Jump to content

David H. Lipman

Experts
  • Content Count

    14,876
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. You mean that non malicious, WikiMedia, web site that hosts legitimate sound bites ? Why do you think it is a malicious site that you have to worry about their sound bites ? If you thought it was malicious, why did you post the site so it is a live, clickable, link ? Think !
  2. Is this still a Beta or is it an official release ? ( same with Chrome )
  3. Malwarebytes - it is just a one word name. Steganography - https://en.wikipedia.org/wiki/Steganography " Steganography (/ˌstɛɡəˈnɒɡrəfi/ (listen) STEG-ə-NOG-rə-fee) is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos (στεγᾰνός), meaning "covered or concealed", and graphe (γραφή) meaning "writing". " Graphic files manipulated through steganography or mathematical manipulation are not executable. Graphic files are rendered. That means a program, utility or a OS construct opens the file and displays the graphic accordingly. Such a file will still be rendered and the graphic shown. It may be a low quality graphic or it may me very simplistic for its physical size but rendering it will not cause a malicious binary that was embedded within to be executed. This takes an external file whether it be a a Script ( VBScript, Powershell, Python, etc ) or a utility that has been hard coded to take the manipulated graphic file and extract the malicious binary and execute it. A graphic file that has been specifically crafted to exploit a vulnerability in a graphics rendering engine is another story. But it is still not an auto executable situation. For example a malicious web site may be setup to host the Graphic file that has been created to exploit a graphics rendering vulnerability. When the graphic is viewed by the victim, the web site will attempt to take advantage of the chaos created by the graphics rendering vulnerability and exploit it where the web site causes a malicious executable to be downloaded and run. Alternatively this may be done in a specially crafted MS Word or MS Excel document which uses take advantage of the chaos created by the graphics rendering vulnerability and exploit and cause an embedded ( OLE ) malicious executable to be run or a VB Script to download a malicious executable and then run it. The important takeaway is that a graphic file can be malicious in nature but without external assistance can't infect a computer with malware. It will take that external assistance for it to take place. In the initial post it was specifically asked about "Google Images". Here the external assistance could be the Browser in conjunction with a malicious web site. While Malwarebytes products will not detect a malicious graphic via signature detection, its web protection module coupled with its exploitation protection module will mitigate that kind of threat.
  4. How "what" exactly works ? You quoted a post that touches; vulnerability exploitation, steganography and hiding malware in plain site by adding it to a graphic file.
  5. Gimmicks promote sales ( but not efficacy ).
  6. Please avoid such shady sites. The site that supposedly indicates what the DLL is, is not about the information. It about pushing crapware. It is using the name of the DLL as its ploy to goad one into the crapware installation. https://www.virustotal.com/gui/file/b1d4caaf30643bd13f61b790c8a51003d996ee82171d2ee649b7accf7cdd31f0/detection
  7. I don't have access to files on VT anymore so can't examine it and so I have no clue what it does.
  8. Besides being known to Virus Total since 2013, and thus too old for Malwarebytes signature creation, it is a trojan and not a virus.
  9. @Muschel I'm glad to hear that. Thank you for the update.
  10. If you willy-nilly Browse the Internet you can possibly land on a malicious web site using an Exploit and cause malware to be downloaded with a possible execution. Your Profile indicates " Interests: Malware analyzing " so you should be well aware that all viruses are malware and not all malware are viruses and viruses play a very small fraction within the malware arena. The vast majority of malware are trojans and the chances of a malicious web site using an Exploit to cause download and possible execution will be for a trojan, and not a virus. Putting it back into perspective, if you are just using Google Images this will not be too likely. It is possible but not probable and because that possibility exists, is the reason we install anti malware software on our computers. Graphic files in themselves are not malicious per se. The web site hosting it can be and that's why you always have to be on your guard. Graphic files come in many formats such as GIF, PNG, JPEG, BMP, PCX and other formats. There have been graphic files that have been crafted in such a way as to exploit known vulnerabilities in the Graphics Rendering module of MS Windows. Left unpatched, that's one way a site using an Exploit can effect a malware download with a possible execution. Graphic files can also be used to hide malware "in plain site". The Graphic File can be manipulated in such a way as where a PE binary is appended to the graphic or mathematically added ( Example: XOR ) or by using steganography. In that state the modified graphic file is safe and will not "self execute" and it will require a secondary program or script to extract the PE binary which is the malware.
  11. It has a time scaled histogram selector. You grab it and look at the time and stop when appropriate. It does have some Hot-Keys but no Fast Forward or Rewind Button. https://www.vlchelp.com/vlc-media-player-shortcuts/
  12. BEC Scam Costing Almost US$11 Million Leads to FBI Arrest of Nigerian Businessman "The chief executive officer (CEO) of the Invictus Group of Companies, Obinwanne Okeke, has reportedly been arrested by the U.S. Federal Bureau of Investigation (FBI) after he was accused of conspiracy to commit computer and wire fraud. The FBI investigation into Okeke was initiated after a victim of a business email compromise (BEC) scam informed the FBI that it had been defrauded of nearly US$11 million. According to an affidavit from FBI Special Agent Marshall Ward, who spearheaded the investigation, a phishing email was sent to the chief financial officer (CFO) of Unatrac Holding Limited, the UK-based export sales office for the construction equipment company Caterpillar. The email contained a URL leading to a spoofed webpage asking for the login credentials of the CFO’s Microsoft Office 365 account. Once the CFO entered his credentials, the attackers managed to gain access to all the contents of the CFO’s Office 365 account, from emails to digital files. The CFO’s email account was then used to issue fund transfer requests to Unatrac’s financial department. The scam involved fake invoices featuring the corresponding company logos and templates to make the emails seem more legitimate. The attackers even went so far as to send emails from an external account to the CFO’s account, which were then forwarded to the finance team, and created and changed filter rules to intercept legitimate emails and mark them as read. Between April 11 and 18, 2018, employees of the Unatrac financial department issued 15 payments totaling nearly US$11 million, with some of the payments going to the same account. The affidavit mentioned that the CFO’s account was accessed at least 464 times using Nigerian IP addresses. The attackers also downloaded files from the CFO’s account, with one of the downloaded files being sent to a Gmail address. Further investigation by the FBI revealed that the email was used for other fraudulent schemes. Ward managed to obtain records from Google, which allowed the FBI to link the email to another email address. The second email address was connected to a forum account that eventually led the FBI to conclude that Okeke is part of the BEC scam."
  13. Refers to; CVE-2019-13615 VideoLAN VLC was just updated to v3.0.8 but CVE-2019-13615 does not seem to have been addressed. https://www.videolan.org/developers/vlc-branch/NEWS However according to this, the issue has been fixed. https://trac.videolan.org/vlc/ticket/22474
  14. That's not entirely true. If you can see an image, it is an image file, and MBAM stops there. However the file can be manipulated such as a PE binary appended to the graphic or mathematically added ( Example: XOR ) or can be a case of steganography. I recently looked at a Chinese data stealing trojan that downloaded assistive modules, from BAIDU, that were supposedly a JPEG ( identified by the string JFIF in the binary header ) but further into the binary was appended a PE executable. It was that Chinese data stealing trojan that would strip off the JPEG from the PE contents. Thus allowing the add-on malware modules to "hide in plain sight". MBAM will only look at the first two characters and see if it is marked by 'MZ' and if it isn't, it will pass scrutiny even if at a given Offset there is an appended PE binary. Off course in that state the modified graphic is safe and will not "self execute" and will require a secondary program or script to extract the PE binary.
  15. What software you use to scan an object would be dependent upon what the intention is. As noted the Brother MFC is a TWAIN compliant All-in-One ( AIO ) so any TWAIN compliant software can be used. If I want to scan a photo to a JPEG, I may use PhotoShop Elements or XnView. If I am Word Processing a document I may write the document with LibreOffice Writer and then scan the object directly within the document. If I wanted to do Optical Character Recognition ( OCR ) I may use Adobe Acrobat or PaperPort. However, to do any of the above, the computer must be able to communicate with the scanner either over TCP/IP or USB. It is the job of the MFC's TWAIN software to act as middle-ware in this function and it has no idea how the scanner is connected until it is told what IP Address the MFC is setup on or to use USB. As I noted that is performed with the Control Center program and from your Desktop ScreenShot, I see it as the icon in the System Tray labeled; CC3 ( ControlCenter3 ). https://support.brother.com/g/s/id/htmldoc/mfc/cv_mfc9120cn/encn/html/sug/chapter3.html
  16. If I understand this correctly, you have a Brother MFC-J615W AIO colour inkjet. You tried to SCAN over IP - It failed. You reconnected the Brother MFC using USB. You then tried to SCAN over USB - It failed. Often when you use third party software it is dependent upon a TWAIN driver. The Brother MFC is TWAIN compliant Usually there is a way to configure the TWAIN software to connect to its associated scanner. Specifically identify the connection with the IP Address or via USB. I don't have a Brother AIO in front of me but this is often a Utility in the Brother StartMenu and/or is performed with the Control Center icon in the Windows System Tray. EDIT: Example: Below is the Utility for Epson Scan Settings. Note the choices; Local and Network.
  17. The FavIcon shows on two different Windows 7 PCs of mine using two different Firefox versions.
  18. State Farm hit by data breach "State Farm – the largest property and casualty insurance provider in the US - has been compromised in a credential stuffing attack. The firm acknowledged the cyberattack, filing a data breach notification with the California Attorney General, and on Wednesday (August 07), it sent out “Notice of Data Breach” emails to users whose online account log-in credentials were obtained by a bad actor. The insurer’s data breach notification email read: “State Farm recently detected an information security incident in which a bad actor used a list of user IDs and passwords obtained from some other source, like the dark web, to attempt to access to State Farm online accounts. During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.” This type of cyberattack is called credential stuffing. Attackers will buy or take usernames and passwords that were leaked from other companies’ data breaches and they will try to use those credentials to log-in to other accounts and sites. It works well against people who use the same password for lots of different sites – something many people are in the habit of doing."
  19. You can't mix the Input Ports and the Output Ports together as that would create a Feedback Loop.
  20. I think Over Arching enmasse fraudsters rake in Millions. This action was just one action taken against one of many fraudsters who is based in the US. Unfortunately many are from "another" country.
  21. https://public.tableau.com/profile/federal.trade.commission#!/vizhome/DoNotCallComplaints/Maps
  22. FTC Sending Refunds to Victims of Tech Support Scam "The Federal Trade Commission is sending refund checks and PayPal payments totaling more than $802,000 to 12,140 consumers as part of a settlement with the operators of a St. Louis-based scam that tricked consumers into buying unnecessary technical support services. Eligible consumers paid for tech support products and services from Global Access Technical Support, which also used the names Global sMind, Global S Connect, Yubdata Tech, and Technolive. The FTC alleged the defendants worked with affiliate marketers to place pop-up ads that falsely claimed the consumer’s computer was infected with viruses or malware. The ads urged consumers to immediately call a toll-free number for help. When consumers called the number, they were connected to telemarketers who falsely claimed to be affiliated with Microsoft or Apple. The telemarketers claimed they needed remote access to consumers’ computers to diagnose the problem. Once given access, the telemarketers tricked consumers into believing that harmless directories on their computers were evidence of problems that required immediate repair. Consumers who receive a check from the FTC should deposit or cash the checks within 60 days, as indicated on the check. For the first time, the FTC is also sending refund payments via PayPal to consumers for whom the agency does not have a mailing address. Consumers will have 30 days to accept the PayPal payment. The FTC’s consumer blog post provides more details about how the refund process will work. The average refund amount is $66. The FTC never requires people to pay money or provide account information to cash a refund check. If recipients have questions about the refunds, they should contact the FTC’s refund administrator, Analytics, at 844-881-1379."
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.