Jump to content

David H. Lipman

Experts
  • Content Count

    14,254
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. I thought I had seen you attempting to post in; Windows Malware Removal Help & Support but I saw your Post Count stay at "1". I don't know what you were doing but Kaspersky flagged a GZipe'd JavaScrpt which was flagged as "not-a-virus:HEUR:AdWare.Script.Generic". Associated with the session was Reimage Plus ( scamware that uses nefarious and unethical practices to promote sales ). Malwarebytes detects this software as "PUP.Optional.Reimage" and Kaspersky detects it as "HEUR:Hoax.Win32.PCRepair.gen". Please do start a thread in; Windows Malware Removal Help & Support and ask for your PC to be checked-out. Don't post the data that is located in this thread. Just reference in your new post, Post #3 of this thread.
  2. You are not a Guest. You are a member! Ask your question and we'll do our best to give you a good answer.
  3. The difference is a Home Use and being a Business. @bdg2 you are a Home User (aka; retail ) and not a business.
  4. RE: False Positive 247techies - December '18
  5. I don't understand what is meant by " whom Malware has noticed " so I'll keep this in General Terms. First we'll start with the overarching concept of malware which is the concatenation of terms MALicious and softWARE. There are three basic sub-types of malware; trojans, viruses and exploit code. 1. trojans - Trojans are the largest sub-type and contains many forms and variations. Trojans are malicious code that require assistance to "infect". It could be through explotation such as social Engineering or software exploitation. Some example type of trojans are; porn dialers, data and password stealers, trojanizers/patchers, backdoors and Remote Access Trojans ( RATs ), keyloggers, downloaders, injectors, Each may have sub-types of their own. For example there are QRATs and JRATs. 2. Exploits - Exploit code can be any kind of code that exploits a vulnerability or a functionality in an unintended fashion. For example a Wimad trojan exploits Windows Digital Rights Management ( DRM ). The Lovsan/Blaster worm was both a virus and used exploitation. It exploited a vulnerability in RPC/RPCSS and used TCP port 445 to infect a computer and spread the infection. 3. Viruses - Viruses are a kind of malicious code that is able to spread autonomously. Unlike a trojan which needs assistance to spread, a virus can infect data files, media, executable binaries and that can be used to spread the infection. Such as file to file or file to computer or file to media and media to computer. For example a file infecting virus may inject malicious code into an executable file. It may prepend, append or cavity inject the malicious code into a legitimate file. Once that file is infected it may spread the infection to other other files and computers. Two examples are the Virut and Sallity. Another form of virus used the boot sector of the older File Allocation Table ( pre-NTFS ) such as the NYB and Form viruses. The infected computer would pass the infection to a floppy which could then infect another computer when that floppy was read. Another form of virus is the Macro Virus. it took advantage of VB macros in Microsoft Office. If an infected document is opened then MS Office would be infected which would, in turn, infect non-infected documents. Those infected documents could infect other systems. This type of virus was one of the first to cross the OS barrier as long as MS Office was installed under that OS. [ Personally, I prefer calling them a parasite due to the fact it only "lives" in the MS Office environment. ] There are also sub-types of viruses such as worms. They, in-turn, also have sub-types such as internet worms, and AutoRun Worms. Internet Worms use TCP/IP protocols such as the Lovsan/Blaster using TCP port 445. Or it can use email ( SMTP ), NetBIOS over IP, SMB, NNTP, etc. AutoRun worms use the AutoRun and AutoPlay OS facility in removable media to spread from PC to media and from media. Some may combine aspects like the Lovsan/Blaster using both exploit code and being an Internet worm. Today the vast majority of malware are trojans. Due to newer constructs in Win32 and Win64 and NTFS, many viruses have died off. You won't see viruses like the Melissa virus anymore. ** Note that I have provided a Reader's Digest version of information in monologue and I have simplified the explanations.
  6. @danilka have you performed nadsdaq's request ?
  7. @GTampsYou want to use a Memory Card Reader in a Windows PC or a USB Memory Card Reader attached to a PC and read the file directory from there. Computer malware does not normalize a relative size to a JPEG to 475GB. If a file was truly that large it would not fit on a card. Let alone dozens of JPEGS. Chances are more likely to be a a bug in how the File Table is read and interpreted. By inserting the Memory Card in a PC it is up to the PC's OS to interpret the Memory Card's File Table.
  8. Associated like in, a web site or a file or an application.
  9. I suggest you post your query at the DD WRT Forums since you indicated that you applied it to your router.
  10. This is a Certificate that can't be verified via OCSP but you do not give any information on What this certificate is associated with.
  11. I don't think that's possible with SOHO equipment.
  12. Sorry. The reason however is the same. If there is something specific you needed changed. Contact an Administrator such as; AdvancedSetup
  13. Please reference: Editing our own posts?
  14. If that is IMAP connection and the Folder is a Subscribed IMAP folder that exist on the IMAP server, it may serve a "greater cause".
  15. Samuel what you describe in Post #4 is Bayesian spam filtering. There email marked as Junk or Spam are used to learn from and set filtering rules. The reason for this subject thread split-off was the concern of submitting spam for the purpose of having MBAM block a URL. That is a valid concern. However just because email is unsolicited and has a link can't be defined as "spam" in a industrial way. We have to look at the legitimacy of the email based upon the Can Spam Act. If an email contains a link and does not contain an Opt-Out mechanism as described by the Can Spam Act then it is for all intents and purposes it is "spam" and submitting the spam'd URL to Malwarebytes for the purpose of MBAM blocking it would be warranted. If however the email body does provide an Opt-Out mechanism, then the link's submission to Malwarebytes for being blocked by Malwarebytes is not ´╗┐warranted unless they have failed to honour the Opt-Out within the law's provisions. The above can be considered a "test" to help determine what should submitted to Malwarebytes for submission in; Newest IP or URL Threats.
  16. Don't use Web mail. Use an email client. If your email is has an email "List Subscription Manager" it will provide an easy may to unsubscribe based upon the email header line item "List-Unsubscribe:" Yes, a link to UNSUBSCRIBE is often used maliciously. Legitimate email that complies with the Can Spam Act will have a specific URL or some other mechanism. A nonconforming email will have a spam link that will be the same for the objective of the spam and the UNSUBSCRIBE link. NOTE: I am requesting Post #9 and my reply be split off to its own thread. Reference: https://sendgrid.com/blog/list-unsubscribe/
  17. I'm sorry, but you don't fully grasp the concept. These are web sites. The content emanates from the Internet and they are not generated from any software on your computer. As such there is nothing that can be "removed" from your computer. All the sites I visited where I generated Screen Captures and Videos from were by visiting recorded malvertising URLs that directed my Browser to the FakeAlerts. At best MBAM can block these sites if the site is known by Malwarebytes' blocked sites list. FakeAlerts are a sub-type of malicious advertisement or in short, a malvertisement. A malvertising URL is a web site who's purpose is to redirect people to malicious sites which includes, but not limited to, HTML.FakeAlerts, Fake Java updates and Fake Adobe Flash updates. If you get them fairly consistently, think about what web sites you are visiting when this happens. The web sites contain advertisements. Based upon whom the web site contracts out to advertise, a malvertisement may be intermixed with the regular advertisements or may be rotated-in. For example a couple of years back, I consistently received a Fake Mozilla Firefox update notification when visiting the Weather Channel web site. It was not due to any software on my PC, it was due to whom the Weather Channel had been allowing to advertise on their web site.
  18. 1. Chrome is a HTTP/HTTPS Browser not a PDF viewer unless you install a Chrome extension. It is designed for HTML and not the Portable Document Format. View a PDF in software that is designed for PDF files such as Adobe Reader. Such software does not cache data, it just renders the content. The Google Chrome Browser cache is located in the User's Profile. %AppData%\Local\Google\Chrome\User Data\Default\Cache 2. When it is cached-out. Data is cached out as old data is cycled and new data replaces it the time that takes is size dependent as well as how much you use the Browser. The smaller the cache size, the faster it will cache-out. If you have high speed Internet, you do not need a cache. 3. The naming is a function of the Browser. 4. You'll have to ask google. 5. Maybe. 6. See #4. Maybe another has better answers for Questions #4 ~ #6. If you are worried do NOT use Google Chrome, it is the data mining software for Google's business and its parent Alphabet. Use PDF related software such as Adobe Reader. If you download a PDF via a Browser, decrease the size of the Browser cache to a small size or don't cache at all. Browser caches were designed with Dial-up Networking in-mind.
  19. This is a web based fraud. In this case it is probably to goad you to buy some anti-malware software by demonstrating a fake scan of a computer and fraudulently indicating "viruses" were found. Example Video: Fake Scan of your PC I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  20. It is an Advertisement in Bing. It is not Malwarebytes' web site. Since it is identified as an Ad, blame the advertiser who profits from clicking on the link that goes to the Malwarebytes web site. I could not reproduce that result.
  21. Note. Any file can be named anything. What is the URL of the Virus Total Report requested in Post #4 ? You can submit this as a malicious suspect in; Newest Malware Threats referencing the following on how to provide sample submissions. Malware Hunters group Purpose of this forum
  22. OK. This is a subject matter called malvertising. Basically you have advertisers and marketing groups who lean to the dark side and subcontract advertisements to those who are on the dark side. They allow bad actors to use the service to advertise malicious sites which become malicious advertisements or in shortened terms, a malvertisement. A Malvertisement can be a site for Fake Updates or Fake Alerts. The Apple.Com example is a Fake Flash malvertisement. Here are some Fake Alert malvertisement examples. FakeAlert-Screens.pdf / Flash Version Since they are not dependent upon malware on a PC ( MAC, Windows, 'NIX, etc ) and they are solely based upon a web site, Malwarebytes' products can block access to said sites if they are in their blocked list. Submissions of such sites can be provided in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum
  23. Steganography is not a payload. Steganography is a methodology for the embedding of an object like a malicious executable binary within a graphic file. This would be a vehicle and not the result. One would need to have a utility to extract the embedded object from the graphic to begin with. That utility itself would be detected as a PUP or malware thus rendering the use of steganography as an inefficient malware delivery mechanism. Fake Flash, Fake Java and other Fake Software Update sites use Social Engineering as their ploy for the victim to directly download the intended software which can be really bad malware but mostly tend to be Potentially Unwanted Programs ( PUPs ) and Adware. Steganographic embedded graphic or media files may be used on a compromised web site to host malware to "hide in plain site" as an innocuous graphic or media file. Steganography is well used in spycraft. There one can embed proprietary and classified materials within seemingly innocuous graphic files and allow them to exfiltrate said material with little or no suspicion. Subsequently, using the extraction utility, the exfiltrated material could be examined outside of the targeted enclave.
  24. It is not that they are "unsecure" per se. It is just that there are HTTP links intermixed with HTTPS links. If you received a notification it is purely informative and not an indication that there is a security issue.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.