Jump to content

David H. Lipman

Experts
  • Content Count

    14,266
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. Steganography is not a payload. Steganography is a methodology for the embedding of an object like a malicious executable binary within a graphic file. This would be a vehicle and not the result. One would need to have a utility to extract the embedded object from the graphic to begin with. That utility itself would be detected as a PUP or malware thus rendering the use of steganography as an inefficient malware delivery mechanism. Fake Flash, Fake Java and other Fake Software Update sites use Social Engineering as their ploy for the victim to directly download the intended software which can be really bad malware but mostly tend to be Potentially Unwanted Programs ( PUPs ) and Adware. Steganographic embedded graphic or media files may be used on a compromised web site to host malware to "hide in plain site" as an innocuous graphic or media file. Steganography is well used in spycraft. There one can embed proprietary and classified materials within seemingly innocuous graphic files and allow them to exfiltrate said material with little or no suspicion. Subsequently, using the extraction utility, the exfiltrated material could be examined outside of the targeted enclave.
  2. It is not that they are "unsecure" per se. It is just that there are HTTP links intermixed with HTTPS links. If you received a notification it is purely informative and not an indication that there is a security issue.
  3. They seem to be dead links now. In the future, such sites can be submitted in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum
  4. Thanks. I have viewed so many FakeAlert sites it was relatively easy to get the screenshots. The hard ones were from other countries. They are added to show this is an International issue. I will add it. Obrigado This is a kind of malvertisement and does not come from your PC. It emanates from the Internet and exists as Browser based alerts and not something from some software on your PC. MBAM won't "catch it" for that reason. IFF Malwarebytes knows the URL of the FakeAlert it can be blocked so others will not see the malicious content.
  5. Similar to these ? I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version Reference: ----------------- US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  6. I'm sorry to hear that. If it is a problem, you'll have to contact Lenovo.
  7. I don't know what "Tails" is but... You verify the binaries by their checksum and by their Digital Signature if they are signed. The OS goes through an Online Certificate Status Protocol ( OCSP ) server that verifies its status such is if the Certificate was revoked. For example here is a windows based Malwarebytes file. What it shows in the file and its Properties which shows a Digital signatures Tab and the Certificates assigned to the binary. This shows expanded information of the certificate... This shows the Certificate Path from the Certificate Authority ( CA ) to the Publisher ( Malwarebytes ). Now you can see how Apple does an apple Development ID and how a Publisher's Certificate is used to authenticate the Authenticity and "trust" of an application.
  8. What do you mean "signature file" ? A file can be digitally signed and that's by applying a Digital Certificate embedded in the file as a Publisher's Certificate. An application can be digitally signed by embedding a Publisher's Certificate in the executable. There are no accompanying signature files. Anti malware signature files are not signed. Other than signing an executable some documents like a PDF can be digitally signed.
  9. None. The only affect to a printer is malware generated Print-Jobs spewing paper prints. What is the Make and Model of the printer in question ?
  10. OK. That shows your BIOS was 4KCN40WW where the latest BIOS is 4KCN45WW BIOS Update for Windows 7 (64-bit), Windows 8.1 (64-bit), Windows 10 (64-bit) - Legion Y520-15IKBN 4KCN45WW Reference: Lenovo Legion Y520-15IKBN NOTE: When installing BIOS do not be on battery, use the A/C Power Supply and do not interrupt the process.
  11. Please download HWinfo You can download the Portable version and run the 32bit or 64bit version accordingly. It will list parameters of your system including "Motherboard". Please go to that section and look for BIOS. It will identify the BIOS Date and Version. Please provide that. Example:
  12. There is one last suggestion I have. Are you willing to take one more step ?
  13. Some anti malware vendors may have activity maps & demographics, statistics and other information. Examples: https://cybermap.kaspersky.com/ https://threatmap.checkpoint.com/ThreatPortal/livemap.html https://www.avira.com/en/threats-landscape
  14. What do you mean "registered" like in a catalogue or encyclopedia ?
  15. I hope that whatever Engine is used is applied to Virus Total because the detections on Virus Total does not match what MBAM detects.
  16. Please completely remove the Audio Software and Driver combo from the Control Panel applet, Programs and Features and then Reboot. Then re-install the latest software https://download.lenovo.com/consumer/mobiles/bcyc05af06wg.exe Reference: Lenovo Legion Y520-15IKBN
  17. What is the Make and Model of the platform in question ?
  18. A note to my non-contrarian friend. My replacement installation was made on-top-of a pre-existing CU 508 install.
  19. One simple bug. Prior to version replacement, Context Menu item "Scan with Malwarebytes" was enabled and present. After the version replacement, Context Menu item "Scan with Malwarebytes" was enabled but was NOT present. Had to toggle the setting for the Context Menu [ Disable and then Enable ] for it to again be present.
  20. Mechanically, there will be wear and tear. Printers are mechanical devices with motors and gears and it is inevitable. Depending on the Make and Model, the printer may have a ink overflow reservoir to absorb excess ink. I had to send an Epson in for service because its pads had become saturated and it refused to even scan If you use a printer to such a degree that it requires a continuous ink feed system then this is something that one may expect and it may be a good idea to have it serviced. This would be Preventative Maintenance just to make sure gears, friction pads and other mechanical parts are not worn out as well as an ink absorbtion pads are replaced.
  21. Please reference the following on how to provide sample submissions such that Malwarebytes' Anti-Malware (MBAM) can detect targeted but presently undetected threats. Malware Hunters group Purpose of this forum This is already detected my MBAM as Trojan.Injector Reference: https://www.bleepingcomputer.com/forums/t/651855/scarab-mich78-ransomware-scarab-scorpio-mich78usacom-support-topic/
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.