Jump to content

David H. Lipman

Experts
  • Content Count

    14,723
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. Yes, there is. But, we have to know the URL of the FakeAlert or other form of malvertisement for it to be blocked. This is done by submitting the URL in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum
  2. What I demonstrated in my reply are FakeAlerts which are classed as malicious advertisements or malvertisements. As such it is not about what software is on your PC but about what web sites you visit and one's browsing habits. For example there are certain porn sites that have a greater propensity to exhibit a FakeAlert. If you are on Windows, a Microsoft FakeAlert. If you are on an Apple iPhone or MAC, you will see an Apple FakeAlert. Then there are sites that don't care who they do business with when it comes to advertisement revenue. Or when one marketing company outsources to another. Then the malvertisement may be rotated in or randomly displayed. As I have explained in other discussions I have seen fake Mozilla Firefox update malvertisements emanating from the Weather Channel web site. There was a case where members visited AllMusic.com and on rare occasions they got a Microsoft FakeAlert. The reports were few and reproducing it was difficult but finally I was able to coax a Microsoft FakeAlert from a visitation. It was all discussed in This Thread. Reference: Post #20 I visited the WordPress site using a couple different browsers and so far I don't see any malvertisements. It does have advertisements I also noticed that there were many frames for ads that were empty and at the bottom of these frames were "Report this ad" and when I clicked on it, it changed to "Report submitted" so they may be place holders where malvertisement(s) may be eventually rotated in or randomly displayed. I'll keep trying to coax the site to produce a malvertisement. Many FakeAlerts are coded in such a fashion as it makes the PC run like a dog and act "weird". This is to lend credulity to their false claim there is something wrong. These sites may open multiple instances of the Browser. Thus you may think you have closed a Browser Window but the Browser is running an invisible instance. The way to truly close them out is to kill the firefox.exe processes. This is done by using the Windows Task Manager ( key sequence; "Ctrl" + "Alt" + "Del" keys ) and close all instances of firefox.exe until you don't see it listed any longer. This is done by placing the Cursor on firefox.exe and hitting "End Process" on each instance. Adware is software that resides on a system. If you want to alert the Blog Owner, indicate that you are experiencing malicious advertisements or malvertisements when you visit the site.
  3. Similar to these ? I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  4. First, wait until someone can help you fix the CDKey, MBAM licensing issue. Then you can go back the to the Windows Malware Removal Help & Support sub-forum to determine if you have a malware issue. SVCHOST.EXE is the Windows server of services and it will have multiple instances running at the same time. There are also situations where the Console Windows Host may also have multiple instances. Exile360 may be able to help you sort out the CDKey, MBAM licensing issue. Ping @exile360
  5. Let me remind you that there is most likely a Internet appliance that sits in between the PC using the Browser performing the test and GRC.Com that can affect that outcome. It must be taken into account.
  6. Feds Target $100M ‘GozNym’ Cybercrime Network GozNym Cyber-Criminal Network Operating out of Europe Targeting American Entities Dismantled in International Operation
  7. It already exists as Situational Awareness Training. Situational Awareness Training is a set of learned skills individuals and corporate entities can employ to improve each person's ability to identify and mitigate potential threats and to gain a conscious awareness of their physical and virtual surroundings. This can be understanding threats in the virtual world of constructs such as Phishing or in the physical world such as walking along a street with one's face buried in a Smart Phone or while using head phones ( ear buds ). One form of physical threat in an academic setting is the Situational Awareness Training of Active Shooter. This is the threat that an insider or an outsider may pose to the institution to carry out an armed killing spree.
  8. If anyone is worried, and they do NOT use RDP, they can specifically block TCP/UDP Port 3389 on a SOHO Router and in the Windows Firewall. This will prevent RDP and any Internet Worm ingress w/o modifications to the OS.
  9. Understanding STIR/SHAKEN - ( Secure Telephony Identity Revisited / Secure Handling of Asserted information using toKENs ) Public Key Infrastructure ( PKI ) for telephony. "Criminals and unscrupulous robocallers often alter the calling number of their outbound telephone calls in order to deceive the called party. This deception can be as simple as changing the calling number so it appears that a neighbor is calling. This deception increases the chance that the called party will answer a robocall. In other cases, the deception may be more malicious such as a fraudster impersonating an IRS agent in order to steal a tax refund. This practice of altering the calling number of a telephone call is known as spoofing. The Federal Communications Commission (FCC) has been encouraging the telecommunications industry to develop a solution to stop robocalls and spoofed calling numbers since 2014. The industry’s response has been to develop a new technology standard called STIR [1] (Secure Telephony Identity Revisited) and SHAKEN [2] (Secure Handling of Asserted information using toKENs) which defines how telephone service providers should implement the STIR technology to ensure calling numbers are not spoofed. How STIR/SHAKEN works STIR/SHAKEN uses digital certificates, based on common public key cryptography techniques, to ensure the calling number of a telephone call is secure. In simple terms, each telephone service provider obtains their digital certificate from a certificate authority who is trusted by other telephone service providers. The certificate technology enables the called party to verify that the calling number is accurate and has not been spoofed. The details of how SHAKEN uses public key infrastructure is explained in our whitepaper on Certificate Management for STIR/SHAKEN." https://transnexus.com/whitepapers/understanding-stir-shaken/
  10. The Windows Group Policy Editor, gpedit.msc, is native component only in Windows 10 Professional and Windows 10 Enterprise, and not the Home version.
  11. I don't believe there is one. MBAM does not enumerate all files and then scan them. MBAM just scans structures until they are completed.
  12. Thanx Ron. If it is a vulnerability on XP and Windows 7, Windows Vista is not affected ?
  13. One would have to view or let Outlook Preview an email that is stored in a PST. The email can't auto-perform this. Thus, this is most likely associated with the email InBox and not an email stored in a folder.
  14. Who knows. Perhaps the Romanian site was also known to be a Command and Control (C2) site associated with Ransomware but co-located on the same IP. But as I noted Romania is well documented as being associated with spam. That ties in more with email than Ransomware. What is often the case, it is MORE important to detect and block a given site than correctly classify or give a detection for a specific identification. For example a given malware may be detected generically or heuristically and not detected specifically as a particular family named trojan. Same goes for classification of a web site. I dealt with a site that was a Fraud site that was committing a DMCA violation by stealing another Forum's content but it was classified as "Phishing" and not "Fraud".
  15. That's correct. Outlook.exe would connect to a TCP port for SMTP, POP3 and/or IMAP. Otherwise, it could be an email that was received. Time is the key. What were you doing in email at the time the MBAM Pop-Up notification came to be?
  16. It is not evidence of malware because the external communication came from ...\Office16\OUTLOOK.EXE which is Microsoft Outlook email. But it is indicative of something that transpired within the email client and since it handles email, one presumes that it is sourced to a particular email message. If you can isolate the particular email message, delete it.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.