tag:blogger.com,1999:blog-18697195.post4935422203071243657..comments2023-12-09T05:49:32.261+01:00Comments on Paul Cobbaut's blog: another Microsoft virus...Paul Cobbauthttp://www.blogger.com/profile/12690770983694921987noreply@blogger.comBlogger14125tag:blogger.com,1999:blog-18697195.post-49316496482175360952011-05-08T14:56:49.706+02:002011-05-08T14:56:49.706+02:00My mother fell for this and actually downloaded an...My mother fell for this and actually downloaded an executable from it, but thankfully told me about it before she ran it.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-18697195.post-25708204619890688022011-05-08T10:35:44.865+02:002011-05-08T10:35:44.865+02:00Not only does that link still work after being rep...Not only does that link still work after being reported, but it seems that they've crafted a Mac version of the page as well. Going to that link from Safari on a Mac launched a Finder-like window reporting all these issues with my machine, as well as downloading anti-malware.zip and I'd say it would be enough to fool a non-technical user for sure.kaihttps://www.blogger.com/profile/03675538969081301816noreply@blogger.comtag:blogger.com,1999:blog-18697195.post-29401725086440680192011-05-08T07:04:06.779+02:002011-05-08T07:04:06.779+02:00This is scary, I opened that link on my Mac and I ...This is scary, I opened that link on my Mac and I got a Aua-fied snapshot of a faked trojan analysis. Safari downloaded MacProtector.mpkg immediately and OS X opened the installer. Of course you're still prompted for your password, but still, very sophisticated...<br /><br />http://dl.dropbox.com/u/11966925/Faked-analysis.png<br /><br />http://dl.dropbox.com/u/11966925/Trojan.pngJorge Blasiohttps://www.blogger.com/profile/12463080998348193949noreply@blogger.comtag:blogger.com,1999:blog-18697195.post-55156196730410369912011-05-08T06:29:58.777+02:002011-05-08T06:29:58.777+02:00I love the window title:
"wait a minute! thi...I love the window title:<br />"wait a minute! this is important - we check your device"<br /><br />Yes, please, you check my device. If they ever get a grasp of English, we're really screwed.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-18697195.post-31661805215882784992011-05-08T06:27:54.286+02:002011-05-08T06:27:54.286+02:00I love the window title, though:
"wait a minu...I love the window title, though:<br />"wait a minute! this is important - we check your device"<br />Once they figure out how English works, we'll be *really* screwed!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-18697195.post-32608439895895517912011-05-08T05:36:56.161+02:002011-05-08T05:36:56.161+02:00I just tried this on my linux system. When I ran i...I just tried this on my linux system. When I ran it, it used the mozilla, something is really bad charcoal background with red inset as the scanner (As per anonymous comment 3). I was amazed and actually scared for a moment, that it identified my system correctly. Then it wanted me to download an exe, and all my fears went away. Next thing I thought I'd try was User Agent Switcher to IE 6. Then I got the page described in the post.<br /><br />This is interesting, as if anyone has used http://panopticlick.eff.org, JavaScript will give a lot more information, even with the fake user agent, that would allow the site to fairly accurately identify the system it is running on. Probably the biggest give-away would be the high occurrence of the 'IcedTea' keyword. Also included would be the 'Totem' keyword, many lib* files, and finally this line: 'Plugin 7: iTunes Application Detector; This plug-in detects the presence of iTunes when opening iTunes Store URLs in a web page with Firefox'Yorknoreply@blogger.comtag:blogger.com,1999:blog-18697195.post-42157422422232426182011-05-08T04:46:30.982+02:002011-05-08T04:46:30.982+02:00That was impressive.
The graphics were slick, t...That was impressive. <br /><br />The graphics were slick, the scroll bars even worked correctly - far fancier than just popping up with a 'you have new mail picture'.<br /><br />The finished result was an EXE called InstallInternetProtection_696.exe. I could easily imagine even moderately savvy windows users being tricked into running it.<br /><br />Scary.Corrin Lakelandhttps://www.blogger.com/profile/07725510935359076116noreply@blogger.comtag:blogger.com,1999:blog-18697195.post-57680873240439195092011-05-08T04:03:43.286+02:002011-05-08T04:03:43.286+02:00Testing it on Mac OS X using Safari it will auto d...Testing it on Mac OS X using Safari it will auto download and try to run a package, MacProtector.mpkg.Patrickhttps://www.blogger.com/profile/09735674081409733170noreply@blogger.comtag:blogger.com,1999:blog-18697195.post-51186989908167413242011-05-08T03:50:44.923+02:002011-05-08T03:50:44.923+02:00I've gotten this whilst browsing on an iPhone....I've gotten this whilst browsing on an iPhone. Seriously, a C: drive on my iPhone? I had no idea that it was that capable!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-18697195.post-53601512585958678062011-04-26T13:00:30.201+02:002011-04-26T13:00:30.201+02:00And that is why I use the NoScript add-on for Fire...And that is why I use the NoScript add-on for FirefoxAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-18697195.post-81307971202984639772011-04-25T20:46:44.227+02:002011-04-25T20:46:44.227+02:00@Anonymous: Did you try wine ? ;-)@Anonymous: Did you try wine ? ;-)Paul Cobbauthttps://www.blogger.com/profile/12690770983694921987noreply@blogger.comtag:blogger.com,1999:blog-18697195.post-10306526316820299972011-04-25T17:37:13.138+02:002011-04-25T17:37:13.138+02:00On my computer (Ubuntu Linux, using Firefox), I ge...On my computer (Ubuntu Linux, using Firefox), I get a screen that tries to mimic Mozilla.<br /><br />Warning is Mozilla Security Software and not Microsoft/Windows<br />the screen afterwards mimics the look of phishing page.<br />I have to say it looks quite convincing... obviously the downloadable .Exe at the end won't work on this linux machine :pAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-18697195.post-1663806022942381102011-04-25T11:16:48.386+02:002011-04-25T11:16:48.386+02:00I saw that once, unfortunately on a Windows machin...I saw that once, unfortunately on a Windows machine. Not sure if it was from an image search.<br /><br />I realized it was fake, but it was difficult to get rid of it.<br /><br />Once I closed the window, I started a full malware scan.Iggyhttps://www.blogger.com/profile/02868851407711811974noreply@blogger.comtag:blogger.com,1999:blog-18697195.post-19056125502312939582011-04-24T17:48:54.969+02:002011-04-24T17:48:54.969+02:00See also this warning: (Published: 2011-04-23)
Ima...See also this warning: (Published: 2011-04-23)<br /><a href="http://isc.sans.edu/diary.html?storyid=10759&rss" rel="nofollow">Image search can lead to malware download: <br /></a><br /><br />if you click on image found in google. The following script was received from the host ...pvandewyngaerdehttps://www.blogger.com/profile/02629954470345655800noreply@blogger.com