Jump to content

David H. Lipman

Experts
  • Content Count

    14,107
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by David H. Lipman

  1. This is a web based fraud. In this case it is probably to goad you to buy some anti-malware software by demonstrating a fake scan of a computer and fraudulently indicating "viruses" were found. Example Video: Fake Scan of your PC I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  2. It is an Advertisement in Bing. It is not Malwarebytes' web site. Since it is identified as an Ad, blame the advertiser who profits from clicking on the link that goes to the Malwarebytes web site. I could not reproduce that result.
  3. Note. Any file can be named anything. What is the URL of the Virus Total Report requested in Post #4 ? You can submit this as a malicious suspect in; Newest Malware Threats referencing the following on how to provide sample submissions. Malware Hunters group Purpose of this forum
  4. OK. This is a subject matter called malvertising. Basically you have advertisers and marketing groups who lean to the dark side and subcontract advertisements to those who are on the dark side. They allow bad actors to use the service to advertise malicious sites which become malicious advertisements or in shortened terms, a malvertisement. A Malvertisement can be a site for Fake Updates or Fake Alerts. The Apple.Com example is a Fake Flash malvertisement. Here are some Fake Alert malvertisement examples. FakeAlert-Screens.pdf / Flash Version Since they are not dependent upon malware on a PC ( MAC, Windows, 'NIX, etc ) and they are solely based upon a web site, Malwarebytes' products can block access to said sites if they are in their blocked list. Submissions of such sites can be provided in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum
  5. Steganography is not a payload. Steganography is a methodology for the embedding of an object like a malicious executable binary within a graphic file. This would be a vehicle and not the result. One would need to have a utility to extract the embedded object from the graphic to begin with. That utility itself would be detected as a PUP or malware thus rendering the use of steganography as an inefficient malware delivery mechanism. Fake Flash, Fake Java and other Fake Software Update sites use Social Engineering as their ploy for the victim to directly download the intended software which can be really bad malware but mostly tend to be Potentially Unwanted Programs ( PUPs ) and Adware. Steganographic embedded graphic or media files may be used on a compromised web site to host malware to "hide in plain site" as an innocuous graphic or media file. Steganography is well used in spycraft. There one can embed proprietary and classified materials within seemingly innocuous graphic files and allow them to exfiltrate said material with little or no suspicion. Subsequently, using the extraction utility, the exfiltrated material could be examined outside of the targeted enclave.
  6. It is not that they are "unsecure" per se. It is just that there are HTTP links intermixed with HTTPS links. If you received a notification it is purely informative and not an indication that there is a security issue.
  7. They seem to be dead links now. In the future, such sites can be submitted in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum
  8. Thanks. I have viewed so many FakeAlert sites it was relatively easy to get the screenshots. The hard ones were from other countries. They are added to show this is an International issue. I will add it. Obrigado This is a kind of malvertisement and does not come from your PC. It emanates from the Internet and exists as Browser based alerts and not something from some software on your PC. MBAM won't "catch it" for that reason. IFF Malwarebytes knows the URL of the FakeAlert it can be blocked so others will not see the malicious content.
  9. Similar to these ? I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version Reference: ----------------- US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  10. I'm sorry to hear that. If it is a problem, you'll have to contact Lenovo.
  11. I don't know what "Tails" is but... You verify the binaries by their checksum and by their Digital Signature if they are signed. The OS goes through an Online Certificate Status Protocol ( OCSP ) server that verifies its status such is if the Certificate was revoked. For example here is a windows based Malwarebytes file. What it shows in the file and its Properties which shows a Digital signatures Tab and the Certificates assigned to the binary. This shows expanded information of the certificate... This shows the Certificate Path from the Certificate Authority ( CA ) to the Publisher ( Malwarebytes ). Now you can see how Apple does an apple Development ID and how a Publisher's Certificate is used to authenticate the Authenticity and "trust" of an application.
  12. What do you mean "signature file" ? A file can be digitally signed and that's by applying a Digital Certificate embedded in the file as a Publisher's Certificate. An application can be digitally signed by embedding a Publisher's Certificate in the executable. There are no accompanying signature files. Anti malware signature files are not signed. Other than signing an executable some documents like a PDF can be digitally signed.
  13. None. The only affect to a printer is malware generated Print-Jobs spewing paper prints. What is the Make and Model of the printer in question ?
  14. OK. That shows your BIOS was 4KCN40WW where the latest BIOS is 4KCN45WW BIOS Update for Windows 7 (64-bit), Windows 8.1 (64-bit), Windows 10 (64-bit) - Legion Y520-15IKBN 4KCN45WW Reference: Lenovo Legion Y520-15IKBN NOTE: When installing BIOS do not be on battery, use the A/C Power Supply and do not interrupt the process.
  15. Please download HWinfo You can download the Portable version and run the 32bit or 64bit version accordingly. It will list parameters of your system including "Motherboard". Please go to that section and look for BIOS. It will identify the BIOS Date and Version. Please provide that. Example:
  16. There is one last suggestion I have. Are you willing to take one more step ?
  17. Some anti malware vendors may have activity maps & demographics, statistics and other information. Examples: https://cybermap.kaspersky.com/ https://threatmap.checkpoint.com/ThreatPortal/livemap.html https://www.avira.com/en/threats-landscape
  18. What do you mean "registered" like in a catalogue or encyclopedia ?
  19. I hope that whatever Engine is used is applied to Virus Total because the detections on Virus Total does not match what MBAM detects.
  20. Please completely remove the Audio Software and Driver combo from the Control Panel applet, Programs and Features and then Reboot. Then re-install the latest software https://download.lenovo.com/consumer/mobiles/bcyc05af06wg.exe Reference: Lenovo Legion Y520-15IKBN
  21. What is the Make and Model of the platform in question ?
  22. A note to my non-contrarian friend. My replacement installation was made on-top-of a pre-existing CU 508 install.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.