malware – Accidentally clicked a phishing link, am I at risk?

You likely have nothing to worry about. Phishing relies on tricking you into entering sensitive credentials. It’s very rare for it to exploit you directly and if they did want to do that, they wouldn’t be showing you a password prompt. However, it is possible that merely typing in your account details sent data to them even if you did not press enter, so you should change your password. I don’t think that’s likely in this case, since I logged network activity while typing a dummy password into that phishing site and could only see it send it when I actually pressed enter, but it’s still a good idea to change those passwords.

It is possible that the page has attempted to use exploits against your browser regardless. Generally, these exploits will be against old browsers or outdated plugins. If you keep your browser up to date, it should not have public security issues that could be used to install malware via a drive-by download.

malware – Could video streaming pose a security threat?

A video file is normally just image and sound data, with additional metadata involved. It normally does not contain any sort of executable code, and therefore, generally video files are safe.

However, it is possible that the video player you’re using has a security problem like a buffer overflow, and that a video file could be specially crafted to exploit that video player and run malware. This is true of virtually every non-trivial program that processes untrusted data and is not specific to video players.

This is also not, in general, a great way to spread malware because people tend to use a variety of different video players which will contain different codecs for processing data. Therefore, even if someone distributed a malicious video file that exploited video player A, it probably just wouldn’t be malicious (or might not even render) on video player B. That isn’t to say it couldn’t happen or hasn’t happened, but there are more effective ways to spread general-purpose malware.

The only time I’d be seriously concerned about this as a threat model is if it were a targeted attack, where an attacker would have created a malicious file to exploit you or your company specifically and would have targeted it to software they know you use. However, you are probably not in that case, and even if you are, following standard best practices around security is the most effective way to prevent this.

It is likely that transcoding the file would prevent the malware from being exploited if the problem is in a codec (which is where many such security problems tend to occur), but the problem could also be in a metadata parser or other format-independent piece of code, in which case it wouldn’t have any effect. I would not transcode a video on the off chance that it might contain malware.

Your best defense here is to keep your software up to date with security patches. That means keeping your web browser, operating system, and other software you use, including any video players, up to date. If you’re using a cell phone for this purpose, be sure that you’re using a model that ships with regular security updates for as long as you own it, and apply them promptly.

You may also choose to prefer more reputable sites for content. For example, it is unlikely that Netflix is going to serve you malware. I realize that people live in the real world, though, so that may not always be practical, but if you’re very concerned about this possibility, then maybe you’d like to adopt that approach.

malware – Microsoft Outlook “confirm your current password” scam?

I continue to have this pop-up preventing me from accessing my email (the first pop-up said in all lowercase “don’t lose access to your account!”). It seems unprofessional to be all lowercase, so I feel like I have a virus/malware (I scanned with Windows Defender… it says there were “no threats found”).

Here are screenshots of what I have dealt with this morning (my laptop is extremely fast, and all of the sudden, it is really slow this morning with this email situation… I am concerned that if I restart the laptop, I won’t be able to log back into my computer… I am very concerned):

enter image description here

Press “Next”…

Image

Then, I think I was wrong to have entered my password… after entering it, I received a verification email (sent to my backup Gmail account regarding my college Outlook email account) from “msonlineservicesteam@microsoftonline.com”… scam?

Image

How do I get out of this?

malware – How safe are pirated pdf ebooks?

[Please don’t educate me on the ethical side of things :]
we all do this once in a while, even university professors do this once in a while.]

I’ve a pirated ebook and the legally obtained version of this ebook. Pirated one has about 3 times more size. I did some quick analysis using pdfid on both ebooks, and although I couldn’t find anything indicative of malware, I am still suspicious.

Interesting thing is none of them contains JS. Here are the pdfid reports of these files:

PDF Header: %PDF-1.5
 obj                  342
 endobj               342
 stream               342
 endstream            342
 xref                   0
 trailer                0
 startxref              1
 /Page                  0
 /Encrypt               0
 /ObjStm               11
 /JS                    0
 /JavaScript            0
 /AA                    0
 /OpenAction            0
 /AcroForm              0
 /JBIG2Decode           0
 /RichMedia             0
 /Launch                0
 /EmbeddedFile          0
 /XFA                   0
 /Colors > 2^24         0
PDF Header: %PDF-1.3
 obj                 6986
 endobj              6986
 stream              1212
 endstream           1212
 xref                   1
 trailer                1
 startxref              1
 /Page                249
 /Encrypt               0
 /ObjStm                0
 /JS                    0
 /JavaScript            0
 /AA                    0
 /OpenAction            0
 /AcroForm              0
 /JBIG2Decode           0
 /RichMedia             0
 /Launch                0
 /EmbeddedFile          0
 /XFA                   0
 /Colors > 2^24         0

I’ve compared URLs in both of them, and they are pretty much the same. What could be the case here? VirusTotal didn’t find anything as well.

Any hints/ideas would be appreciated. Thanks.

exploit – Are there any existing JTAG (hardware debugging) based malware detection systems, and if not, why?

JTAG

System software debug support is for many software developers the main reason to be interested in JTAG. Many silicon architectures such as PowerPC, MIPS, ARM, x86 built an entire software debug, instruction tracing, and data tracing infrastructure around the basic JTAG protocol. – source

I’d like to know if there are any malware detection solutions that use the dedicated debug port on x86 motherboards leverage the JTAG protocol to observe processes and detect malicious behavior signatures as they occur on the victim machine.

This port seems like a powerful solution to modern malware detection problems based on the fact that external hardware gets to monitor the system’s every state change.

I have a lot of research left to do on how JTAG works, but some possibilities I considered for why it (using the dedicated physical debug port) might not work are:

  • Perhaps JTAG can only debug one core at a time, or not all cores at once, making it impossible to use for a system-wide monitoring solution. Relevant question

  • Perhaps the performance cost is too high. Relevant question

  • Perhaps I completely misunderstood the workings of this capability and various details make what I’m suggesting impossible.

Context

Based on this related question I asked recently about using an OS’s debugging API to track a process state, you should be able to understand this question about JTAG a little better.

To recap, that question is about my research on the application of machine learning against register and memory state change patterns to defeat evasive and polymorphic techniques used by modern malware to avoid behavior based signature recognition traditionally performed within emulator sandboxes.

By watching processes actually executing on the real machine where they must demonstrate their behavior in order to accomplish the desired goal, we can avoid the weaknesses experienced by emulator based approaches (which would be an already defeated layer in our defense strategy by the time the solution I’m asking about now would be relevant).

The question

Are there any existing JTAG (hardware) based malware detection systems, and if not, why?

Can I detect malware that’s on my host OS if I’m using diagnostic tools in a VM?

If I have a VirtualBox VM running Kali Linux, can I use its diagnostic tools to search for malware on the host?

malware – Is it possible for a compressed file to contain malicious code?

A compressed archive could of course contain arbitrary files inside, including malware. But in this case unpacking and explicitly executing would be needed.

But, bugs in the archive program (i.e. WinRAR in your case) could cause a code execution simply by trying to open an archive, if the archive was specifically prepared to exploit the security issue. Such bugs actually happen, see Nasty code-execution bug in WinRAR threatened millions of users for 14 years.

And code execution then can be done anything, including contacting a remote server to reveal your IP address. Or also encrypt all your files on the system and demand a ransom – which is likely worse than just exposing your IP address.

security – Mac Software that Detects Windows Malware

security – Mac Software that Detects Windows Malware – Ask Different

malware – How to securely create a bootable USB drive from a possibly infected system?

There is no foolproof way. Since you can’t trust the system, you can’t reliably verify the integrity of the image you will be using to create the bootable USB or, for that matter, of anything else. No matter what you do, it is possible for the malware to have interfered with it.

You could, however, do something the malware would likely not expect. Like make a bootable USB for a lightweight Linux distro, boot live from it, and then make the Windows 10 bootable USB from the live Linux OS. It is quite unlikely for a Windows malware to infect Linux as well, but for that matter, it is unlikely for malware to infect bootable USBs in the first place.

malware – How to securly create a Windows 10 bootable USB drive from a possibly infected system?

There is no foolproof way. Since you can’t trust the system, you can’t reliably verify the integrity of the image you will be using to create the bootable USB or, for that matter, of anything else. No matter what you do, it is possible for the malware to have interfered with it.

You could, however, do something the malware would likely not expect. Like make a bootable USB for a lightweight linux distro, boot live from it, and then make the Windows 10 bootable USB from thee live linux OS. It is quite unlikely for a windows malware to infect linux as well, but for that matter, it is unlikely for malware to infect bootable USBs in the first place.

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123