Miscreants Scamming Users into Buying Antivirus Software – Disposable mail news


Some independent security software affiliates are scamming people by sending emails with the false message that their antivirus is expiring and renew their license, whereby if the user does so, they can earn a commission.

A software affiliate program is a marketing technique in which the affiliate recommends the software to customers or visitors and earns a commission on each purchase. Now, these programs have strict rules and guidelines to protect their software and customers from false advertising and being tricked into buying.

BleepingComputer discovered this scam last week when two of their seniors reported it. The mails tell the users that their Norton and McAfee antivirus software is expiring, the very day and to renew their license.

The scam starts with emails containing a subject similar to “WARNING: Anti-Virus Can Expire ” Sun, 26 Apr 2020″, which includes a link stating, “Your Protection Can Expire TODAY!”, writes BleepingComputer in their blog.

If the link in the mail is clicked, it takes the user DigitalRiver affiliate network, and after dropping a tracking cookie, redirects the user to the purchase page of Norton or McAfee antivirus. If it goes smoothly and the user purchased the software, the affiliate party would get a $10 commission or 20% of the total sale. For this particular scam, they earned around $10 per transaction.


How to protect yourself from these scams 

Most antivirus usually notifies their customers of the expiry date via a notification from the software. If that’s the case, you can rest assure that it is legitimate and go ahead with the renewal.
But unfortunately, some companies email their users to remind the customer about the expiring article. A simple way to check their authenticity is to look for the name of your antivirus.

Since these rogue fake mails are sent in bulk they probably don’t know which software you’re using.
The next step is to open your antivirus software and check when the software is expiring. Even if it is expiring, it’s better to renew it from their website then to rely on these links from the mail.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Tor Browser Bug Executes Uncalled for JavaScript Codes! – Disposable mail news

The well-known Tor is allegedly experiencing some kind of bug in its mechanism. It has hence warned the users to stay vigilant as regards to the “Tor Browser Bug”, which runs JavaScript codes on various unexpected sites.

Tor (originally Team Onion Router) is a free and open-source software which chiefly works on allowing anonymous communication to users.

Reportedly, the team has been working on a solution and would roll it out as soon as it is done, but there isn’t a particular time to expect it.

One of the most critical features for the security of the Tor Browser Bundle (TBB) happens to be the ability to block the code execution of the JavaScript, mention sources.

TBB is a browser that has a set of superior privacy features majorly for concealing real IP addresses to maintain the anonymity of online users and their devices’ locations.

Owing to these features, the browser has become a go-to for the working people, especially the journalists, citizens of repressive countries and people with political agendas because after all, it is a great instrument to dodge online censorship and firewalls.

People who are against the anonymity of the users and just can’t let things be, have in the past tried several times to expose Tor Browser users’ actual IP addresses via exploits that functioned on JavaScript code.

Sources cite that while few attempts of the better nature have been successfully employed to track down criminals, others were pretty strangely executed.

And then recently, a bug was discovered in the much appreciated TBB’s security mechanism. When the browser was set to allow the use of the most supreme security level and still permitted the execution of the JavaScript code when instead it should have barred it.

It is a relief that the team of Tor is well aware of the bug and is, with dedication working towards developing a patch for it. Per sources, they also mentioned that if a user requires to “Block JavaScript” they could always disable it entirely.

As per reports, the procedure for doing the above-mentioned is to open the “about config” and search for “javascript.enabled”. If here the “Value” column mentions “false” it means that the JavaScript is disabled and if it mentions “true” then right-click to select “Toggle” or double click on the row to disable it.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Cybersecurity Research During the Coronavirus Outbreak and After – 10 minute mail

Virus outbreaks are always gruesome: people, animals or computer systems get infected within a short time. Of course, viruses spreading across our physical world always take priority over the virtual world. Nevertheless, everyone should keep doing their job, which includes all kinds of malware researchers, digital forensics experts and incident responders. At times like this, we all realize how important it is to be able to work remotely. However, the duties of a security researcher or a digital forensics expert pushes them to travel, visit victims or collect digital evidence in an ongoing hunt for malware artefacts. What can we do to reduce the need for travel? Of course, keep looking for replacement of our physical routines with remote ones.

It is about two and half years since we first open-sourced a tool for remote digital forensics called Bitscout. Born while I was with Digital Forensics Lab at INTERPOL, the tool has evolved and helped us in many cyberinvestigations. Based on the widely popular Ubuntu Linux distribution, it is packed with forensics and malware analysis tools created by a large number of excellent developers around the world.

What can it do? Well, we have tried to identify what it is that it *cannot* do and other expensive commercial tools used in digital forensics can. We have not really been able to find anything! Moreover, we have built so many new interesting techniques that are not available in commercial tools that it has every chance to replace commercial solutions in your organization if it gets into the right hands.

Let me just remind you about the approach we use in Bitscout:

  1. Bitscout is completely FREE, which helps reducing your forensics budget! Yay!
  2. It is designed to be remote, which also saves your time and money spent for travelling. And of course you can use the same techniques locally! To be frank, in light of the powers of all those forensic tools that are part of the toolkit, Bitscout itself is the least important element: the true value is in the knowledge of the underlying tools that you get access to by using Bitscout, not the product they ship with.
  3. Mastering Bitscout follows a steep curve, which, in the end, reinforces your experts’ technical foundations.
  4. Bitscout records remote forensics sessions internally, which makes it perfect for replaying and learning from more experienced users or using as evidential proof of discovery.
  5. It is fully open source, so you need not wait for the vendor to implement a patch or feature for you: you are free to reverse-engineer and modify any part of it.

Today, I am happy to announce that we are releasing a new version of Bitscout, based on the upcoming release of Ubuntu 20.04, scheduled for April 2020.

So, what is new in Bitscout 20.04 other than extended hardware support leveraging new OS and updated forensics tools from Canonical Ltd official repositories?

First of all, we have launched a project website at bitscout-forensics.info.

The website should become the go-to destination for those looking for tips and tricks on remote forensics using Bitscout and whatnot. In reality, Bitscout had been our internal tool for a long time and had been used only by a limited number of highly skilled researchers, who knew exactly how to use it. Yes, like many researchers, we lacked proper documentation and manuals which we will address with our new website. We have already linked several presentation videos and slides with live demos seen by security conferences and meetups. It is true that some of those commands we used in our demos are crazy long one-liners. So, to make it easy for you to copy them and try them out, we have started recording terminal sessions in ASCII video casts. Kudos to the awesome folks at asciinema.org! This way, should you want to try some of our black magic recipes, you can copy and paste them from a browser or a terminal into your own session.

Second, to address a popular request, we have released demo versions of three flavors of pre-built Bitscout images: minimal, balanced and full. This way, newcomers can easily try Bitscout without going through the whole build process. The download URLs for the ISO image files are available on the project website. However, please note they must not be used in a production environment.

Third, our little community of contributors keeps growing. I am happy to highlight some of the features contributed by others. Kudos to Xavier Mertens aka @xme!

  1. The following new tools from the security community are now part of Bitscout (full build) by default:
    • RegRipper,
    • Bulk Extractor,
    • Loki.

    It is great to have modern scanners such as Loki with an updated rich collection of Yara rules that comes with it.

  2. Optional logging of bash commands to a remote syslog server. This is particularly useful for environments where a Bitscout instance may be unexpectedly powered off or disconnected for a long time due to a network failure. It is also a great way to remember which commands you have run to find the clues.

And, if it feels hard for you to start using Bitscout, then join our training session on April 5-6 in the beautiful city of Barcelona, Spain. We will be demonstrating how to build your own Bitscout and customize it with your own tools, and of course walking you through the standard forensics procedure. Some of our advanced tasks include hypervisor debugging to overcome just about any type of proprietary full disk encryption. Our exercises will focus on the most popular platforms, covering Windows, Linux and macOS forensics challenges, along with some real malware. Stay safe and we hope to see some of you in Barcelona! Join us there!


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Cybersecurity Research During the Coronavirus Outbreak and After – 10 minute mail

Virus outbreaks are always gruesome: people, animals or computer systems get infected within a short time. Of course, viruses spreading across our physical world always take priority over the virtual world. Nevertheless, everyone should keep doing their job, which includes all kinds of malware researchers, digital forensics experts and incident responders. At times like this, we all realize how important it is to be able to work remotely. However, the duties of a security researcher or a digital forensics expert pushes them to travel, visit victims or collect digital evidence in an ongoing hunt for malware artefacts. What can we do to reduce the need for travel? Of course, keep looking for replacement of our physical routines with remote ones.

It is about two and half years since we first open-sourced a tool for remote digital forensics called Bitscout. Born while I was with Digital Forensics Lab at INTERPOL, the tool has evolved and helped us in many cyberinvestigations. Based on the widely popular Ubuntu Linux distribution, it is packed with forensics and malware analysis tools created by a large number of excellent developers around the world.

What can it do? Well, we have tried to identify what it is that it *cannot* do and other expensive commercial tools used in digital forensics can. We have not really been able to find anything! Moreover, we have built so many new interesting techniques that are not available in commercial tools that it has every chance to replace commercial solutions in your organization if it gets into the right hands.

Let me just remind you about the approach we use in Bitscout:

  1. Bitscout is completely FREE, which helps reducing your forensics budget! Yay!
  2. It is designed to be remote, which also saves your time and money spent for travelling. And of course you can use the same techniques locally! To be frank, in light of the powers of all those forensic tools that are part of the toolkit, Bitscout itself is the least important element: the true value is in the knowledge of the underlying tools that you get access to by using Bitscout, not the product they ship with.
  3. Mastering Bitscout follows a steep curve, which, in the end, reinforces your experts’ technical foundations.
  4. Bitscout records remote forensics sessions internally, which makes it perfect for replaying and learning from more experienced users or using as evidential proof of discovery.
  5. It is fully open source, so you need not wait for the vendor to implement a patch or feature for you: you are free to reverse-engineer and modify any part of it.

Today, I am happy to announce that we are releasing a new version of Bitscout, based on the upcoming release of Ubuntu 20.04, scheduled for April 2020.

So, what is new in Bitscout 20.04 other than extended hardware support leveraging new OS and updated forensics tools from Canonical Ltd official repositories?

First of all, we have launched a project website at bitscout-forensics.info.

The website should become the go-to destination for those looking for tips and tricks on remote forensics using Bitscout and whatnot. In reality, Bitscout had been our internal tool for a long time and had been used only by a limited number of highly skilled researchers, who knew exactly how to use it. Yes, like many researchers, we lacked proper documentation and manuals which we will address with our new website. We have already linked several presentation videos and slides with live demos seen by security conferences and meetups. It is true that some of those commands we used in our demos are crazy long one-liners. So, to make it easy for you to copy them and try them out, we have started recording terminal sessions in ASCII video casts. Kudos to the awesome folks at asciinema.org! This way, should you want to try some of our black magic recipes, you can copy and paste them from a browser or a terminal into your own session.

Second, to address a popular request, we have released demo versions of three flavors of pre-built Bitscout images: minimal, balanced and full. This way, newcomers can easily try Bitscout without going through the whole build process. The download URLs for the ISO image files are available on the project website. However, please note they must not be used in a production environment.

Third, our little community of contributors keeps growing. I am happy to highlight some of the features contributed by others. Kudos to Xavier Mertens aka @xme!

  1. The following new tools from the security community are now part of Bitscout (full build) by default:
    • RegRipper,
    • Bulk Extractor,
    • Loki.

    It is great to have modern scanners such as Loki with an updated rich collection of Yara rules that comes with it.

  2. Optional logging of bash commands to a remote syslog server. This is particularly useful for environments where a Bitscout instance may be unexpectedly powered off or disconnected for a long time due to a network failure. It is also a great way to remember which commands you have run to find the clues.

And, if it feels hard for you to start using Bitscout, then join our training session on April 5-6 in the beautiful city of Barcelona, Spain. We will be demonstrating how to build your own Bitscout and customize it with your own tools, and of course walking you through the standard forensics procedure. Some of our advanced tasks include hypervisor debugging to overcome just about any type of proprietary full disk encryption. Our exercises will focus on the most popular platforms, covering Windows, Linux and macOS forensics challenges, along with some real malware. Stay safe and we hope to see some of you in Barcelona! Join us there!


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Researchers And Army Join Hands to Protect the Military’s AI Systems – Disposable mail news

As an initiative to provide protection to the military’s artificial intelligence systems from cyber-attacks, researchers from Delhi University and the Army have joined hands, as per a recent Army news release. 

As the Army increasingly utilizes AI frameworks to identify dangers, the Army Research Office is investing in more security. This move was a very calculated one in fact as it drew reference from the NYU supported CSAW HackML competition in 2019 where one of the many major goals was to develop such a software that would prevent cyber attackers from hacking into the facial and object recognition software the military uses to further train its AI.

MaryAnne Fields, program manager for the ARO’s intelligent systems, said in a statement, “Object recognition is a key component of future intelligent systems, and the Army must safeguard these systems from cyber-attack. This work will lay the foundations for recognizing and mitigating backdoor attacks in which the data used to train the object recognition system is subtly altered to give incorrect answers.”

This image demonstrates how an object, like the hat in this series of photos, can be used by a hacker to corrupt data training an AI system in facial and object recognition.

The news release clearly laid accentuation on a very few important facts like, “The hackers could create a trigger, like a hat or flower, to corrupt images being used to train the AI system and the system would then learn incorrect labels and create models that make the wrong predictions of what an image contains.” 


The winners of the HackML competition, Duke University researchers Yukan Yang and Ximing Qiao, created a program that can ‘flag and discover potential triggers’. And later added in a news release, “To identify a backdoor trigger, you must essentially find out three unknown variables: which class the trigger was injected into, where the attacker placed the trigger and what the trigger looks like,” 

And now the Army will only require a program that can ‘neutralize the trigger’, however, Qiao said it ought to be “simple:” they’ll just need to retrain the AI model to ignore it. 

And lastly, the software’s advancement is said to have been financed by a Short-Term Innovative Research that grants researchers up to $60,000 for their nine months of work.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

How we developed our simple Harbour decompiler – 10 minute mail

https://github.com/KasperskyLab/hb_dec

Every once in a while we get a request that leaves us scratching our heads. With these types of requests, existing tools are usually not enough and we have to create our own custom tooling to solve the “problem”. One such request dropped onto our desk at the beginning of 2018, when one of our customers – a financial institution – asked us to analyze a sample. This in itself is nothing unusual – we receive requests like that all the time. But what was unusual about this particular request was that the sample was written in ‘Harbour’. For those of you who don’t know what Harbour is (just like us), you can take a look here, or carry on reading.

Harbour is a programming language originally designed by Antonio Linares that saw its first release in 1999. It’s based on the old Clipper system and is primarily used for the creation of database programs.

Understanding Harbour’s internals

Let us take a “Hello, world” example from the Harbour repository tests – hello.prg.

Figure 1: Harbour version of “Hello, world!”

It prints the “Hello, world!” message to the terminal. For that, you need to build a Harbour binary to execute the code (there are also other ways to run it without building a binary, but we chose this path because the received sample was an executable).

Compiling is as simple as calling:

hbmk2.exe hello.prg

This command will generate C code and compile the C code into the final executable. The generated C code for hello.prg can be found in Figure 2.

Figure 2: Generated C code for hello.prg

You can see that the MAIN function starts the Harbour virtual machine (HVM) function hb_vmExecute with two parameters: the pcode, precompiled Harbour code; and the symbols, which are defined by a different macro above the MAIN function. As you can imagine, the pcode (portable code) contains the instructions that are interpreted by the HVM. You can find the official explanation of the pcode in the link below.

https://github.com/harbour/core/blob/master/doc/pcode.txt

After the C program has been compiled (by MINGW in our case), we find almost the same structures inside it: symbol table and pcode (Figure 3 and Figure 4 respectively).

Figure 3: Harbour symbols table of hello.exe

Figure 3: Harbour symbols table of hello.exe

Figure 4: Harbour pcode of hello.exe

Figure 4: Harbour pcode of hello.exe

Decompilation

Back to our sample. We now know that we need to find the pcodes and symbols in the executable and see which opcodes belong to which instruction. If we do this, we can get a fair grasp of how the program works. As you can probably guess, there were no readily available tools to do this. So, we wrote our own.

The aim of our decompiler is to make the bytecode readable by a human. We chose to mix the resulting pseudocode in assembler with C (it’s still hard to read in some places, but was fine for our purposes).

Figure 5 – The decompiled output of the hello.prg program

Figure 5 also shows that Harbour is a stack-based compiler. The first push argument is the function name, after which the variables are pushed, followed by the call 1 command, where 1 is the number of function parameters to be popped. The above lines can thus be interpreted in C pseudocode as:

We hope this decompiler makes analyzing samples written in Harbour a little bit easier for others as well.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.