Jump to content

David H. Lipman

  • Content Count

  • Joined

  • Days Won


Everything posted by David H. Lipman

  1. GermanWiper Ransomware Erases Data, Still Asks for Ransom "Multiple German companies were off to a rough start last week when a phishing campaign pushing a data-wiping malware targeted them and asked for a ransom. This wiper is being named GermanWiper due to its targeting of German victims and it being a destructive wiper rather than a ransomware. The malware was first reported on the BleepingComputer forum on Tuesday, July 30 and users soon learned after examining their files that it is a data wiper, despite it demanding a ransom payment. No data recovery After compromising a computer and deleting files, GermanWiper leaves a ransom note indicating that the data was encrypted and would not be decrypted unless BTC 0.15038835 is transferred to a listed bitcoin address. Even if a victim pays the ransom, the money is wasted because the malware does not encrypt the data but overwrites it with zeroes and ones, destroying it, according to security researcher Michael Gillespie. The first sample seen by security researchers was built on Monday, July 29. The ID Ransomware service started to receive submissions the same day, a little after 10 AM CEST, MalwareHunterTeam told BleepingComputer. The end of the work week (Friday, August 2) saw the highest number of ID Ransomware submissions for GermanWiper indicating that the campaign had hit plenty of targets. After that day, the number dwindled to less than 20."
  2. Its a good read for all of us to understand about email "Headers" and using them to corroborate received email. Xiexie ni
  3. Please note that I am not a member of Staff. They are Malwarebytes' employees. I am not an employee. I'm just a Forum Member like you but I am in the Forum's Experts group.
  4. What you have demonstrated is you received a Microsoft FakeAlert and you ALLOWED a fraudster access to your computer. That was a mistake. First I suggest going to the Credit Card company and putting into Dispute any/all charges stemming from the fraud based incident. You may want that Credit Card canceled and a new card issued as well. Then I suggest having your PC checked out. Just to make sure there is nothing lingering. Please read; I'm infected - What do I do now? and then create a post in; Windows Malware Removal Help & Support requesting to have your PC checked out after falling for a Tech Support scam initiated by a Microsoft FakeAlert. - - - - I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version They are all a kind of malicious advertisement ( aka; malvertisement ). Using Task Manager and Killing the; Edge, IExplorer, Chrome, Firefox, etc, processes is very effective once you are affected by these FakeAlerts. Right now, to block it means Malwarebytes needs to know the URL to block. If you can provide the URL it can be added to the list for Malwarebytes sites to block. Submissions of suspect and malicious URLs can be performed in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum Malwarebytes is creating Beta versions of Browser Add-Ins for Chrome and Firefox to deal with FakeAlerts and other frauds. But as noted, they are still Beta versions. Browser Add-On references: Malwarebytes Browser Extension for Chrome (Beta) Malwarebytes Browser Extension for Firefox (beta) Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  5. Just install Windows Updates until there are no more Security updates to be installed.
  6. Yes. Please note that the Malware Removal Help section of the Forum is for those whose systems are actually infected or believe their systems are and requesting assistance to get their systems cleaned-up and not for general queries. Therefore I have requested Forum Admins. move this thread to; General Chat
  7. It was mitigated in a Microsoft June '16 Security Update. https://support.microsoft.com/en-us/help/3165191/ms16-077-security-update-for-wpad-june-14-2016 This is not really a home user risk and it is associated equally to WiFi as Ethernet. One should not worry about a particular risk but worry about all risks and must look at securing their platform from a holistic position. This begins with properly applying OS Security Updates as they are issued.
  8. The False Positive sub-forum is for False Positive declarations made by Malwarebytes' software and not for declarations made by other vendors. You submitted three Virus Total Report URLs for detections not showing a Malwarebytes detection. One was for a Visual Basic Encoded ( VBE ) file which isn't even targeted by Malwarebytes. The first submission was made on 2017-12-31 and has a low detection rate. Without accessing the file itself a determination can't be fully made but it may be legitimate but I can't be sure. A malicious VBE would be expected to have many more detections than that shown for a file known to Virus Total ( and associated vendors ) over this time frame. The other two files are file types targeted by Malwarebytes but their first submission goes way back to 2010. Files that have been known to Virus Total ( and associated vendors ) over this long a time frame that arre malicious would have many more detections so they are most likely False Positive declarations. In the future please restrict False Positive queries to those made specifically by Malwarebytes' software.
  9. Please do not respond to the sender ( assuming the address is valid ). Don't forget to check your email addresses at; https://haveibeenpwned.com/ to see where the password was harvested from in a site breach.
  10. The Microphone is an input device and a Microphone Port on a notebook or desktop are input ports. Playback is done through an output device or port. Speakers and headphones are output or playback devices and the line-out is an output port. Playing a MP3 file of a recorded soundbite is performed by software such as VideoLAN VLC Player and Windows Media Player What is the make and model of the Windows 10 computer you are using ?
  11. https://www.virustotal.com/gui/file/8600ba10c1fbc209e01c963b1d46538ef3ac9a257918fa822b66a1c27022b000/detection permissionresearch.zip permissionresearch.dmg had 19 detection 1 month ago and now it has 21 detections of mostly OnionSpy or a variation thereof.
  12. It's relevant to how they got a password for an understanding how it can be used to manipulate victims of a breach.
  13. Don't forget to check your email addresses at; https://haveibeenpwned.com/
  14. Yes - scam. See; FYI: Email Ransom Scam still current for samples of similar email. Delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. This is most likely how they know the password. From a breach and not from your PC being compromised. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email.
  15. They mean nothing. The final one is just that the site uses the Microsoft CryptoAPI to obtain a DER encoded X509 Certificate from the Comodo Security Solutions, Inc., Online Certificate Status Protocol ( OCSP ) server and the site communicates over SSL. https://docs.microsoft.com/en-us/windows/win32/secauthn/secure-channel GET ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D User-Agent: Microsoft-CryptoAPI/6.1
  16. You misinterpret the report. There is nothing physically malicious in that report. No exploit code found, no malicious content and no malware being dropped - Nothing! As I stated it is nothing but a shill site for obtaining affiliate revenue for pointing site viewers to SpyHunter. https://www.virustotal.com/gui/url/8003c0f828d7d61c2ffd34ac448d4dc9e9fa28d15d60020e2a61019566b76c98/detection EDIT: From the index.html of that page obtained with WGET. https://www.virustotal.com/gui/file/b3d26f8a92f3779405403db7e93c151b2871d169838b0bb100e1a133af877698/detection
  17. There are Usenet News Groups ( NNTP ) and some Web Forums that act as a Front-End to Usenet that will show up in Google Groups as Google Groups is Google's HTTP/HTTPS front-end to Usenet. There is no way to "fix" it.
  18. Now that you were identified to have been in more than one breach and they password was used on more than one site, the job is not to repeat passwords used on different sites. Each site should have a unique password that is a Strong Password. You would have to contact any/all sites you know longer want and tell the Administrator(s) of said sites to cancel the accounts you hold with them. Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Ransom Scam still current
  19. I'm not characterizing the videos one way or another, I am thinking about Cookies ( not your IP ) being used to target you with specific content. I suggest giving the below a shot, it can't hurt, only help. http://www.networkadvertising.org/choices/ http://www.aboutads.info/choices/ Google Account Activity Controls
  20. You must mean Pussy Russo. I remember when his head got blown off at the <redacted>.
  21. On the far chance this could be based upon Ads targeted through advertiser Cookies, try to use the following services to Opt-Out of Interest Based Advertising and Targeted Advertising. http://www.networkadvertising.org/choices/ http://www.aboutads.info/choices/
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.