AntivirusLittle TipsMalwarePhishingSecurity

Spam Alert: These People Never Get Tired Of Trying To Get You

 

Here is little warning and reminder not to get too comfortable thinking that scammers are gone or that your email spam filter is so good they will never get to you. Here is your wake up call: These people never get tired of trying. They use all sorts of means to disguise themselves including shortening their links by means of “short url” machines like in the case of the above picture.

Spam Email Example

Example of an email that hides a dangerous link behind a tinyurl link under the UPGRADE NOW button.

In fact, I just got right in my inbox one of those messages with a malicious link to some phishing scam hosted on https:// [some_malicious_place] .us.archive.org. But the link that was actually in the big blue button was not pointing there directly. It was disguised behind a https:// tinyurl.com/ [some_extension_goes_here]. It took running the link through Google’s online virus scanner virustotal.com to detect that the final destination of the link is an archive.org-hosted malicious content and site.

So, when you get an email that makes you uncomfortable as to why you are getting it or one that it looks suspicious, you probably are right. It is probably suspicious and dangerous. Get your IT friend look at it or just do not click on any links or attachments in it until you can get it verified by someone who has the tools. If you know how to extract the links without activating them, then do that and report the links if malicious to places like virustotal.com or to your antivirus software so they can include it in their next update. Please note that sometimes the email may come from an address of a person you actually know (after their mailbox was hijacked or is being spoofed).

Google is full of resources on how to tell if the email you are looking at is Spam. Seriously. Just type such a question and you will find a plethora of reputable sites with good examples. Emphasis on reputable. Do not fall for more phishing while trying to detect some.

virustotal.com reveals the actual final destination of a tinyurl or Shortened URL.

This screenshot from virustotal.com details page shows us the final URL the tinyurl link or Shortened URL that was in the phishing email would have led to.

Advertisements
Uncategorized

ICT policy training for Congolese activists held in Goma

Rudi International

In partnership with the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), we brought together human rights activists, journalists, bloggers, lawyers, etc to discuss ICT policy issues in Africa and in the world. A special focus was on the Democratic Republic of Congo (DRC) because we examined the current policies and the way the policy development process is being handled in the DRC.

For two days, it was a good opportunity for journalists and human rights advocates in Goma to be exposed to Internet freedom topics and know how they can be part of the policy discussion. One of the major activities was that participants were able to read the current ICT laws and to compare it with the new proposed ICT laws currently under discussion at the Parliament.

Recommendations were drafted on how the ICT proposal can be improved and have it include issues such as…

View original post 130 more words

Uncategorized

defending against EvilOSX, a python RAT with a twist in its tail

I am often torn between sharing such a dangerous tool and just keeping it among the hands of few. But then I think, well, a way to protect yourself and your systems is at least offered here. So, here we go. To use the words of philastokes from APPLEHELPWRITER, “Stay safe, folks!”


Intro
EvilOSX is a malware project hosted on GitHub that offers attackers a highly customisable and extensible attack tool that will work on both past and present versions of macOS. The project can be downloaded by anyone and, should that person choose, be used to compromise the Macs of others.

What particularly interested me about this project was how the customisation afforded to the attacker (i.e., anyone who downloads and builds the project, then deploys it against someone else) makes it difficult for security software like my own DetectX Swift to accurately track it down when it’s installed on a victim’s machine.

In this post we’ll explore EvilOSX’s capabilities, customisations, and detection signatures. We’ll see that our ability to effectively detect EvilOSX will depend very much on the skill of the attacker and the determination of the defender.

For low-skilled attackers, we can predict a reasonably high success rate. However…

View original post 2,321 more words

Gmail emails with dots still get to you
GoogleLittle TipsSecurity

Did You Know that Dots Don’t Matter in Gmail Addresses?

Yes, an extra dot in the username part of the email address does not change who gets the email address at Gmail.com. Please be careful to notice that this might not be true of all other email service providers.

For example: john.doe@gmail.com is the same as j.ohndoe@gmail.com or any variation of the position or number of dots before the @ sign. If someone tries to open a new Gmail account with just a dot as a difference between their address and yours, Google will tell them the username already exists.

Caution: if you used Gmail through an organization like school, business, or company, your dots do matter.

More on this in this Gmail help article.

Have you experienced anything that contradicts the above? Please share here in comment.

Uncategorized

what is rapportd?

Since early November, I’ve been seeing reports of High Sierra users being presented with a dialog box from the Firewall asking whether the user wants to accept incoming network connections to rapportd.

This is causing some confusion among troubleshooters as there’s a fairly notorious process with the same name associated with IBM’s (badly-performing) Trusteer software. This latter often causes system slow downs and the general recommendation is to remove it unless you absolutely can’t live without it.

However, the rapportd process responsible for the dialog has nothing to do with IBM’s Trusteer and is, in fact, an Apple daemon introduced in 10.12. According to the man page, Apple’s rapportd is a daemon providing support for the Rapport connectivity framework. Although rapportd is bundled with 10.12, it doesn’t seem to be active as far as I can tell; all the reports I’ve seen about the connection alert pertain…

View original post 147 more words

Uncategorized

Rudi Christmas Project 2017

Rudi International

It is that time of the year again when all over the world, people are celebrating the birth of the Son of God among men. This year, we want to remember the birth of Christ as we celebrate Christmas with the children from Rudi Education, their family, and up to 500 more people from their community. Just for a reminder, the large majority of the people we serve are internally displaced persons living in challenging conditions right outside of Goma, Eastern Democratic Republic of Congo.

We delight in bringing joy to this community that has been affected by war and conflict for the longest of the past 23 years. Many of you have contributed from $1 to hundreds of dollars to make this event possible for the past 6 years.

Please join us again today and let’s bring joy and cheer in Lac Vert together by giving right on this…

View original post 32 more words

Beware of Phishing Emails
AntivirusLittle TipsSecurity

Security Warning – Beware of Emails About Uber

Hello, Friends,

Uber has suffered a data breach a year ago, and the address and email information of 57 million people were stolen. Uber paid off the hackers who then supposedly deleted the data, but that cannot be confirmed.

Watch out for phishing emails related to this Uber data theft, for instance that your “Uber account was compromised” and that you need to change your password, or anything else related to Uber that could be suspicious.

Never click on a link in an email for situations like these, always go to the website yourself through your browser’s address bar or a bookmark you have set earlier.

Remember, Think Before You Click!