Tag Archives: The Register

The FBI and VPNFilter

Updates to Internet of (not necessarily necessary) Things

The Register: FBI to World+Dog: Please, try turning it off and turning it back on – “Feds trying to catalogue VPNFilter infections”

FBI alert: Foreign cyber actors target home and office routers and networked devices worldwide

Sophos commentary: FBI issues VPNFilter malware warning, says “REBOOT NOW” [PODCAST]

Comprehensive article (of course!) from Brian Krebs: FBI: Kindly Reboot Your Router Now, Please

Updates to GDPR page

Sophos: Ghostery’s goofy GDPR gaffe – someone’s in trouble come Monday!

 

David Harley

Advertisements

Intel gives up and Microsoft tries again…

Updates to Meltdown/Spectre – Related Resources

[April 4 2018] John Leyden for The Register: Badmins: Magento shops brute-forced to scrape card deets and install cryptominers

April 2nd/3rd 2018 updates

Updates to Anti-Social Media 

[2nd April 2018] Facecrooks: Facebook Is Making Its Privacy Settings Easier To Find

[3rd April 2018] John Leyden for The Register: One solution to wreck privacy-hating websites: Flood them with bogus info using browser tools – Chad Loder is quoted as saying “The internet ought to “route around” known privacy abusers, shifting from passive blocking of cookies, host names, and scripts to a more active deception model. ” Lots of other useful commentary.

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Mac Virus

‘Android action updates’

David Harley

16th March 2018 resources updates

Added to the AMD section of the Meltdown/Spectre resource page, which for administrative reasons has now been moved here

Added to the Intel section:

John Leyden waxes satirical at Intel’s expense in The Register: Intel: Our next chips won’t have data leak flaws we told you totally not to worry about – “Meltdown, Spectre-free CPUs coming this year, allegedly”

Added to the Microsoft/Windows section:

Richard Chirgwin for The Register: Microsoft starts buying speculative execution exploits – “Adds bug bounty class for Meltdown and Spectre attacks on Windows and Azure”

David Harley

Ransomware in decline?

Iain Thompson for The Register: Good news, everyone: Ransomware declining. Bad news: Miscreants are turning to crypto-mining on infected PCs – Screw asking for digi-coins. Craft ’em on 500,000 computers

Well, I don’t have immediate access to current ransomware statistics, so I don’t know how significant this decline is, but I’ve certainly seen a dramatic drop in the amount of information specific to ransomware families. As there isn’t a lot of more generic commentary that says anything new (about how to protect yourself from ransomware, for instance), there’s probably going to be less ransomware-related content on this site.

As you may have noticed, I’ve already added a resource page related to Meltdown/Spectre CPU issues: whether I’ll add other pages (rather than one-off articles) in the near future depends on how the threatscape evolves in the next few weeks. And, as always, how well I manage my limited work time!

David Harley

Coercive Messaging

It’s not all about tech support scams, but Microsoft’s announcement about beefing up detection of ‘coercive messaging’ in Windows Defender is certainly related to some approaches used by tech support scammers, such as the use of malware that directs victims to a scam-friendly ‘helpline’.

Coercive messaging? As indicated in Microsoft’s evaluation criteria for malware and unwanted software,  that would be messages that ‘display alarming or coercive messages or misleading content to pressure you into paying for additional services or performing superfluous actions.’ That includes exaggerating or misrepresenting system errors and issues, claiming to have a unique fix, and using the well-worn scamming technique of rushing the victim into responding in a limited time-frame.

Certainly that’s all characteristic of the way that fake tech support is monetized, but it’s also characteristic of the lower-profiled but persistent issue of useless ‘system optimizers’.

Microsoft’s article actually strongly resembles some of the hot potatoes topics addressed by the Clean Software Alliance, which describes itself as ‘a self-regulatory organization for software distribution and monetization’. Unsurprisingly, since Microsoft had a great deal to do with the launching of the initiative. Anyway, it covers a great many issues that are well worth considering. I don’t think Microsoft and Windows Defender will be able to fix all these problems all on its/their own, but any movement in this direction is a Good Thing.

Shorter article focused more on coercive messaging from Barak Shein, of the Windows Defender Security Research Team: Protecting customers from being intimidated into making an unnecessary purchase.

Commentary by Shaun Nichols for The Register: Windows Defender will strap pushy scareware to its ass-kicker machine – Doomed: Junkware claiming it can rid PCs of viruses, clean up the Registry, etc

On behalf of the security industry, which provides a large chunk of my income, maybe I should stress that not all programs that claim to rid PCs of viruses are junkware. 🙂 But perhaps it’s worth remembering that the difference between legitimate and less legitimate marketing is sometimes paper-thin. And talking about papers, here’s one on that very topic. 🙂 However, since that ESET paper for an EICAR conference goes back to 2011, maybe I should consider revisiting the topic.

David Harley

Ransomware scammers scammed…

…but that doesn’t help the victims.

John Leyden for The Register: Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery

So the victim pays the original scammer via the onion[.]top  Tor proxy, but another scammer redirects the payment via a Man-in-the Middle attack to their own Bitcoin account, so even if the scammer was intending to give the victim the decryption key for their files, it’s unlikely that he/she/it will if the payment never reaches him/her/it because some other scumbag got to it first. Charming.

Based on a blog post from Proofpoint: Double dipping: Diverting ransomware Bitcoin payments via .onion domains

David Harley

 

‘AdultSwine’ – Android malware with a dirty mind

The Register: ‘Mummy, what’s felching?’ Tot gets smut served by Android app – Google’s Play Store fails again

Actually, I didn’t know about felching, either, and I wish I hadn’t looked it up.

Based on Checkpoint’s blog article Malware Displaying Porn Ads Discovered in Game Apps on Google Play. Checkpoint says that this is a triple-threat attack: it may display ads that are often (very) pornographic, engineer users into installing fake security apps, and/or induce them to register with premium services.

David Harley

Tech Support Scammers Target BT Customers

Well, this isn’t the first time. But a report by Kat Hall for The Register suggests that some of the scammers may have more information about potential victims than they should. Which makes me wonder whether there’s a leak similar to that affecting TalkTalk customers. I’ve certainly been contacted in the past by BT sales people who were clearly not based in the UK.

I don’t know whether there’s been such a leak at BT, of course. However, it’s not unknown for people working in legitimate support to be also implicated in some way in support scamming, whether by leaking data or by working in a call centre that encourages scam calling as well as offering legit support for legit organizations. And it’s hard to police that kind of activity.

That article by Kat Hall: Indian call centre scammers are targeting BT customers – In some cases fraudsters knew their mark’s personal details

David Harley

Tech support scams – FTC offers money back…

…well, there’s no foolproof way of doing that (getting your money back, that is), unfortunately. But Shaun Nichols reports for The Register that FTC ready to give back tech support scamming money to the bilked.

“Those who have been identified as eligible by the FTC will get an email from the commission with a PIN number that can be used to obtain the claim forms. In order to claim a share of the payout, consumers will have to fill out a claim before October 27.”

The article does, very sensibly, point out the risk that scammers will use the FTC’s initiative as a springboard for further scams. Unfortunately, I can’t predict exactly what form such scams will take, but I’d be surprised if they don’t happen…

The Federal Trade Commission’s own press release is here: FTC Announces Refund Process for Victims of Deceptive Tech Support Operation.

It states:

Eligible consumers bought tech support products and services between April 2012 and November 2014 from Advanced Tech Support, which also used the name Inbound Call Experts. Consumers will have until October 27, 2017 to submit a request for a refund.

David Harley