Category: malware

Blue Screen of Dichotomy

Post date 20240719

Crowstrike, never heard of them. Lucky me. Sorry for all who got impacted.

While this could very well be the first case of a broader “the AI ate my homework”, reality is never that simple, easy or straightforward. No matter if the story works nicely.

Wikipedia featured the fix for a while. No idea if it is legit or will entirely burn your machine to the ground. Upon further reading it feels that the source for this “fix” is legit, but it might be that it is not a panacea. In my, very limited, understanding deleting those channel files might give the system a chance to reload valid ones on the next boot.

The actual root cause of this incident will be interesting though. Strange that it is possible to push something faulty to this many machines. One would think that avoiding this would be one of the core issues of an org like Crowdstrike.

Good luck to everybody affected. Directly or indirectly.

robo phone phishing

Post date 20141128

daily life malware technology

3rd robo phishing call in as many days.
Today it spoofed my own number as itâ€™s caller ID
and pretended to be AT&T. Telling me to enter
the last 4 of my social. Their scheme was that
my account had been â€œflaggedâ€. Entering
false four digits prompted in a â€œflag has been removedâ€
message. So that people easier forget. I wonder what
people want to do with the combination of my
phone number and the last 4 of my social.

It is frightening to think that they might a have a success
rate in the double digit percentages with this scheme.

TM-Edition Trademark Scam

Post date 20121012

malware

One of the “benefits” of having a registered trademarks is that scamers will try to make a quick buck.

TM-Edition Ltd.
Széchenyi tér 17.
2000 Szentendre
HU

Bank: MKB Bank Zrt.
SWIFT: MKKB HU HB
IBAN: HU57 1030 003 1056 3675 4902 0011

just tried this, trying to charge 1650 USD for “registration costs”

Sadly such scams must work often enough that it is worth somebodies while.

I think there should be severe punishments for this kind of behaviors. Allot of energy goes into nowhere for such scams.

For every dollar these idiots make they cost the world hundreds. And they contribute zero.

amazing

Post date 20090811

malware

in my mail there was a letter fake seal and everything. Looked very official. Total rip off. On the envelope it said:

BUSINESS FILINGS DIVISION 980 NINTH ST. 16th FL SACRAMENTO, CA 95814 -------------------------------- BUSINESS MAIL - IMPORTANT NOTICE ENCLOSED THIS IS NOT A GOVERNMENT DOCUMENT

When scanning over this I read the first line and then in the lower right the two words “GOVERNMENT DOCUMENT”. They offer an unneeded service for $239 that would have a ‘penalty’ of $250 in a weeks time. Since I overlooked the “NOT” I actually put this on to the todo stack. Of course their business model is very pre-internet. Google works faster than this one can set up new addresses and contact info.

I find it interesting that I almost fell for it.

It is hard to believe, but somewhere out there must be a person who feels good about running this kind of enterprise. They took great care in everything. A lawyer must have looked over it. This kind of things takes allot of work to set up. All these efforts for something that only has one purpose: moving money into the pockets of the initiator. There is nothing being offered in return. I wonder what a day in the office looks like for people who do this kind of thing.

when marketing turns into propaganda

Post date 20090618

internet M$ malware marketing

I am developing some exciting new features for INTERDUBS. I made the mistake of not testing the code I wrote for 3 days in Internet Explorer. When I check it again I realize that this cock-sucker of a browser just quits. So I had to roll through three days of changes to find out what exactly made this piece of shit simply quit. No warning, no indication. Nothing. Just fucking ended displaying the page. 6 other browsers were fine, and had been during those three days of development. There were no warnings, no hints of something causing a problem. Nothing. Turns out that a simple

made the ‘thing’ puke. This wasn’t the first time that working around Internet Explorer took almost as long as doing the actual work. Internet Explorer is just horrible and bad. Later version might be better. But overall Internet Explorer is a waste of time.

This would not be worth the ramble. It has been like this for a long time. But Microsoft has the audacity to put out a page like
this. Here it feels that IE8 is just awesome. Indeed it is much better than Firefox.

Which is pointing to a bigger problem: Somehow people started to believe that in marketing everything goes. They believe that it is OK to blatantly lie about things. The bigger the better. I don’t know where that comes from. But it is rampant. A competing company to INTERDUBS inflates the client count by roughly 200% on their public site. They don’t deliver the slightest proof for that number. Their web site looks very pretty. But it is still emitting something that is outside of the truth. And somehow that is supposed to be OK.

I think it is a problem. Not so much on their end. I can understand that they try to get away with as much exaggeration than possible. The problem is us: We let an administration get away with getting into a war over weapons of mass destruction. When there were not any, somehow nobody ever cared to follow up on that. So if nobody gets in trouble for sending the country into war for the wrong reasons, what could be so wrong in tripling your client count? What is so wrong on Microsofts end to claim that IE8 is more secure than Firefox? I personally think it is a miss-conception that something really great can be built on skewed facts. Maybe that competitor hopes to reach that claimed count one day and therefor make their lie less wrong. Problem is, that during the process they lost all credibility. Internally and externally.

Truth is a tricky thing. It will show up. Always did, and always will. Everything else is just a detour. Microsoft will learn that too.

how easy was that!

Post date 20090112

internet linux malware

While trailing the log files this messages showed up:

Jan 12 16:49:13 andreaswacker vsftpd(pam_unix)[20094]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=74.141.98.100

turns out some bot/script etc from 74.141.98.100 was trying to find an ftp user with a stupid name. Would have had no luck, but I don’t like my log files to be cluttered. So it turned out that a simple

iptables -I INPUT -s 74.141.98.100 -j DROP

blocks that IP address from now on. Nice. I think I will use that often now. There are lots of misconfigured systems out there. Like that Windows 98 computer in the philipines downloading the same file 5000 times yesterday. Thank you iptables.

“BOARD OF BUSINESS COMPLIANCE” scams don’t work while the Internet is there

Post date 20081114

internet malware

I got an officially looking letter from the “Board of Business complicance” asking $125 ‘due now’. I was about to ask my Tax people about this. But then it turned out that entering it in google already fixes the issue. Just by reading the excerpt made it cleart this is a scam. 30 seconds later I found a concise legal summary about this scam citing California Corporations Code Sec. 1500 600, 9510.

Done. Scam attempt goes in the shredder. The upside is how fast this did go. How effortless scamers can be dwarfed. Still bad that people can be in business ripping people off.

spam costs money

Post date 20080214

economy internet malware technology

In the past gmail has been good with spam filtering. Just now I checked up on a prospect. It turned out that he felt I was interested in his business, since I did not reply to his emails. They were in the gmail spam folder. Nothing special about them. Sadly you can not search the spam folder. Spammers never made a single cent with me. But they cost me and everybody else money. When I was looking at the last 3,000 spam mails I got (2 days) it seems that they peddle only a few items. I am sure that most of the spam tries to benefit just a couple of business. How about somebody going over there to these people and kind of make then reconsider the business attitude?

fighting terror, sans SSL

Post date 20080114

internet malware politics technology

the small chronies (50K in tax money wasted for this site) get caught

Actually those monkeys at Desyne kick out a 403 to me, since my IP is not one that is in the US. How pathetic.

I would have not missed much. Just verbage like:

Our clients range from global Fortune 100 corporations to local retailers. They all, however, share one thing in common: an absolute commitment to a strategic marketing approach wrapped around a comprehensive web-based technology capability. It's a formula for success we have delivered to more than 1000 clients since our founding in 1996.

Awesome that they all share “an absolute commitment to a strategic marketing approach wrapped around a comprehensive web-based technology capability”.
That evokes strong mental images. No, really.

use HTML code in Wikimedia

Post date 20080112

internet malware technology

since it is pretty tricky to google for, here the ~~wonderful~~ scary as hell wikimedia addition that lets you add raw html code in your pages:
[make sure to read the end of this post]

< ?php # RawHtml.php - raw HTML extension # # Defines the tag pair . # Sends the content out without any processing. # # To use, include this file into your LocalSettings.php # To configure, set members of $wgRawHtml after the inclusion. # # include 'RawHtml.php'; # # $wgRawHtml = array('JoeUser', 'JoeUserBot') # # Adapted from code by Jan Steinman


  class raw_html_settings { };
  $wgRawHtml              = new raw_html_settings;

  $wgExtensionFunctions[] = 'wf_raw_html_ext';
  function wf_raw_html_ext() {
    global $wgParser;
    $wgParser->setHook('RawHtml', 'render_raw_html');

  }
  function render_raw_html($raw_html_src, $style='') {

return $raw_html_src; } ?>

found here.

It really is easy to use: Just add the file as RawHtml.php and then add in the end of LocalSettings.php the following lines:

include 'RawHtml.php'; $wgRawHtml = array('user-name-to-use-this-goes-here' , 'this-would-be-a-second-one');

It turns out that the user names get absolutely ignored. So actually this is really dangerous to do, since ANYBODY that can edit the wiki can also insert any html code. Which is ok in a non public wiki, but NOT out there on those internets.

So the code above is plain malware: A bot could crawl the sources of wikis and could insert any html that might please in those pages. Allot of harm can be done that way.

For a decent explaination how to add your own addition look here

I ended up boiling up a couple of probably horrible php lines myself:

?php #mimg.php #insert image in wikimedia pages. #to use add code like:


#/path/to/image.png
#please note that I have no freaking clue what I am doing.
#this will only work with local links to images, since all

#characters apart from numbers, letters slash and dot will be filtered when rendered

#to install save this in a file and include in LocalSettings.php
class mimgclass { };
$mimgo = new mimgclass;

$wgExtensionFunctions[] = 'installmimg';
function installmimg() {

global $wgParser;

$wgParser->setHook('mimg', 'mrender_mimg');

}
function mrender_mimg($mimg, $style='') {

$mimg = preg_replace ('/[^a-zA-Z0-9\/\.]/' ,"",$mimg);

    return "";

  }

?>