Partial Blame Should Fall on Adobe

I like to consider myself a long time Apple user, but that would be an insult to those who have been using Mac products since before my birth. However, in the last ten years, I have used Apple products, almost exclusively. I spent three years working at an Apple Authorized Service Provider, repairing Apple products, primarily working on computer hardware and software (I dabbled in iOS devices for about a year). That being said, I have repaired many Macs that are infected with malware, trying to rid them of issues. One commonly recurring problem has been one threat vector, that I would say was the cause to over 75% of malware-infected machines was the utilization of a fake Adobe Flash Player installer.

fake.png

I don’t have enough fingers and toes to count the number of times I have talked to someone who has a Mac infected with malware, and it occurred when they “received a notification for an Adobe Flash update” while perusing a website. They then click on the update link. Suddenly, they have a malware problem.

Screen Shot 2019-03-21 at 7.01.46 PM.png

Attackers have made their fake Adobe Flash Player downloaders look more and more like the real thing. Now when I say “the real thing," I don’t necessarily mean that it looks just like Adobe’s installation webpage, but they do make it look legitimate. Take a look at the image to the right. It is a piece of malware that is wrapped to look like a downloader for an Adobe Flash Player update. Now typically these pop-ups occur on websites that aren’t secure. One common theme I would see frequently is a pop-up after pirating media, whether it be ripping YouTube videos, or on well known torrenting sites. I have typically placed 99% of the blame directly on Apple for multiple reasons. The first and foremost is that they have been known to spread the rumor that “Macs don’t get viruses.” Again, this is an all-out falsehood. Apple tried very hard to make that phrase popular, but the truth is that Mac malware has been skyrocketing.

You see a large amount of the malicious software installed on users that are under 25 years of age and over 55. I think the reason for this depends on the group. For the older generation, they are typically more trustworthy. They can’t rationalize why someone would want to infect their computer, and their thought process is understanding.

I thought that there had to be more to this issue than simply Apple’s issue of not cracking down hard enough of malware. The Macs built-in protection, in the form of MRT (Malware Removal Tool) and XProtect, simply don’t work well enough. You need supplemental software to protect your machine. A follow-up issue to that is that these malware removal apps are not available in the App Store. Actually, let me clarify - there are apps in the App Store, but they are not good. To host your app in the App Store, there has to be very specific things it can and can’t do. Some of the things that Apple restricts in their App Store are necessary for a good A/V (antivirus) to have. I’ll give you some great malware-removal tools and AVs at the bottom of this post.

So where does Adobe fit into all of this?

It’s obvious that this threat vector is extremely common. But why? I started digging through Adobe’s webpages, and I started looking into their release notes. Typically, when a piece of software is provided an update by the developer, the developer also includes “Release Notes,” which is, usually, a short summary or itemized list of bugs that were fixed, glitches that were resolved, security issues patched, and on and on. When you look at the release notes for Adobe Flash Player, the list is incredibly long. Not just the list of release notes, but the number of releases.


adobeUpdates.png

It’s not unlike Adobe to push out more than one update/release per month. This is a lot of releases. They’re averaging one/month so far in 2019, and averaged above that throughout 2018. What this does is shows that Adobe’s Flash Player truly does need to be updated regularly, and as users, we have become so accustomed to this software’s need for updates that since Adobe Flash Player’s inception in 1996, users constantly blindly trust that Adobe does need to update its software. Why? Because we’re used to it actually needing to be updated. When Adobe is typically giving you monthly notifications that you need to update their software to navigate to certain websites or to watch videos on specific webpages, we don’t get surprised when we navigate to a certain website, get a pop-up saying the software needs to be updated, and click Accept. Now we definitely shouldn’t just be clicking Accept on random websites just because we see a pop-up saying that Adobe Flash Player needs to be updated, however, how come we’ve never criticized Adobe for pushing these monthly releases or for not being more forthcoming about how malware uses their logo and name to mask themselves. The only place you’ll see this type of comment on an Adobe website is on their forums, where users are asking about how to get rid of malware after installing a fake Adobe Flash Player. So I’m calling for Adobe to step up to the plate and address this issue that has be plaguing Mac users for years now.

defense.jpg

Since it’s unlikely this issue will be resolved any time soon, let’s play a little defense. There are many pieces of software that can help prevent malware and can detect these fake Adobe installers the second they hit your machine. There are also additional tools for more advanced users that can help you do a little digging.

For me, the best piece of software you have have is Malwarebytes for Mac. Malwarebytes for Mac, which used to be a piece of software called Adware Medic, was created by Thomas Reed and was used to search a computer for malware, adware, and potentially unwanted software. The software used to be free, but now it is a mostly paid software that is subscription-based. If you’re frustrated that you can’t necessarily just buy the software outright, I will explain right now that everything is going the way of subscriptions. There’s no way to get around it. For developers, subscriptions is a more effective way to get and keep subscribers. Malwarebytes still has a limited free version that will clean your Mac, but it’s preventative features will disable after the 14-day trial expires. I highly, highly recommend buying the Premium subscription, that runs at only $39.99/year for one device. You won’t find a better deal than that or a better product. (By the way, this is in no way a sponsored post, this is simply my opinion). Another great part of Malwarebytes is that now they offer an iOS app, which will help you recognize spam calls, provide web protection, and ad blocking. Again, I can’t recommend it enough.

signed.png

Another piece of software is brought to you by the incredible folks over at Objective See. All of the software you find over at Objective See is both open source and free. They offer something called What’s Your Sign. This small program, once installed, allows you to right-click on software and see if it is “signed.” All software is signed. This means that the developer has digitally signed it to show that it is authentic. When you right-click the Signing Info option, you get a small window that shows if it is signed. We see in the image to the right that the signing authority is Objective See LLC, who is the creator of What’s Your Sign. So with something like Adobe, we should see that the software is assigned by Adobe proper, similarly to how apps coming from Apple’s App Store need to be signed by Apple proper. We also see in the above photo, the lock is locked.

signed2.png

Now let’s look at this fake Adobe Flash Player. Notice how the lock is unlocked, and it says that the signing authority is unsigned.

Objective See and the app’s creator, Patrick Wardle, make fantastic tools that you should check out. Check them out at Objective-See.com.

As per usual, let me know if you have questions regarding your machine. See something suspicious, don’t hesitate to tell me.

Guest Post: MyShopCoupon Hijack Browser

Detection of MyShopCoupon

Summary: MyShopCoupon is a browser redirector that I found in the ~/Applications directory. This was redirecting Google Chrome to use weknow[dot]ac as the default search engine for the browser. This avoided detection from KnockKnock, Malwarebytes Anti-Malware for Mac and ClamXav. It actually took me a fair amount of hunting around to grab it as this is the first occasion in which I’ve seen adware/malware hide itself in such an unlikely place as the ~/Applications directory. The point of this article IS NOT to chastise the developers of the above listed software, but simply to inform them of this files existence. Prior to this article being published, I have submitted the files and my findings to those that expressed interest in my detection.

Introduction: First, I’d like to take a moment to introduce myself. My name is Matt Jacobs and I am the senior technician at a third-party Apple retail location. I have been doing this since 2013 and have performed ~15-25 security sweeps a week since I created/curated some wonderful pieces of software together for use with Macs. The curated Apps do the majority of the work, although I have created several Automators that simplify my process. The process that I use has been implemented on a nationwide scale within the company that I work for. I am very proud of this and the work that I do. I DO NOT KNOW HOW TO CODE! I AM NOT A PROFESSIONAL MALWARE RESEARCHER! I am simply a person that has had to work around malware and INSANE amount. I say all this so you know that this article WILL NOT be an in depth discovery in the vein of Thomas Reed or Patrick Wardle, gentleman that I respect GREATLY. This is a practical analysis. Should you feel that I am disqualified to be writing such an article, you can feel free to navigate away now.

Getting on with It: I initially found this piece of adware and submitted it to Virus Total on September 14, 2018. I found this because I had completed a security sweep on a customer’s computer (the customer will remain nameless here, but they granted permission to me to copy the files for use with this analysis) in which scans were ran with the following three pieces of software, in this order: 

    1. KnockKnock,

    2. Malwarebytes Anti-Malware for Mac

    3. ClamXav.

Before & after the scans are completed, I will manually go seek out some places that I know little things like to (attempt to) hide in. After analysis, it is part of my process to clear the caches within installed browsers and verify that they are functioning properly. Everything looked to be performing as normal, so I sent the computer home with the customer. The same day, the customer returned to my store (after I had left for the day) and was showing something to the technician on duty. In Google Chrome, the default search engine was set to Google, yet when a search was performed, it was using a search engine called WeKnow. That tech did the usual and checked for various installed extensions, cleared the cache and restarted the browser. The same was still occurring. That tech then removed Google Chrome, as well as it’s associated files and folders, then re-installed Google Chrome. The issue persisted. At this point he put the machine on my desk and told the customer I would contact them again the next day. 

Upon my arrival, I see this computer that I recall completing the day before, sitting on my desk.  The tech explained what was going on and walked me through the things he attempted, which I’ve documented above. At this point I started searching for the offender. After several minutes, I couldn’t find anything out of the ordinary. So I started looking in places that were so obvious I wouldn’t usually check. MyShopCoupon was “hiding” in the Applications directory AT THE USER LEVEL in a directory titled “MyShopCoupon” along with a myshopcoupon.config file. I zipped this folder up, restarted the computer and relaunched Google Chrome. Issue solved! I called the customer and explained the situation to them and was granted permission to copy the files upon removal for further analysis. 

I temporarily copied the files to a jump drive, so I could later copy to my personal MBP for analysis. Upon uploading the files (that I had unzipped) to Virus Total, I learned that 0/59 scanning engines had been triggered by these files. Virus Total did show me that it knows about files that are considered to be related to this file. It also showed me that some of these related files HAVE triggered some of their scanning engines. This has happened to me several times before. In those circumstances, I usually send the zipped up files to someone a little more prominent than I in the malware industry to proceed through the official channels and update their own software to detect these. I didn’t this time, however, as I had very little information about them. Upon completion of my security sweep, I gather all of the files into the ~/Trash and organize them as follows:

    1. Known Bad Software

    2. Malwarebytes Removals

    3. Previously in Trash

    4. [security sweep] Docs

    5. Unnecessary iTems (I throw away .dmg, .pkg, .exe files I find in the ~/Downloads folder, even though they may not be related to security)

    6. Virus Scan Removals

The purpose of doing such a thing is to give the customer something that they can look at to see what I did. This is to provide them with some value since they have paid for the service, and (other than a better operating computer) they really have nothing to show for it. I understand that the vast majority of end users will not understand what they are looking at, but this is so they can visualize what was causing the issue and have the satisfaction of clicking the “Empty Trash” button and ridding themselves of the problematic software. In this instance, the customer had emptied the trash prior to bringing the computer back. So I really have no idea what the infection vector was, nor where it came from. I know… very anti-climactic, right?

However, the upside is that now you, the reader, know that this little piece of garbage likes to store itself in your ~/Applications folder! Go take a peak for it. The other upside is that this is making me change my process. I will now start archiving the directories that I mentioned above (with permission, of course) excluding the “Previously in Trash” directory so I can be better prepared for these occurrences. 

Virus Total Link: MyShopCoupon
SHA-256: ea99c5031c8e455352a762515831d5fa1de4f7abfae169fbaf2a3d89fe704e12

MyMacUpdater SHA-256: fa3e23154036428fa42ba843f79e9fb6a1b85585906ee9159540e506b787d2df


Further Evaluation and Update by Stuart Ashenbrenner

Matt Jacobs originally made this write up back in September, but we have delay the release of the blog post. I have done a little more digging into this piece of malware, and I will show you exactly what it looks like and where it is persisting on your machine. Over the past few months, VirusTotal has began to recognize this malware, although many antivirus programs still aren’t finding it.

.png

When I acquire a sample of the malware from Matt, I began by simply running the installer (see right).

After initializing the installer, I quickly received a notification from the Objective-See tool called Lulu. This tool helps notify you of an process trying to connect to an external IP address, just like your typical firewall. This notification flagged that a process called mm-install-macos was attempting to connect to service.macinstallerinfo.com at IP address 104.238.223.14:80. This process (PID 729) was located at path:

/private/var/folders/8r/cwfv75z56jq6njqk_macos.app/Contents/MacOS/mm-install-macos

With this, you can see that the install persists out of the /private folder in the root directly. Luckily, you can block this connection with Lulu.

Screen Shot 2018-12-17 at 10.21.57 AM.png
Screen+Shot+2018-12-17+at+10.22.35+AM.jpg

If you allow this process to run, you will see Terminal open to run the bash script that is this programs installer. This is also the time in which the program will request your administrator password. This is truly what allows the adware to persist and begin infiltrating your system.

Screen Shot 2018-12-17 at 10.23.32 AM.png

This will launch an installer for “program” called Media Player. This program initializes and gives you two types of installation options. One is the express version (below-left). The other is the customized version (below-right). Please note, you cannot actually customize the installer. You HAVE to install both Media Player and Myshopcoupon, and you cannot uncheck the option. They are basically forcing you to install both those pieces of “software.”

Screen Shot 2018-12-17 at 10.23.03 AM.png
Screen Shot 2018-12-17 at 10.23.09 AM.png

After accepting the install, Lulu alerted me with another outgoing connection. This came from a plist file located within the LaunchDaemons folder, which is what helps the adware maintain persistence. As noted in the screenshot, the actually startup binary of the file is location in the User-level Application folder, which is much less common than that root Application folder, which is where the majority of your actual apps are located.

Screen Shot 2018-12-17 at 10.25.50 AM.png

You are then taken through a slough of your System asking for permission for these programs to access ALL of the data within your browsers, whether it be Safari, Chrome, or Firefox (I tested all three). These requests look like the image to the right. There were roughly two requests per browser, one for Myshopcoupon and one for a program called “Install”. Clever name, right?

One thing of note, I did recognize a curl command running in Activity Monitor.

Screen Shot 2018-12-17 at 10.28.38 AM.png

I checked the process ID (PID) through Terminal and noticed it was trying to connect to the mediaDownloader server.

Screen Shot 2018-12-17 at 10.29.13 AM.png

This completed the installation with a large “Thank You” page, then immediately after opened Safari and directed me to a website that, in the browser was called “related-offers.” It was an ad for MacKeeper. Shocker!

.png

After exiting that garbage program, I navigated to the User/user/Applications folder, and sure enough, MyMacUpdater was sitting in that location.

Screen Shot 2018-12-17 at 10.40.27 AM.png

The job of malware, adware, or viruses is to persist, meaning if you restart your computer, the malware needs to be able to restart on either power-on or login. Because of this, most malware will attempt to persist from either the LaunchAgents or LaunchDaemons folders.

One reason why this specific piece of malware is so nefarious is because it utilizes the users directory. Because of this, some malware of adware companies don’t recognize it, as it could potentially cause unwanted data loss (according to the AV companies). While I don’t necessarily agree with the notion for malware companies to avoid blatant and obvious malware, I understand where they’re coming from, at least from a business standpoint.

With that in mind, I highly recommend tools from Objective-See. Their tools, like Lulu mentioned above can help alert you to unwanted programs, adware, or malware. On top of that, their program KnockKnock will run Launch Items (items in the LaunchAgents and LaunchDaemons folders) against a VirusTotal check. Although this malware avoided detection early on, it appears that it is now being recognized, mainly due to the malware changing over the past few months. VirusTotal will reveal how many different antivirus programs have recognized it. When I used KnockKnock after installing this Myshopcoupon on a clean system, it responded with these results:

Screen Shot 2018-12-17 at 10.45.47 AM.png

It recognized both persisting pieces of software, and returned that one (MyMacUpdater) had 2/57 hits on VirusTotal, while the other (MyShopcoupon) had 15/56.

I can’t recommend these programs enough.

If you have any questions, feel free to email or call me.


A huge thank you to Matt Jacobs for all of his research into MyShopCoupon! You can follow Matt on Twitter at @pnwbeard. When Matt isn’t working on Macs, he’s developing and designing table top games. Check out his page over on Patreon.

Also, shoutout to Patrick Wardle at Objective-See for all of their fantastic tools.

A Year After Equifax Breach: What We've Learned

A Year After Equifax Breach: What We've Learned

We've learned nothing apparently.

Looking back at the massive breach of Equifax Inc. in September of 2017, when the personal information of 143 million people, mostly in the United States, was leaked, we've seen that number climb to 148 million into 2018.

giphy.gif

It seems like with a breach of that magnitude, heads would roll. Uh, yeahhhhh, not so much…

Not only did no one worth noting get fired for the breach, at least publicly, the companies shares have all but recovered and will probably post a record annual profit next year. Not only did their CEO not get fined, fired, or face any reprimands, he was able to retired, collecting his 410k, which was probably through the roof. Again, no one was fired, but I'm guessing they were asked to retire. My assumption is the only firing that happened was to the one, single IT technician on which they blamed the hack after they failed to install the patch (a patch is finding a vulnerability in a system and fixing it, so it is no longer problematic). The only other known employees that have been fired for anything even related to the breach were employees arrested for insider trading, when they sold stock after the company knew about the breach but before the shareholders were informed. Sudhakar Reddy Bonthu, a software manager, was one of them, when he traded on the information he received while creating a website for consumers affected by the attack.

When stocks began to fall from $141.59 on September 1st, down to $92.98 a share on the 15th of September, it seemed like Equifax was at its all-time low. Now, we see the Equifax stock closing in on $140/share, which is only $5/share off of its all-time high, when it was $145.09 not long before the breach was disclosed.

As of September 14, 2018 at 2:20PM ET

As of September 14, 2018 at 2:20PM ET

So maybe we haven't learned much from Equifax, but have we learned anything as the human cog in this technical wheel? Short term? Absolutely. After the Equifax breach, there was a huge backlash by users and anger over the way the breach was approached and disclosed. However, looking back, it was short-lived. "Equifax," although now becoming near synonymous with "breach" is rebounding perfectly fine.

The important take-away is how we as people and users operate on a day-to-day basis. Do you use one password for everything? Does it just meet the minimum requirements for password strength, or does it exceed them? Are you using numbers and symbols in combination with a word that isn't related to you? These are the things we need to learn from breaches. I do understand that some things are impossible to protect against, like the Equifax breach. Whether your personal information was involved or not, no amount of password protection was going to protect you from that breach. So as far as Equifax-esque breaches go, just be weary about your personal information.

Don't just sign up for random things online, don't use your full, real name unless required, password strength is key.

There are some resources out there to see if you or you’re email has been involved in any data breaches or leaks. It is called Have I Been Pwned. It’s a good resource that I highly recommend checking out. It is one of the reasons I got a new email account some time ago. I have one email to which I get all of the coupons and other garbage sent, and then I have a different one that only people very close to me have. It is also the email I use for things like online banking or Amazon. It is also good to frequently change your password. Try your best to think of something complex that combines letters, numbers, and symbols. I took roughly a week to come up with my most recent one. It is well over eight characters, in fact, I think its over fifteen. Regardless, try to change passwords often. If you have issues remembering passwords, there are things like iCloud Keychain or 1Password that many people like and trust.

Sextortion

Less than a month ago, security researcher Brian Krebs published an article called, Sextortion Scam Uses Recipient’s Hacked Passwords, and now, it appears that extortion has spread to the Apple platform.

Sextortion, by definition, is a form of blackmail in which sexual information or images are used to extort sexual favors from the victim. 

As noted by Krebs, the perpetrators would first hack the computers password. After receiving the computer's password, the hackers would email the victim and inform them that their password was hacked. What they would do next is tell the victim that they recorded them doing nefarious things. You can read an entire email below.

porn-blackmail-scam-email-example.png

This type of email would be very convincing, as the hackers literally know your password, which would make the average user and even more advanced users assume that recording through the webcam is possible. This is one of the more intimidating and personal scams I've ever seen. This isn't simply an attempt at extortion, it's uncomfortably personal.

Quite some time ago, I wrote a blog entitled simply Should You Cover Your Computer Camera. Now, when I wrote this, I hadn't really considered something like sextortion. That being said, if you are going to be doing..."personal" things on your computer, you may be better off using a camera cover. In addition to covering your camera, it may be worth it to get a piece of camera-monitoring software that can help monitor your webcam activity and alert you to its use.

When it comes to webcam monitoring, there is nothing better than Oversight by Objective-See. This software, as I mentioned, alerts you to both your camera and your microphone becoming active. It will throw you a notification in the top-right corner of your screen, alerting you to its activation. It also allows to whitelist certain apps, meaning that when you get the alert whether to allow or block the enabling of your camera, you can choose "Yes, Always" or "Just Once." This way, you can make sure Facetime always comes through, but other applications do not. Now you may be thinking, "Isn't that what the small, green light next to the camera is for?" The short answer is: yes. The slightly longer answer is that the green light can be bypassed to remain off even while the camera is active.

© Objective-See —— example of whitelisting an application with Oversight

© Objective-See —— example of whitelisting an application with Oversight

© Objective-See —— Oversight Application for macOS

© Objective-See —— Oversight Application for macOS

There are other ways you can protect yourself, such as using a program such as Micro Snitch, which is a program by the creators of Little Snitch, or you could even use an actual camera cover. If you so desire, you even get a pair the two. I don't physically cover my camera, as I am not overly concerned of being spied on, but a large part of this is due to the fact that I purchased Micro Snitch years ago, and since then, Objective-See released Oversight, which I also have installed. I figure that between the two programs, I should be safe, although I've found myself definitely drifting towards Objective-See's tools as opposed to the creators of Little/Micro Snitch, Objective Development. TL;DR: Install Oversight.

I do understand why others may want it covered. We all remember that picture of Mark Zuckerberg holding up a sign in his office, and in the background you see a MacBook Pro with the microphone and camera covered. Many people were shocked by this, but I was not one of them. Zuckerberg has many whom I'm sure would like to access his webcam, whereas someone like myself doesn't really have to deal with creepy people like that in my reality. It's our differences in fame and fortune. Fortune will quickly make you a larger target for any type of cyber attack.

zuck_instagram.jpg

The FBI has listed a few ways to avoid sextortion scams. They are as follows:

1. Never send compromising images of yourself to anyone, no matter who they are — or who they say they are.

2. Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.

3. Turn off [and/or cover] any web cameras when you are not using them.

If you or someone you know have been victims of a sextortion scam, contact the FBI toll-free at 1-800-CALL-FBI.

Corvallis Scams

Breaking down the scams occurring in my backyard

Most people think of a hacker or scammer as someone in a black hoodie, sitting in a dark room, trying to steal your information. That's not the case.

So this following list is a record of all of the scams that have occurred in the Benton County area, and the more I see it, the more it frustrates me. No one is talking about this. No one is reporting on it. No one even acknowledges it. Well, I'm going to do it now.

3090392251_911be4dfaf_z.jpg

Corvallis,_Oregon_-_Benton_County_Courthouse_01.jpg

I encourage you to read a few of these scams, and don't feel like you need to read them all, but when you've had your fill, you can scroll to my breakdown. Get ready to scroll, because this list is long. I will give you some ways to avoid scams, and some ways to immediately notice you are attempting to be scammed.

Corvallis (Oregon) Police Department & Benton County Sheriff's Office Police Log Reports (information gathered from The Corvallis Gazette Times)

July 30, 2018
SCAM: 9:50 a.m., [address omitted]
A trooper was made aware of a fraud attempt targeting OSU students through their email accounts. The email offered a job in New Jersey and requested students reply with personal information. Students were notified of the phishing email.

July 29, 2018
SCAM: [address omitted]
A man reported that he had sent $700 via Walmart to Ohio for a deposit on a rental home but that it turned out to be a scam. 

July 26, 2018
THEFT: 7:37 p.m., [address omitted]
A man told police he was contacted by someone purporting to be a Chinese official and who informed him he needed to transfer $10,000 into an account at the Bank of China to ensure it was "clean" because it could have been involved in an "economic crime." The man transferred the money and then realized he may have been scammed. Police told the man to cancel the wire transfer and to report the incident to authorities in China.

July 21, 2018
SCAM: [address omitted]
A Philomath resident reported that she sold an iPad through a buyer on Facebook and shipped it without receiving payment. She received what she had thought was an email stating that the payment had been credited to her account, but she learned that it was a fraudulent email.

July 17, 2018
SCAM: 11:08 a.m.,[address omitted]
A woman told police she listed two Country Music Festival tickets on Craigslist for $400 and received an offer out of California for $1,300 if she’d send $960 via Western Union to someone in New York. The woman said she did this and was later informed by her bank that the check she deposited was fraudulent.

July 11, 2018
SCAM: 1:58 p.m., [address omitted]
A woman told deputies she met a man on Facebook a few months ago and the man told her he was in a hospital in South Carolina and needed money for surgery. The woman said she gave the man $1,000 in Amazon gift cards and the man asked for $2,000 more. The woman wanted to verify she was scammed and deputies told her she was. They discussed ways to prevent the incident from occurring again.

July 10, 2018
SCAM: 10:03 a.m., [address omitted]
A woman told troopers she received an email that contained a check for $928. The woman was instructed to cash the check and buy something for the suspect and keep the change. The woman deposited the check and spent the money but did not send any money to the suspect. The bank then informed the woman the check was fraudulent and requested the money back.

July 6, 2018
SCAM: 12:53 p.m., [address omitted]
A woman told police she paid $299.99 to Microsoft for a subscription to keep her computer clean of viruses. The woman later realized it was a scam and canceled the check before it reached the recipient. Police think the scam involved international perpetrators and discontinued the investigation.

June 30, 2018
SCAM: [address omitted]
A person reported they received a phone call from someone claiming to be a Benton County Sheriff’s Office deputy. The caller told the person they had missed jury duty and needed to pay $3,000. The person bought $1,000 in Google Play cards and sent photos of the cards to the caller.

June 30, 2018
SCAM: 6 p.m., [address omitted]
A woman reported that some Chinese nationals called her posing as members of the Chinese consulate in San Francisco. They said that Shanghai police officers wanted to speak to the woman about some bank accounts opened in her name through the Industrial and Commercial Bank of China. The woman spoke with alleged Shanghai police officers, who stated she would be arrested if she could not prove she did not open the accounts. They convinced her to wire $90,000 to a bank account in Hong Kong with a promise of it being returned once her innocence was proven. The woman later realized the call was fraudulent.

June 19, 2018
SCAM: 11:23 a.m., [address omitted]
A man reported he had met a person online who identified herself as Ingrid Nugent and they had entered into a relationship. The man said $4,500 was deposited into his account by a person Nugent said was her attorney. Nugent then asked the man to send $4,064 by iTunes gift cards and money gram to Nigeria, which he did. The check deposited into the man’s account subsequently was declined.

June 15, 2018
SCAM: [address omitted]
A woman reported she had been having problems posting a video to Facebook, so she Googled a support number for Facebook. She called a number she found and was told her problem could be fixed if she provided $700 worth of gift cards. The woman bought the gift cards and provided the card's numbers to someone she believed to be a Facebook support employee. After providing the gift card information, the woman’s problem was resolved. The woman was informed by the person she called that if she provided another $300 worth of gift card information she would be reimbursed her money. She started to believe she was scammed and called police.

June 12, 2018
SCAM: 7:23 p.m., [address omitted]
A man reported he received a call from a person identifying himself as "Deputy Dale Ingram" with the Benton County Sheriff’s Office. The caller said the man had two failure to appear warrants and could pay the fine over the phone or be arrested. The man said he bought two Green Dot cards for $972 and read the numbers to the caller. When the man reported the incident to deputies, they informed him he was the victim of a scam.

June 5, 2018
SCAM: 4:17 p.m., [address omitted]
A man reported he was contacted by someone stating they were from the hospital and told him a Benton County deputy was trying to reach him. The man said he was contacted the following day by someone saying they were Sheriff Ingram with the Benton County Sheriff’s Office and that the man had a warrant for his arrest. The caller told the man he needed to buy two “Money Pak” cards with $494 on each to clear the warrants. The man purchased the cards and gave the caller the identification numbers. The man said he tried calling the number back, but there was no answer. Police tried calling the number but it went to an automated message machine and then the call ended.

May 31, 2018
SCAM: [address omitted]
A man told police he had listed his Microsoft Surface Book online for sale and was contacted by someone named “Yani Pedro” who wanted to purchase it. The man set up payment for the computer through PayPal and mailed the computer to an address in Houston. However, the man never received payment and discovered the email he was sent about PayPal was a scam.

May 15, 2018
SCAM: 4:37 p.m., [address omitted]
A woman told police she received a phone call at work from a woman who claimed to work for the state police. The caller told the woman that she did not file a Form 8886 with the IRS, and they were going to issue a warrant for her arrest. The woman said the caller instructed her to buy 12 gift cards worth $500 a piece. The woman told police she spoke to her bank and gave the caller some of her information, and then went to Wal-Mart to try and buy the gift cards. The woman said she tried twice to buy the gift cards, but her transactions were declined. Police informed her she had been scammed.

May 15, 2018
SCAM: [address omitted]
Police responded to Citizens Bank after a man cashed a fraudulent check. Officers contacted the man, and after he refused to remove his hands from his pockets, they placed him in handcuffs. The man told police he received the check in the mail from a Craigslist ad and was supposed to provide the account information to the sender. The man had deposited the $2,000 check on Monday and withdrew $200 of it. The bank then realized the check was fraudulent. Officers informed the man he had been scammed and released him. He returned to the bank the remaining cash he had from the $200 and was informed his account would be closed.

May 3, 2018
SCAM: 2:08 p.m., [address omitted]
A man told troopers he had received a call from a person posing as a Lane County deputy who claimed he had two warrants for his arrest. The “deputy” told the man he could turn himself in to the sheriff’s office or pay two payments of $489 in Green Dot Moneypak cards. The man sent the money.

April 26, 2018
SCAM: 4:25 p.m., [address omitted]
A man reported his brother, who has dementia, received a phone call from someone claiming to be the county sheriff. The caller claimed the man had missed jury duty and there would be a warrant for his arrest if he did not pay $1,500 via prepaid MoneyPaks. The man stayed on the phone with the caller while he purchased the debit cards and provided the card numbers to the caller over the phone.

April 2, 2018
SCAM: 9:38 a.m., [address omitted]
Police responded to Jimmy John’s for a fraud complaint. An employee told officers a man had called the shop stating he was from the corporate office. The man told the store manager that the shop was being investigated for employee theft and needed to provide the corporate office with $1,000 in gift cards. The manager drove to Fred Meyer, purchased two Visa gift cards and sent the images of the front and back of both cards to the phone number provided by the caller. A different employee had the cards locked so they could not be used.

March 22, 2018
SCAM: 12:10 p.m., [address omitted]
Two people told police they posted an ad on Craigslist seeking housing. They said they were contacted via email by “Larry Dunkin,” who claimed he lived out of state but was renting out 950 SE Powell Ave. The two people agreed to wire $800 via Western Union for the deposit, and Dunkin was to mail the keys. After they wired the money, Dunkin demanded $2,700 for three months’ rent before he would send the keys. The people refused to send the money. Police determined the house was not for rent.

Feb 27, 2018
SCAM: 3:38 p.m., [address omitted]
A woman told police she placed an ad on Craigslist to rent a room. An individual responded and assumed they had been selected as the next tenant and sent a check to the woman for $3,500. When the woman informed the person she would not rent a room to them, the person told her to cash the check and send a money order back in return. The woman knew it was a scam and gave the check to police.

Feb 25, 2018
SCAM: 2 p.m., [address omitted]
A man told police that someone, whom he believed to be a woman in Colorado, added him on Facebook. They video chatted and the man exposed his genitals. The other person then told the man that if he did not pay $500, they would post a video of his genitals online. The suspect wanted a money order sent to the Ivory Coast. The suspect’s Facebook account has since been deactivated.

Feb 21, 2018
SCAM: 4:12 p.m., [address omitted]
A woman said she received a phone call from someone claiming to work for Microsoft. The caller told her that her computer’s virus protection had expired and he could clear her computer of viruses for $499.99. The woman gave the caller her debit card information, as well as remote control of her computer. She later realized it was a scam and noticed a second charge for $512 on her bank statement.

Feb 15, 2018
SCAM: 8:34 p.m., [address omitted]
A woman told police she met a man online who claimed to have lost his wallet while on vacation. The woman sent the man $600 via Western Union. The following day, Western Union’s fraud department called her and said they felt she had fallen for a scam and put a hold on the transaction. The woman then received a call from someone claiming to be an FBI special agent and who said they knew about her involvement with the first man and that she was under investigation as a potential terrorist. The caller told her she needed to send $600 via money order to a judge in Florida, which she did.

Feb 15, 2018
SCAM: 10:30 a.m., [address omitted]
A man reported he sold a computer on Craigslist to “Tonnie Hooker III” for $770. He said he received a check in the mail for $2,300 with instructions to send the rest back via Western Union. The man wired the money from his bank account and then found out the check did not clear, for a total loss of $1,530. The man said “Hooker” had told him he would arrange for someone to pick up the computer in person but the person never arrived.

Feb. 14, 2018
SCAM: 11:38 a.m., [address omitted]
A man told police he had received a $2,450 check from Dial America Marketing with the agreement he would do bookkeeping for the business for $200 a week. The man said he was told to redistribute the funds by wiring the money to a Walmart in Texas, which he did. His bank later told him the check he received was fraudulent. The man lost a total of $2,450.

Feb 5, 2018
SCAM: 11:03 p.m., [address omitted]
Police responded after an employee at Burger King received a phone call from someone asking her where they keep the money and how much was in their safe. An officer took the phone and asked who he or she was speaking with. The caller promptly hung up. The employee who answered the phone said the caller claimed they were doing an FBI investigation for corporate and asked the employee to take money out of the safe and meet them nearby. The employee realized it was a scam and kept the caller on the phone until police arrived.

Feb 1, 2018
SCAM: 10:24 a.m., [address omitted]
A man told police he received an email on his OSU account regarding a job offer from a biotech company where he could earn $200 a week. The man said he received a check for $2,400, which he deposited into his bank account. He said he was asked to transfer $1,680 to someone in Texas via Western Union, at which point he realized it was a scam.

Jan 25, 2018
SCAM: 10 a.m., [address omitted]
A woman reported receiving messages from phone number 443-342-4190 stating her Social Security number had been stolen. She told police she called her mother, who called the number back and spoke to someone who said the Social Security number was being used by drug traffickers in Texas to send money to Mexico. The woman’s daughter called the people back and was advised to get all the money from her bank account, put it on Walmart gift cards and give the card numbers to them, which she did. The caller stated the money would be refunded to her the next day by a police officer. When that didn’t happen, she looked up the phone number and discovered it was a scam.

Jan 17, 2018
SCAM: 3:44 p.m., [address omitted]
A woman told police she accepted a job from a Craigslist post and was sent a check from an individual who identified himself as Taiwo Ayeni. The woman said she cashed the check and sent $850 via Western Union to her new employer's “supplier.” The woman said the employer then requested she buy several iTunes gift cards with the remainder of the money. The woman said that sounded odd and she contacted her bank, which informed her the check she deposited was not legitimate and she was most likely the victim of a scam. The woman said she sent a message to the original sender saying she was not sending anything to him. She said the posting on Craigslist has since been deleted.

Jan 12, 2018
SCAM: 2:22 p.m., [address omitted]
A woman reported receiving a phone call from a man who stated her identity had been stolen. The man told her to buy a $1,500 gift card from Target and provide the security code to him, which she did. She also gave the man the last four digits of her Social Security number, a picture of her and the name of her bank. The woman said the man spoke with an accent and called from the number 443-648-5751.

Jan 8, 2018
SCAM: 1:08 p.m., [address omitted]
A woman reported receiving a phone call from a man who identified himself as Benton County Sheriff's Deputy Cook at phone number 541-847-5100 (the Benton County Sheriff’s Office Monroe number). The man told her she had a "contact warrant" for missing jury duty and needed to pay her bail before getting off the phone with him or she would be arrested. The woman said she stayed on the phone with him while she drove to Safeway, purchased a $2,000 MoneyPack gift card and then drove to the Law Enforcement Center, where she provided him with the gift card number over the phone. The woman said the caller told her the gift card did not work and to purchase additional gift cards. She said she asked him to come out of the Law Enforcement Center and she would give him the physical card, and he disconnected the call. The woman then realized it was a scam and went inside to report it.

Dec 19, 2017
SCAM: 9:41 p.m., [address omitted]
A woman told police she received a call from 443-579-5816 and a man identifying himself as “Richard Gomez with the Federal Marshals” told her that her social security number was being cancelled due to pending criminal charges. The woman stated Gomez instructed her to take all the money out of her bank account and buy Walmart gift cards. The woman bought $2,675 worth of Walmart gift cards and provided Gomez with the pin number on the back of each card. Gomez told the woman the charges would be dropped and her social security number would be reactivated. Police have no suspects.

Dec 4, 2017
SCAM: 6:39 a.m., [address omitted]

A man reported he met a girl on the website Chatroulette about two years ago and began video chatting with her via Skype. The man said that on Sunday he received a message via Skype demanding $400 or the sender would disseminate explicit videos or photographs to the man’s Facebook friends. The sender requested the money be sent to the Philippines. No suspects were identified.

Dec 4, 2017
SCAM: 3:50 p.m., [address omitted]
A woman reported she had received a pop-up on her computer stating it was hacked and she needed to call 1-855-236-8222. She spoke with a man by the name of Ben Carter, who told her to write a check for $249.99, scan it and send it to him to remove the virus. The woman did so and later learned it was a scam.

Dec 1, 2017
SCAM: 2:15 p.m., [address omitted]
A woman reported she received a call from her boss informing her the Sheriff’s Office had called looking for her and to call them as soon as possible. She said she called the phone number given to her and was told she had two warrants for her arrest and she needed to go to the Sheriff's Office immediately to sign paperwork. She agreed to go to the Sheriff's Office and was told to bring a $500 gift card with her to pay a fine for which she would be reimbursed for if it turned out she did not have any warrants. She was instructed to get the card, which she did, and call them and give them the number on the card, which she also did. She was then told to go to the post office and mail the card to the USPS MCO Division, which she did, and then go to the Sheriff's Office. While at the Sheriff’s Office her husband called and informed her it was a scam.

Nov 27, 2017
SCAM: 9:46 a.m., [address omitted]
A man reported he had received a call in October from someone claiming to be Alex Williams with Apple Inc., who told him his computer was infected with a virus. The man said he agreed to pay about $3,000 in iTunes gift cards for two software packages to protect his computer. When the suspect asked for additional gift cards, the man became suspicious and called Apple and learned he had been scammed.

Nov 21, 2017
SCAM: 10:50 a.m., [address omitted]
A woman reported she had received a Facebook message from a friend telling her they had won $50,000 grants. The woman’s friend gave her a phone number and told her to call and ask for agent Paulsen Glenn. The woman said Glenn asked her to send a picture of her debit card and to buy $300 in iTunes gift cards, which she did. Her father learned what she was doing and told her it was a scam. The woman closed her bank accounts and is not out any money. Police spoke with the woman’s friend, who said she had not sent the Facebook messages. Police said her account appeared to be hacked.

Nov 21, 2017
SCAM: 12:16 p.m., [address omitted]
A woman reported she received an email on her OSU account indicating she was qualified for a job making $200 a week. The woman said she was sent a check for $2,450 and asked to send $2,100 back to the sender by Western Union. The woman sent the money and later realized the check was fraudulent.

Nov 4, 2017
SCAM: 9:43 a.m., [address omitted]
A man reported he had met a woman on the Plenty of Fish dating website and exchanging revealing photographs with her. The woman’s profile stated she was 23 years old. However, an unknown man called him stating he was the girl’s father and she was 16 years old. The “father” said he needed to pay him or he would go to police, so he put $60 on a prepaid card and gave the “father” the account and pin number. The man realized this was a scam after the “father” called again requesting more money.

Oct 19, 2017
SCAM: 12:02 p.m., [address omitted]
A woman reported her 15-year-old son had put $1,200 worth of camera equipment on Craigslist. A man named Hernandez Gago contacted them and offered to pay through PayPal if they would ship the camera equipment to New Jersey. They did so and found out the PayPal emails they were receiving were fake.

Oct 18, 2017
SCAM: 2:30 p.m., [address omitted]
A woman reported a man named Mark contacted her via phone and computer saying her bank account had been emptied. The man said he could get the money back for her if she sent him money. The woman withdrew $35,000 from her bank account and deposited it into various accounts at different banks that Mark instructed her to go to. An officer contacted Mark, but he would not answer questions and hung up the phone.

Oct 17, 2017
SCAM: 3:45 p.m., [address omitted]
A woman reported she had been contacted by a man who claimed to work for Wells Fargo and took the woman’s information. She later noticed $4,000 had been withdrawn from her account.

Oct 13, 2017
SCAM: 1:05 p.m., [address omitted]
A woman reported her husband planned to update their Garmin GPS device on the internet. However, he went onto a fake site and paid $180 to a man who pretended to be a Garmin technician. The couple verified with Garmin that they had fallen for a hoax.

Oct 11, 2017
SCAM: 3:30 p.m., [address omitted]
A woman reported she received a phone call from a man who identified himself as David New and told her she had won a 2017 Mercedes Benz. The man asked the woman to provide him credit card information to pay taxes on the car. The woman said she did not give the man any information.

Sept 27, 2017
SCAM: 3:45 p.m., [address omitted]
A woman reported she felt she was being scammed. She said she was contacted by a woman who identified herself as Kristen Anderson on Roommate Finder. After communicating for two weeks, Anderson sent the woman a check. But the check was written for $2,000 more than the agreed upon amount and Anderson asked the woman to wire back to her the extra money. Before wiring the money, the woman realized it might be a scam.

Sept 21, 2017
SCAM: 2:03 p.m., [address omitted]
A woman told police she thought her computer had been hacked after she found she had contacts she had not created. She said she was contacted by Microsoft, who told her they would resolve the issue and to buy iTunes gift cards to pay for the computer repair. The woman bought $700 worth of iTunes gift cards and provided them with the numbers. The woman told police the website "www.fastsupport.com" and the phone number 1-866-955-7984 were used during the scam. An officer called the phone number and spoke with someone but was not able to acquire tangible suspect information.

Sept 11, 2017
THEFT: 2:09 p.m., [address omitted]
A man reported he received a call from a man with an Indian accent claiming to be the federal police. The scammer told his victim that he filled out his admission paperwork to the University of Oregon incorrectly and had to either pay a fine or go to jail. The man agreed to pay the fine and was directed to purchase iTunes gift cards from Safeway and relay the relevant information over the phone. The man provided the scammer with $400 worth of iTunes gift cards. Police informed the man he had been scammed.

This was a sample taken from reported scams that have happened in Corvallis and the surrounding areas.. Again, I did not pick all of them, just a sample. There are thousands that happen in every city each year. These scams can range from an attempt to receive money from you, to stealing various account credentials, purchasing a service that doesn't exist, etc.


Yep, it was actually that long. Ridiculous, right?

These are my 12 ways to avoid scams:


1. The IRS will NEVER call you. Ever. They will send you snail mail, and that is all. If in doubt, call up your local Internal Revenue Service office (for all people in Benton County, there's one in Salem).

2. Never purchase gift-cards over the phone. Whether they say they're a lawyer, the Corvallis PD, or a "friend," they are not. Gift-cards are never a sufficient form of payment. I have, 100% of the time, see this result in scams. Also, shame on stores who don't ask someone why they're wanting to "buy $300 in iTunes gift cards". Never be guilt-tripped into purchasing them either. It is a scam.

3. Don't use Western Union/money orders to make payments. They are non-refundable. This includes if the person on the other end of the phone line will "send you a check for more than the amount and you wire-transfer the difference." This is the usual form that scammers request payment. They will send you a check, and you wire-transfer them the difference. The idea in and of itself doesn't make a whole lot of sense, but it is a popular scamming technique. Instead, ask them to wire you the money, and that you will wire back the difference. If they say "no," then you just foiled the scammer.

4. If you are "involved in an international crime in (a different country)," you are not. Verify with your local police department if you're unsure.

5. If you see a pop-up on your computer while you're browsing the internet that says you have a virus, there is a 99% chance you don't. Do not call the number on the screen. You can even call me, and I will walk you through how to get the pop-up to go away.

6. When making a purchase on either Craigslist or Facebook, first, meet a neutral site. Never meet at your residents. It's not only dangerous for you, but why would you want a stranger to know exactly where you live. Second, if you are purchasing electronics, meet at a local electronics store and have someone inspect it. I have inspected hundreds of computers when I was a hardware technician with an Apple Authorized Service Provider for people who were selling & buying machines. It's smart. Never accept checks; only cash or money order.

7. You don't win things over the phone. If you have actually won something on the phone in past, and it wasn't on the radio, that's why they do it now. That's why it's now a scam, because it's worked before, and the scammers hope it'll work again.

8. Don't exchange explicit photographs or videos over text, online chat, Skype, Snapchat, everything, even if it is a former girlfriend, boyfriend, lover. If your going to do it, do it in person. First, if it is someone you know and have met, and you put up explicit images or videos without their permission, you can be prosecuted under the "revenge porn" law, §166.065 of Oregon Revised Statutes for sexual harassment. If you don't know them, even more reason not to do it. You have no idea who's on the other end. Have you ever seen the show, Catfish?

9. Always be weary. If it sounds too good to be true, it probably is.

10. Never be pressured to "act now." If someone tells you that if you turn off your computer, the "virus will spread," they are lying to you. Don't let anyone talk you into a purchase, especially if you are speaking to them because you called a number from a pop-up.

11. Be cautious on social media. There are many fake profiles in the wild, and one of the most common is for a profile to imitate someone who is over 70-years-old. I don't know why that's their target, but it is. If you get suspicious messages from family members or from someone else in your friends list, be cautious and don't click on any links. Never, ever click a link in a suspicious message OR email.

12. Don't trust your caller ID. Nowadays, scammers will spoof their phone number to make it look as if it's in your area. For example, in Corvallis you may receive a number with an area code 541 and the prefix 753, 754, or 757. All of these are common Corvallis prefixes with the appropriate area code. You may also receive phone calls from common cell phone numbers in your area. You can answer the phone, but be very aware and weary if the phone number is unknown to you. Lastly, don't purchase anything unless you've been expecting their call, and you've done your research to make sure it's reputable.

That's my list. Twelve ways to avoid scams. Can you still be scammed? Yes, it is possible, but if you follow these rules, it will reduce your chances ten-fold. Luckily, for the most parts, banks will issue refunds if you paid via credit card, and even if you didn't, it never hurts to ask. Always ask your bank for a refund if you've fallen victim to a scam.

If you follow these and still have doubts about an email, pop-up, or phone call you received, send me an email at stuart@crashsecurity.com or call/text at 541-714-5880. I would much rather have you send me a text to check, then to purchase $500 in gift-cards. 

Best of luck and safe browsing!

Where Will Malware Hit Next

Part of the job of a malware researcher is to try and predict what will be hit next. These predictions are based on past attacks on different institutions, the discovery of malware on certain systems, 0days (a bug that gives you 'zero days' to patch it) and where they are found, and many, many more.

Since the beginning of 2017, I've been certain that sooner or later, the education system will be hit. This isn't just because it is an astronomically large institution, but it is also contains so much valuable information. Student, both current and past, have their social-security numbers, contact information, payment information (to pay tuition), current student loans, address, and the list unfortunately rolls onward.

My other estimation, which I'm already starting to see come to fruition is the attack on POS (point-of-sale) systems in restaurants. Again, massive amounts of customer information accompanied by credit or debit card information. If done properly, the malware could also grab employees ID numbers to sign in.

Most restaurants run on specific POS systems that are deigned for restaurant use. Two of the more popular ones are Clover and Aloha. If an attacker knows how these specific pieces of software work, it is extremely easy to exploit. We just recently saw that 160 Applebee's locations had discovered malware on their POS terminals. This is just another portion of our economy in which we are starting to see threats of cyber attacks.

My last, and probably most frightening expectation is the banking system. We've seen it a little already, but the banking system, while being probably the most secure sector of the economy (probably even more secure than the government), can have very many flaws. Part of it is the easability to do anything banking related anywhere. Whether you're using a TD Ameritrade application on your iPhone, transferring funds from one US Bank account to another, a simple piece of malware could grab hold of these. My biggest fear is a smaller entity, like Mint or a small stock trading company being hacked. This could be catastrophic, and could very quickly spiral out of control. 

We recently saw something similar with the hack of Equifax. If I take of my white hat and put on my black one, it is a brilliant breach. Between May and July, the attack was carried out on the Equifax servers through an "unnamed U.S. website application vulnerability." It took until September for it to be publicly announced, which I think, in a somewhat conspiratorial way, was 100% intentional. August would've been a great time to sell those shares in Equifax, as the day after the announcement, their shares plummetted 13.7%.

UPDATE: Full disclosure, I started this blog two weeks ago. It started with simply the idea that I wanted to write about where I thought malware was headed. Over the ensuing few days, I wrote down a few ideas. Those ideas included what you read above. However, today, I saw two news articles. One article referencing a POS system attack[1] and another speaking about how I assumed that August would've been a great time to sell stocks. Again, today, a news article of the Equifax CIO getting indicted for insider trading[2]. With that, i will change my focus on the rest of this article, as it seems like I didn't post this article fast enough. It's still interesting enough to leave in here.

UPDATE 2: Let me start this by saying this blog has now been started for three weeks, but writing finals has kept me from finishing it, and boy am I regretting it now. At the top of this article, you read that I have expected the education system to get hit sooner or later. This morning, I got an email from my college, and guess what...they got hit by ransomware at midnight last night. I couldn't believe it. See the photos below that show the emails I received. The photo on the left is the initial email, the picture on the right is a followup. As you can see "Macs were not effected."

IMG_5614.jpg
IMG_5615.png

It's A Wonderful Life (1946)

It's A Wonderful Life (1946)

Since I'm apparently in the right vein when it comes to predicting the future, and I swear to God that I actually wrote this before those stories, "I wish I had a million dollars. *flips cigar lighter* Hot dog!"

But I digress. Now I have to think what is next. Well, first, these aforementioned attacks are not going to end here. This is going to continue to be a larger and larger issue. This ransomware attack against the local university is the first one that's reached my ears, but I know it will not be the last. The education system is a prime entity for hackers to attack. The amount of information in the university system is unparalleled except by maybe the stock market, which is another place I think will be attacked. I read a book in Nelson DeMille's John Corey series, a fiction series, where the antagonist says that there isn't a point to physically attack Wall Street because they will do more damage themselves than an physical attack would. However, with the amount of information, both personal and banking, hovering around Wall Street, I could easily see Wall Street being subject to a future attack.

That being said, I better post this before an attack on Wall Street happens, and I have to do another update to this post.

Take care!

Stuart


1. New Pos Malware Pinkkite Takes Flight, Tom Spring - https://threatpost.com/new-pos-malware-pinkkite-takes-flight/130428/

2.  Senior Ex-equifax Executive Charged with Insider Trading, Dan Goodin - Mar 14, 2018 6:50 pm UTC - https://arstechnica.com/information-technology/2018/03/senior-equifax-executive-charged-with-insider-trading/

The Scam of A-Tech Network

Have you ever seen a pop-up with a phone number saying you have a "virus?" So have we. Take a dive with us into a company called A-Tech Network, and how they will attempt to scam you out of all of your money.

Read More