Collaborate Disseminate
On this site, I tend to focus on tech support scams in the context of telephone scams. However, here’s an interesting article by Bill Brenner for Sophos that focuses on other types of telephone scam: IRS tax scams Immigration scams Payday loan scams Government grant scams The callers seem to be based in India and […] Continue reading Sophos describes some other telephone scams
Hacked web pages redirecting to tech support scam pages. Info from Jérôme Segura for Malwarebytes: The numeric tech support scam campaign David Bisson for Graham Cluley’s blog: Compromised websites redirecting tech support scam hosted on numeric domains – Wait, there’s a malvertising vector, as well?! David Harley Continue reading Support Scamming by the Numbers
(MacSpy isn’t ransomware, but seems to have been developed by the same author, and both are offered as as-a-service malware.) Zeljka Zorz for HelpNet Security: Two Mac malware-as-a-Service offerings uncovered. According to HelpNet ‘Patric Wardle’s RansomWhere? tool can also stop MacRansomware from doing any damage.’ Rommel Joven and Wayne Chin Yick Low, for Fortinet: MacRansom: Offered as […] Continue reading MacRansom (& MacSpy)
And still it goes on… Tech support scammers poisoning Google search results is hardly new – see My PC has 32,539 errors: how telephone support scams really work – but there’s an interesting example flagged by Malwarebytes in the article Ads in Google Search Results Redirect Users to Tech Support Scam by Catalin Cimpanu. Also some useful commentary by […] Continue reading Tech Support Scams and Google
A couple of items of general interest regarding ransomware: For Sophos, Bill Brenner’s article InfoSec 2017: a look at the family album of ransomware includes some threat statistics for the period October 2016 and April 2017, plus some ransomware-based talks and events at InfoSec. For Computer Weekly, Warwick Ashford writes about UK firms stockpiling bitcoins for ransomware attacks, referring […] Continue reading Ransomware: InfoSec, Stats, and Paying Up
A free tool released by ESET ‘to help combat the recent ransomware, WannaCry (WannaCryptor).’ The press release goes on to say that: ESET’s EternalBlue Vulnerability Checker can be used to determine whether your Windows machine is patched against EternalBlue, the exploit behind the WannaCry ransomware epidemic that is still being used to spread cryptocurrency mining software […] Continue reading ESET’s EternalBlue Vulnerability Checker
Wannacry in-memory key recovery for WinXP – Adrian Guinet warns: “This software has only been tested and known to work under Windows XP. In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not […] Continue reading Decryption hope for WannaCryptor a.k.a. Wannacry
Article by me on ITSecurity UK: WannaCryptor Afterthoughts… Not that it’s really ‘after’ WannaCryptor, but as some of the smoke clears, I thought it was worth looking at some of the issues around the malware, and maybe more importantly, the way the online world has reacted to it. David Harley Continue reading Thoughts about WannaCryptor
Because of the apparent seriousness of the issue, I borrowed my earlier blogs on this topic for ITsecurity UK. So it’s only fair that I borrow back a couple of updates from that article. You may have seen that someone was able to ‘switch off’ the attack by registering a domain. (‘Accidental hero’ finds kill […] Continue reading WannaCryptor news updates
Unusually, Microsoft has provided a patch for systems that are no longer supported, but are vulnerable to the Microsoft Security Bulletin MS17-010 flaw exploited by WannaCryptor (a.k.a. WannaCrypt among other names). These include Windows XP, Windows 8, and Windows Server 2003. A patch for later operating systems (i.e. those versions of Windows still supported) was made available in […] Continue reading WannaCryptor – XP patch available