Jump to content

Google Search


Recommended Posts

Hello Miss/Mister and thank you very much,

 

‼️ I HAVE TO WARN CYBERSECURITY OF SOMETHING IMPORTANT THAT I NOTICED : WHEN YOU DO ANY GOOGLE SEARCH THERE ARE VERY, VERY, OFTEN DANGEROUS SITES IN THE LAST PAGES OF THE SEARCH. FOR EXAMPLE :

https://www.google.be/search?q=porn+tube&sxsrf=AJOqlzV78SO-DI7EXyUBaJ5R0QOdn-xDwQ:1673927521693&ei=YRvGY4fuKZ2s5NoPnoO_yAs&start=100&sa=N&ved=2ahUKEwjHor362c38AhUdFlkFHZ7BD7kQ8tMDegQIBxAG&biw=1398&bih=817&dpr=1 

 

shutterstock_505066678-scaled.jpg

Link to post
Share on other sites

This is not a malicious URL that can be added to a Malwarebytes product so I moved this thread to General Chat which is open to discussions.

Some notes ...

  1. There are various techniques that actors may use to raise a malicious or nefarious URL to a higher search rank
  2. Sex sells.  Sex in its many forms and representations is one of the oldest ploys for advertising and malvertising.  Sex is used very often in Social Engineering  and it is very effective.
  3. Researchers are well aware that they can data-mine Google Searches for malicious and nefarious content as this is a well discussed subject matter and many Blogs and Articles are of numerous  documented schemes, events and campaigns.
  4. Many forms of malicious and nefarious intent target Sex. 
    • To sell you a product. 
    • To goad one into a money scam. 
    • To make you a victim to pay for your sins. 
    • To infect you with malware.

 

 

 

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
  • Like 1
Link to post
Share on other sites

Hello David and any other Experts in this subject.

Are you able (at this time) to tell me if MBAM scans deep enough to find these hidden "end of code" add-ons.

I do a deep scan with ESET Online every month just to cover these types of programs, but that takes up to 1hour depending on current circumstanstances.

MBAM still scans in 5 minutes at the most. Is this enough.

Thank You

  • Like 1
Link to post
Share on other sites

I have both AdBlock and Malwarebytes Browser Guard extensions in my Firefox - and so I don't see any of those Google ads, fake ones or not.
OK they might show for half a second before being hidden by the adblockers.

I'm slightly surprised that that 'experienced' blogger who supposedly got infected and all his data and cryptocurrency stolen wasn't using any adblocker?
I'd be more inclined to believe that he deliberately went looking for malware thinking he could cope with it, and messed up.
(Or that he hasn't lost anything, and it's all a story/exaggeration to make a point?)

TBH even on a machine without any adblocking installed I wouldn't click on one of the Google ads, just scroll down and find the software developers own site for whatever I'm looking to download.

Link to post
Share on other sites

The term " 'experienced' blogger" means little.  All it means is that they write to a portal a lot.  It doesn't mean that are compu-literate and have Situational Awareness to use the software described to limit their exposure.

I'm not surprised at all as people run the gamut of experiences and knowledge.  Just like so many think all malware are "viruses".  The just don't know.

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites

Got it.  Deliberately bloating an EXE aka; padding.  Yes this is an issue.  We see files like that all the time where they are bloated to thwart engine signature detection.

Often you can take a 700MB bloated EXE file and place it in a ZIP archive and achieve 99% compression.    You can see such a file below...

Image.thumb.jpg.67e5f42451f2ae2a11bfe04235ed3107.jpg

 

Unfortunately such a file is too big for MBAM and wouldn't be detected by signature.  However the paid-for version of MBAM employs its Anti Exploitation module on the malicious activity such a file may pose.  Therefore the paid-for version of MBAM wouldn't default to a static detection only.  Thus Right-Click Malwarebytes scan a file or folder or normal scan would not detect the file.  If the file is accidentally or deliberately launched then the dynamic activity would be examined and malicious activity thwarted.

Bottom line, a scan in the paid-for or free version will not detect the file but the paid-for version would protect the user if the Anti Exploitation module is Enabled.

NOTE:  The above file exampled in the Graphic of WinZIP is even too big for Virus Total.  To get the below Report, it had to be submitted in the ZIP file.
https://www.virustotal.com/gui/file/1b9467efa1ed6fc01bb75220b4fd46b3f5446d8bebddc1ad88466861081d0cde/detection

The characteristic of file bloating is in itself a heuristic of a malicious file.

EDIT:

Below shows the examination of the ~780MB file;  BrowserNew.exe  in the ZIP file.  This file was analyzed and it is another RedLine Stealer like what was mentioned in the YouTube video

 

 

 

 

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
  • Thanks 2
Link to post
Share on other sites

Hello @David H. Lipman:

It appears as if the “powers that be” need to increase the maximum working filesize of their products and services to accommodate this bloating/padding technique.

In the meantime, isn't VirusTotal still mostly neutered by our uploading .zip and .rar containers?

Thank you.

  • Like 1
Link to post
Share on other sites

I can not speak for Malwarebytes but it is my "understating" it is under discussion and consideration.

Submitting Archive files to Virus Total skews the results and the data generated is based upon the file(s) within archive container and not the malware or suspect files themselves.  There are heuristic detections that are based solely on types of files in an archive.  There are many types of Archive files.  ZIP and RAR being the most common and the standard ZIP file remains the PKzip format.  Thus these two types of archives are generally commonly covered by anti virus/anti malware (AV/AM) Engines in general and those implemented on Virus Total specifically.  However when one deviates from ZIP and RAR archives there is a less adoption by Virus Total specific AV/AM Engines which can further hinder results.  We see that in malicious emails where the less common formats are used as email attachments that contains malicious files.  This thwarts AV/AM detections on many email system.  Often we'll see such email attachments sent to Virus Total Report such as an ISO file.  It will show a low detection rate.  When the malware is extracted from the lesser used archive format and submitted, there will generally be a much higher detection rate.  This can also be true for some types of archive file formats that have many versions or variations such as CAB (CABinet) files.

In summation, it is always best to submit files in their native format and not within an archive file format to Virus Total.  However when a file is bloated beyond Virus Total's maximum submission file size, there is no choice but to submit the suspect file in a compressed file format archive with ZIP being the primary choice and RAR secondary.  It should also be done with a singular file in the archive and not multiple files.  Having multiple files in the archive also skews the results.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
  • Like 1
  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.