE ) malicious executable to be run or a VB Script to download a malicious executable and then run it. The important takeaway is that a graphic file can be malicious in nature but without external assistance can't infect a computer with malware. It will take that external assistance for it to take place. In the initial post it was specifically asked about "Google Images". Here the external assistance could be the Browser in conjunction with a malicious web site. While Malwarebytes products will not detect a malicious graphic via signature detection, its web protection module coupled with its exploitation protection module will mitigate that kind of threat.
  9. How "what" exactly works ? You quoted a post that touches; vulnerability exploitation, steganography and hiding malware in plain site by adding it to a graphic file.
  10. Gimmicks promote sales ( but not efficacy ).
  11. Please avoid such shady sites. The site that supposedly indicates what the DLL is, is not about the information. It about pushing crapware. It is using the name of the DLL as its ploy to goad one into the crapware installation. https://www.virustotal.com/gui/file/b1d4caaf30643bd13f61b790c8a51003d996ee82171d2ee649b7accf7cdd31f0/detection
  12. I don't have access to files on VT anymore so can't examine it and so I have no clue what it does.
  13. Besides being known to Virus Total since 2013, and thus too old for Malwarebytes signature creation, it is a trojan and not a virus.
  14. @Muschel I'm glad to hear that. Thank you for the update.
  15. If you willy-nilly Browse the Internet you can possibly land on a malicious web site using an Exploit and cause malware to be downloaded with a possible execution. Your Profile indicates " Interests: Malware analyzing " so you should be well aware that all viruses are malware and not all malware are viruses and viruses play a very small fraction within the malware arena. The vast majority of malware are trojans and the chances of a malicious web site using an Exploit to cause download and possible execution will be for a trojan, and not a virus. Putting it back into perspective, if you are just using Google Images this will not be too likely. It is possible but not probable and because that possibility exists, is the reason we install anti malware software on our computers. Graphic files in themselves are not malicious per se. The web site hosting it can be and that's why you always have to be on your guard. Graphic files come in many formats such as GIF, PNG, JPEG, BMP, PCX and other formats. There have been graphic files that have been crafted in such a way as to exploit known vulnerabilities in the Graphics Rendering module of MS Windows. Left unpatched, that's one way a site using an Exploit can effect a malware download with a possible execution. Graphic files can also be used to hide malware "in plain site". The Graphic File can be manipulated in such a way as where a PE binary is appended to the graphic or mathematically added ( Example: XOR ) or by using steganography. In that state the modified graphic file is safe and will not "self execute" and it will require a secondary program or script to extract the PE binary which is the malware.
  16. It has a time scaled histogram selector. You grab it and look at the time and stop when appropriate. It does have some Hot-Keys but no Fast Forward or Rewind Button. https://www.vlchelp.com/vlc-media-player-shortcuts/
  17. BEC Scam Costing Almost US$11 Million Leads to FBI Arrest of Nigerian Businessman "The chief executive officer (CEO) of the Invictus Group of Companies, Obinwanne Okeke, has reportedly been arrested by the U.S. Federal Bureau of Investigation (FBI) after he was accused of conspiracy to commit computer and wire fraud. The FBI investigation into Okeke was initiated after a victim of a business email compromise (BEC) scam informed the FBI that it had been defrauded of nearly US$11 million. According to an affidavit from FBI Special Agent Marshall Ward, who spearheaded the investigation, a phishing email was sent to the chief financial officer (CFO) of Unatrac Holding Limited, the UK-based export sales office for the construction equipment company Caterpillar. The email contained a URL leading to a spoofed webpage asking for the login credentials of the CFO’s Microsoft Office 365 account. Once the CFO entered his credentials, the attackers managed to gain access to all the contents of the CFO’s Office 365 account, from emails to digital files. The CFO’s email account was then used to issue fund transfer requests to Unatrac’s financial department. The scam involved fake invoices featuring the corresponding company logos and templates to make the emails seem more legitimate. The attackers even went so far as to send emails from an external account to the CFO’s account, which were then forwarded to the finance team, and created and changed filter rules to intercept legitimate emails and mark them as read. Between April 11 and 18, 2018, employees of the Unatrac financial department issued 15 payments totaling nearly US$11 million, with some of the payments going to the same account. The affidavit mentioned that the CFO’s account was accessed at least 464 times using Nigerian IP addresses. The attackers also downloaded files from the CFO’s account, with one of the downloaded files being sent to a Gmail address. Further investigation by the FBI revealed that the email was used for other fraudulent schemes. Ward managed to obtain records from Google, which allowed the FBI to link the email to another email address. The second email address was connected to a forum account that eventually led the FBI to conclude that Okeke is part of the BEC scam."
  18. Refers to; CVE-2019-13615 VideoLAN VLC was just updated to v3.0.8 but CVE-2019-13615 does not seem to have been addressed. https://www.videolan.org/developers/vlc-branch/NEWS However according to this, the issue has been fixed. https://trac.videolan.org/vlc/ticket/22474
  19. That's not entirely true. If you can see an image, it is an image file, and MBAM stops there. However the file can be manipulated such as a PE binary appended to the graphic or mathematically added ( Example: XOR ) or can be a case of steganography. I recently looked at a Chinese data stealing trojan that downloaded assistive modules, from BAIDU, that were supposedly a JPEG ( identified by the string JFIF in the binary header ) but further into the binary was appended a PE executable. It was that Chinese data stealing trojan that would strip off the JPEG from the PE contents. Thus allowing the add-on malware modules to "hide in plain sight". MBAM will only look at the first two characters and see if it is marked by 'MZ' and if it isn't, it will pass scrutiny even if at a given Offset there is an appended PE binary. Off course in that state the modified graphic is safe and will not "self execute" and will require a secondary program or script to extract the PE binary.
  20. What software you use to scan an object would be dependent upon what the intention is. As noted the Brother MFC is a TWAIN compliant All-in-One ( AIO ) so any TWAIN compliant software can be used. If I want to scan a photo to a JPEG, I may use PhotoShop Elements or XnView. If I am Word Processing a document I may write the document with LibreOffice Writer and then scan the object directly within the document. If I wanted to do Optical Character Recognition ( OCR ) I may use Adobe Acrobat or PaperPort. However, to do any of the above, the computer must be able to communicate with the scanner either over TCP/IP or USB. It is the job of the MFC's TWAIN software to act as middle-ware in this function and it has no idea how the scanner is connected until it is told what IP Address the MFC is setup on or to use USB. As I noted that is performed with the Control Center program and from your Desktop ScreenShot, I see it as the icon in the System Tray labeled; CC3 ( ControlCenter3 ). https://support.brother.com/g/s/id/htmldoc/mfc/cv_mfc9120cn/encn/html/sug/chapter3.html
  21. If I understand this correctly, you have a Brother MFC-J615W AIO colour inkjet. You tried to SCAN over IP - It failed. You reconnected the Brother MFC using USB. You then tried to SCAN over USB - It failed. Often when you use third party software it is dependent upon a TWAIN driver. The Brother MFC is TWAIN compliant Usually there is a way to configure the TWAIN software to connect to its associated scanner. Specifically identify the connection with the IP Address or via USB. I don't have a Brother AIO in front of me but this is often a Utility in the Brother StartMenu and/or is performed with the Control Center icon in the Windows System Tray. EDIT: Example: Below is the Utility for Epson Scan Settings. Note the choices; Local and Network.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.