Posted by: David Harley | March 23, 2018

A brief history of Stephen Hawking

Well, not exactly.

For Malwarebytes, Chris Boyd reports on a more than usually inept 419 scam that makes a feeble attempt to capitalize on the recent death of the esteemed physicist/cosmologist with a ‘quiz’.

“Celebrating Stephen Hawking” with a 419 scam

It’s hard to imagine many people falling for this one, but the article is worth a read anyway.

David Harley

Posted by: David Harley | March 20, 2018

Bomb hoax targeting schools

If I had a separate category for ‘miscellaneous extortion’ this hoax might belong there. Not just a hoax, but one that centres on extortion, though it looks as if the point is to embarrass/harass the apparent sender of the extortion email (the Michigan company VELT)  rather than actually make a direct profit from extortion. The company’s CEO told the BBC that the attacker was probably a Minecraft player who had been banned from using the Veltpvp server, by way of revenge.

The BBC: School bomb threats: Disgruntled Minecraft gamer ‘behind hoax’

The Guardian: School bomb threats: more than 400 schools in England receive hoax warnings “Police say threats contained in emails are not credible and evacuations are unnecessary.”

The Telegraph: Hackers target more than 400 schools with  bomb hoax.

David Harley

Posted by: David Harley | March 7, 2018

SANS tips on using social media

I’m not as convinced by SANS as the complete authority on all security issues as SANS is. But the latest ‘OUCH! newsletter offers reasonable (if basic) advice: Top Tips to Securely Using Social Media. Sadly, I can’t say there isn’t a need for such advice…

If this level of advice would be useful to you or perhaps to people to whom you offer advice or support, there’s an archive and invitation to subscribe here.

David Harley

Posted by: David Harley | March 2, 2018

Tearing your hair out at hacker hoaxes

Sophos: Facebook’s see yourself bald app: extreme hackers or extreme hoax?

Snopes: Are Hackers Stealing Private Information via ‘What Would You Look Like Bald’ Facebook Apps? “Viral warnings about “extreme hackers” stealing information via popular entertainment apps on Facebook are false and misleading.”

And here’s Facebook’s overview of what information apps can really collect.

David Harley

Posted by: David Harley | February 22, 2018

Guns, hoaxes and propaganda

Mostly, I keep my thoughts on gun control to myself – on social media, at any rate – except when spammed by the NRA, which hasn’t happened lately. Let’s just say that I find it hard to empathize with gun culture, but realize that the US is a very different country to the one in which I grew up, and I’ve grown weary of the to-and-fro misrepresentation of shooting statistics that seems to dominate the arguments on Facebook and elsewhere.

However, the still-spreading meme that identifies Democrats rather than conservatives or NRA members as implicated in assassination attempts and other shootings looks very much like an example of political propaganda that dovetails into the hoaxes that were the original target of this web site. And I would at least recommend that you check the facts before spreading it.

Here’s an analysis from Snopes: Is this List of Democrat Shooters Accurate? concludes that “A viral list of dozens of shootings purportedly committed by Democrats is based on faulty, inaccurate, and unsubstantiated claims.”

David Harley

Posted by: David Harley | February 22, 2018

SecureList article on tax scams

Kaspersky’s Nadezhda Demidova contributes an exhaustive article on tax scams – all too familiar a topic at this time of year: Tax refund, or How to lose your remaining cash

Summary: “Every year, vast numbers of people around the globe relish the delightful prospect of filling out tax returns, applying for tax refunds, etc. Given that tax authorities and their taxpayers are moving online, it’s no surprise to find cybercriminals hard on their heels.”

Specifically addresses information relevant to the US, Canada, UK and France as well as other countries.

Some other relevant (older) articles from ESET – other vendors and blogs are available, but I can lay hands on these easily for obvious reasons. (In fact, I’ve just been looking them up for an ESET-related project.)  🙂


David Harley

Posted by: David Harley | February 22, 2018

Avast: Android APT delivered via Facebook

Avast: Social engineering used to trick Facebook users into downloading Advanced Persistent Threat disguised as Kik Messenger app.

Apparently, the fake FB profiles from ‘attractive but fictitious women’ lure victims into downloading spyware the company calls Tempting Cedar Spyware.

Commentary by Danny Palmer for ZDnet here: Hacking group used Facebook lures to trick victims into downloading Android spyware

“At least three fake social media accounts posing as young women have encouraged victims into downloading highly invasive Android malware.”

David Harley

Posted by: David Harley | February 8, 2018

Another Facebook hoax

Lisa Vaas, for Sophos, tells us that a Facebook hoax claims:

Guess what, friends…. Facebook’s algorithm now chooses your 26 FB friends. If you can read this, please leave me a “hi,” whatever, so you will appear in my news feed.

Feel free to copy and paste on your wall, too, if you want to see more than FB’s algorithmic selection. FB shouldn’t choosing my friends. 

Here’s the Sophos article: Facebook HOAX! New algorithm will NOT only show you 26 friends

Another version of the hoax claims that:

I checked Snopes… And yes it’s TRUE…

Well, of course it isn’t. And Snopes is eager to point out that it isn’t.

Does a New Facebook Algorithm Only Show You 26 Friends?  “Facebook hasn’t limited your feed to only a certain number of people, and sharing a post saying otherwise won’t make any difference.”

Sadly, hoaxers discovered long ago that lots of people check possible hoaxes with Snopes, and try to persuade them that Snopes says white is black. More often than not, chain letters/emails and their equivalents on social media are dubious and often downright wrong. Check for yourself rather than take some anonymous person’s word for it. And yes, Snopes is an excellent place to start checking.

David Harley

Posted by: David Harley | February 8, 2018

Tech support scammers ‘lock’ Chrome

[Also posted to AVIEN.]

For Malwarebytes, Jérôme Segura continues to fight the good fight against support scammers by warning us that ‘Tech support scammers find new way to jam Google Chrome.’ (If you saw this when it first appeared, note that it has been updated since.) By abusing an API, the scammers manage to freeze the browser in the hope that users will be panicked into calling the fake ‘helpline’ advertised on the pop-up or pop-under that accompanies the freeze.

However, he observes:

Since most of these browser lockers are distributed via malvertising, an effective mitigation method is to use an ad-blocker. As a last resort, the Windows Task Manager will allow you to forcefully quit the offending browser processes.

David Harley

Posted by: David Harley | February 1, 2018

Coercive Messaging and Windows Defender

[Also published at AVIEN]

It’s not all about tech support scams, but Microsoft’s announcement about beefing up detection of ‘coercive messaging’ in Windows Defender is certainly related to some approaches used by tech support scammers, such as the use of malware that directs victims to a scam-friendly ‘helpline’.

Coercive messaging? As indicated in Microsoft’s evaluation criteria for malware and unwanted software,  that would be messages that ‘display alarming or coercive messages or misleading content to pressure you into paying for additional services or performing superfluous actions.’ That includes exaggerating or misrepresenting system errors and issues, claiming to have a unique fix, and using the well-worn scamming technique of rushing the victim into responding in a limited time-frame.

Certainly that’s all characteristic of the way that fake tech support is monetized, but it’s also characteristic of the lower-profiled but persistent issue of useless ‘system optimizers’.

Microsoft’s article actually strongly resembles some of the hot potatoes topics addressed by the Clean Software Alliance, which describes itself as ‘a self-regulatory organization for software distribution and monetization’. Unsurprisingly, since Microsoft had a great deal to do with the launching of the initiative. Anyway, it covers a great many issues that are well worth considering. I don’t think Microsoft and Windows Defender will be able to fix all these problems all on its/their own, but any movement in this direction is a Good Thing.

Shorter article focused more on coercive messaging from Barak Shein, of the Windows Defender Security Research Team: Protecting customers from being intimidated into making an unnecessary purchase.

Commentary by Shaun Nichols for The Register: Windows Defender will strap pushy scareware to its ass-kicker machine – Doomed: Junkware claiming it can rid PCs of viruses, clean up the Registry, etc

On behalf of the security industry, which provides a large chunk of my income, maybe I should stress that not all programs that claim to rid PCs of viruses are junkware. 🙂 But perhaps it’s worth remembering that the difference between legitimate and less legitimate marketing is sometimes paper-thin. And talking about papers, here’s one on that very topic. 🙂 However, since that ESET paper for an EICAR conference goes back to 2011, maybe I should consider revisiting the topic.

David Harley

Older Posts »