Jump to content

Search the Community

Showing results for tags 'ads'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 60 results

  1. Apps have been downloaded over 50 million times. Google has failed to removed them, even if they blatantly break their own license. A security researcher with antivirus maker ESET has discovered a collection of 19 Android apps that pose as GPS applications but which don't do anything but show ads on top of the legitimate Google Maps service. "They attract potential users with fake screenshots stolen from legitimate Navigation apps," said Lukas Stefanko, the ESET researcher who found them, who pointed out the 19 apps have been downloaded more than 50 million times. The apps "pretend to be full featured navigation apps, but all they can do is to create useless layer between User and Google Maps app," the researcher said. Stefanko says that the apps don't have any actual "navigation technology" and they only "misuse Google Maps." "Once user clicks on Drive, Navigate, Route, My Location or other option, Google Maps app is opened," Stefanko said. Furthermore, one of the apps, named "Maps & GPS Navigation: Find your route easily!," even has the gall to request payment to remove ads, which it's showing on top of an already freely available service like Google Maps. The apps' names and links, as provided by Stefanko to ZDNet, are: GPS Maps, Route Finder - Navigation, Directions GPS, Maps & Navigation GPS Route Finder - GPS, Maps, Navigation & Traffic GPS, Maps, Navigations - Area Calculator GPS , Maps, Navigations & Directions Maps GPS Navigation Route Directions Location Live Live Earth Map 2019 - Satellite View, Street View Live Earth Map & Satellite View, GPS Tracking Traffic Updates: GPS & Navigation Free-GPS, Maps, Navigation, Directions and Traffic Voice GPS Driving Directions, Gps Navigation, Maps GPS Live Street Map and Travel Navigation GPS Street View, Navigation & Direction Maps GPS Satellite Maps Free GPS, Maps, Navigation & Directions Maps & GPS Navigation: Find your route easily! Voice GPS Navigation Maps Driving GPS Navigation & Tracker GPS Voice Navigation Maps, Speedometer & Compass Stefanko said he reported all apps to Google's Play Store staff more than a month ago. While the apps aren't malicious, you'd think Google would be interested in removint these apps, as all break Google's own Maps Platform licensing terms, which according to paragraph 3.2.4 (c), prohibits third-parties from using the Maps platform to power a similar service. ZDNet has sent a request for comment to Google regarding the issue raised by Stefanko today and will update when we receive a response. The researcher also shared a video of one of the apps in action, wrapping original Google Maps functionality and pestering the user with ads. Source
  2. Instagram just got caught selling advertisements to the same follower-buying companies it claimed to have banned back in November. Back in November, Instagram claimed it banned all accounts that were obtained by third-party apps. These apps allow people to purchase followers and likes from fake accounts and bots. An investigation by TechCrunch found that despite Instagram’s claims, the app was still allowing these companies to place ads. TechCrunch reached out to Instagram to find out why they were still selling these ads. Instagram claimed that they removed the ads and that the accounts are still banned. However, they still saw ads for companies that promote buying followers even after their conversation. In November, Instagram said they were using AI technology to detect and erase “fake” accounts that follow, like and comment on people’s posts for a fee. Instagram responded to the findings of the investigation with a statement. “Nobody likes receiving spammy follows, likes and comments. It’s really important to us that the interactions people have on Instagram are genuine, and we’re working hard to keep the community free from spammy behavior.” “Services that offer to boost an account’s popularity via inauthentic likes, comments and followers, as well as ads that promote these services, aren’t allowed on Instagram. We’ve taken action on the services raised in this article, including removing violating ads, disabling Pages and accounts, and stopping Pages from placing further ads.” “We have various systems in place that help us catch and remove these types of ads before anyone sees them, but given the number of ads uploaded to our platform every day, there are times when some still manage to slip through. We know we have more to do in this area and we’re committed to improving.” Source
  3. Having established itself as a top streaming service with now more than 200 million users, Spotify this year is preparing to focus more of its attention on podcasts. The company plans bring its personalization technology to podcasts in order to make better recommendations, update its app’s interface so people can access podcasts more easily and broker more exclusives with podcast creators. It’s also getting into the business of selling ads within podcasts as a means of generating revenue from this increasingly popular form of audio programming. In fact, Spotify has already begun to dabble in podcast ad sales, ahead of this larger push. Spotify, we’ve learned, has been selling its own advertisements in its original podcasts since mid-2018 year, including in programs like Spotify Original “Amy Schumer Presents: 3 Girls, 1 Keith,” “The Joe Budden Podcast,” “Dissect,” “Showstopper” and others. With more exclusives planned for the year ahead, the portion of Spotify’s ad business focused on podcasts will also grow. The company appears to be taking a different approach to working with podcasters than it does with working with music artists. Today, Spotify gives artists tools that help share their work and be discovered — it invested in distribution platform DistroKid, for example, and now lets artists submit tracks for playlist consideration. With podcasters, however, Spotify wants to either bring their voices in-house, or at least exclusively license their content. “Over the last year, we become very focused on building out a great podcast universe,” said head of Spotify Studios Courtney Holt, speaking at the Consumer Electronics Show (CES) in Las Vegas this week. “The first step was to make sure that we’ve got the world’s best podcasts on Spotify, and integrated the experience into the service in a way that allowed people to build habits and behavior there,” he said. “What we started to see is that the types of podcasts that really were working on Spotify were ones where they were really authentic voices… so we just decided to invest more in those types of voices,” Holt added. Spotify’s collection of originals has been steadily growing over the past year. Last August, for example, Spotify nabbed an exclusive deal with the “Joe Budden” podcast, which is aimed at hip-hop and rap culture fans, and launched its first branded podcast, “Ebb & Flow,” focused on hip-hop and R&B. Its full original lineup today also includes “Dissect,” Amy Schumer’s “3 Girls, 1 Keith,” “Mogul,” “The Rewind with Guy Raz,” “Showstopper,” “Unpacked,” “Crimetown” (its first season was wide, the second season is exclusive to Spotify), “UnderCover” and “El Chapo: El Jefe y su Juicio.” At CES, Spotify announced the addition of one more — journalist Jemele Hill is coming to Spotify with an exclusive podcast called “Unbothered,” which will feature high-profile guests in sports, music, politics, culture and more. In growing its collection of originals, the company found that podcasters who joined Spotify exclusively were actually able to grow their audience, despite leaving other distribution platforms. For example, the Joe Budden podcast had its highest streaming day ever after joining Spotify. This has led Spotify to believe that influencers in the podcast community will be able to bring their community with them when they become a Spotify exclusive, and then further grow their listener base by tapping into Spotify’s larger music user base and, soon, an improved recommendation system. There are other perks for Spotify, too — when users come to Spotify and begin to listen to podcasts, they often then spend more time engaged with the app, it found. “People who consume podcasts on Spotify are consuming more of Spotify — including music,” said Holt. “So we found that in increasing our [podcast] catalog and spending more time to make the user experience better, it wasn’t taking away from music, it was enhancing the overall time spent on the platform,” he noted. While chasing exclusive deals to bring more original podcasts to Spotify will be a big initiative this year, Spotify will continue to offer its recently launched podcasts submission feature to everyone else. With this sort of basic infrastructure in place, Spotify now wants to help users discover new podcasts and improve the listening experience. One aspect of this will involve pointing listeners to other podcast content they may like. For instance, Spotify could point Joe Budden fans to other podcasts about hip-hop and rap. It will also leverage its multi-year partnership with Samsung to allow listeners to pick up where they left off in an episode as they move between different devices. And it will turn its personalization and recommendation technology to podcasts — including the ads in the podcasts themselves. “Think about what we’ve done around music — the more understanding you have around the music you stream, the more we can personalize the ad experience. Now we can take that to podcasts,” said Brian Benedik, VP and Global Head of Advertising Sales at Spotify, when asked about the potential for Spotify selling ads in podcasts. The company has been testing the waters with its own podcast ad sales since mid 2018, Benedik said. The sales are handled in-house by Spotify’s ad sales team for the time being. Benedik had also appeared on a panel this week at CES, where he talked about the value of contextual advertising — meaning, ads that can be personalized to the user based on factors like mood, behavior and moments. This data could be appealing to podcast advertisers, as well. But to scale its efforts around podcast ads, Spotify will need to invest in digital ad insertion technology. We’re hearing that Spotify is currently deciding whether that’s something it wants to build in-house or acquire outright. Spotify’s rival Pandora went the latter route. It closed on the acquisition of adtech company Adswizz in May 2018, then introduced capabilities for shorter, more personalized ads in August. By November, Pandora announced it was bringing its Genome technology to podcasts, which allowed for a recommendation system. Now Spotify aims to catch up. The addition of podcasts has reoriented Spotify’s focus as a company, Holt said. “We’re an audio company. We’re trying to be the world’s best audio service,” he told the audience at CES. “It’s a pure play for us. We’re seeing increased engagement; there’s great commercial opportunities from podcasting that we’ve never seen on the platform… and, obviously, exclusives are to give us something that makes the platform truly unique — to have people come to Spotify for something you can’t get anywhere else is the sort of cherry on top of that entire strategy,” Holt said. Source
  4. Google has announced that starting in December 2018, Chrome 71 will remove all ads on sites that have repeatedly performed abusive behavior. With Chrome 71, Google is stepping up its fight against the internet’s abusive ads problem by blocking every ad on a site that persistently shows them. Abusive ads come in many forms, but broadly speaking cause your browser to misbehave by either generating fake system messages, automatically redirecting you, or attempt to steal personal information. This isn’t the first time that Google has tried to use Chrome to address the problem. Back in July, Chrome 68 would prevent sites from opening new tabs or windows if they were reported for serving abusive experiences. Chrome 71, scheduled for release in December, will give site owners a 30 day grace period to clean up their site after an abusive experience is reported. Failure to remove the abusive ads will cause Chrome to block every ad on the site — regardless of whether they are classed as abusive or not. Although users will have the option of turning this filtering off, the majority are likely to leave their settings at their default values, effectively withholding a huge portion of a flagged site’s revenue. It’s a big incentive for sites to prevent this bad behavior, even if it’s an uncomfortable reminder of how much power Google now holds over the internet. Source
  5. (Reuters Health) - Those cute little apps your child plays with are most likely flooded with ads - some of which are totally age-inappropriate, researchers have found. A stunning 95 percent of commonly downloaded apps that are marketed to or played by children age five and under contain at least one type of advertising, according to a new report in the Journal of Developmental & Behavioral Pediatrics. And that goes for the apps labeled as educational, too, researchers say. Often the ads are intrusive, spread across in a banner or even interrupting play, said study coauthor Dr. Jenny Radesky, an assistant professor of pediatrics at the University of Michigan and the University of Michigan C. S. Mott Children’s Hospital. Perhaps the most insidious ads are the ones you need to click a little “x” to get rid of, Radesky said. “The little ‘x’ doesn’t show up for about 20 seconds,” she explained. “If you’re a 2- or 3-year-old you might think the ad is a part of the game. And you don’t know what to do. You might click on the ad and that could take you to the app store. Many of these ads require you to do things before the ‘x’ will appear.” Some ads are for products that aren’t appropriate for kids, Radesky said. “I’ve seen banner ads for bipolar treatment in some of these apps,” she added. One app geared to young children had a popup that linked to a political game showing “a cartoon version of Trump trying not to push the red button that will send nukes,” Radesky said. “My son asked, ‘what is he talking about, is he going to blow up the world?’” One big problem with ads in apps aimed at very young children is the kids often can’t tell where the game leaves off and the ad begins. “There’s science to show that children aged 8 and younger can’t distinguish between media content and advertising,” Radesky said. Radesky originally was working on a study to explore how parents use their mobile devices. After noticing the kid-oriented apps on the parents’ phones, she and her colleagues decided this was a topic that should be looked at. The researchers scrutinized 135 of the most downloaded free and paid apps in the “age five and under” category in the Google Play app store. Among them were free apps with 5 to 10 million downloads and paid apps with 50,000 to 100,000 downloads. Of the 135 apps, 129, or 95 percent, contained at least one type of advertising, which included use of popular cartoon characters to sell products, teasers suggesting the purchase of the “full” version of the app, and advertising videos that interrupted play to promote in-app purchases or purchases of other products. “What we found,” Radesky said, “was lots and lots of advertising.” The new findings “are frightening,” said Dr. Albert Wu, an internist and professor of health policy & management at the Johns Hopkins Bloomberg School of Public Health. “This strikes me as a Trojan horse for tots. Even being charitable to all these companies, I think these apps are deceptive at best and unethical at worst.” Wu was especially disappointed to find “this even applies to apps labeled as educational. It’s giving ‘educational’ a bad name. And it really does beg for a bigger role for the government in regulation even if there are some voices out there calling for less government. I think it would be important for the FTC (Federal Trade Commission) to step in.” The idea that there is so much advertising in the apps, “is giving me even more reason to want to restrict screen use in my own children,” Wu said. The new findings have prompted advocates to file a complaint with the FTC. The Campaign for a Commercial Free Childhood, along with other child advocacy groups, plans to file the complaint in conjunction with the release of the study results. Source
  6. manu

    Adblocker scripts

    AdsBypasser Script Summary: This user script helps you skip ads' count-down or continue page and block pop-up windows changelog: https://github.com/adsbypasser/adsbypasser/blob/master/CHANGELOG.md Lite edition removes image-hosting site support from Full edition. If you prefer to use other userscripts to deal with image-hosting sites, you can use the Lite edition. Configure settings Nano ADblocker Just another adblocker Nano Adblocker is based on uBlock Origin. Please open an issue if there is something you want us to know. Note: If you see different version available to different browsers then chances are the new release is stuck in review queue again. Get it for Chrome Get it for Firefox (Dev) Get it for Edge Get Nano Defender, the perfect companion extension for Nano Adblocker -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Nano Defender (a.k.a. uBlock Protector) An anti-adblock defuser for Nano Adblocker and uBlock Origin Nano Defender can only protect either Nano Adblocker or uBlock Origin, and will prioritize Nano Adblocker. Note: On Microsoft Edge, Nano Defender only works with Nano Adblocker, due to the low quality of Edge port of uBlock Origin. On Safari, Nano Defender does not work at all. TO install follow instructions given at homepage https://jspenguin2017.github.io/uBlockProtector/
  7. Add “a phone number I never gave Facebook for targeted advertising” to the list of deceptive and invasive ways Facebook makes money off your personal information. Contrary to user expectations and Facebook representatives’ own previous statements, the company has been using contact information that users explicitly provided for security purposes—or that users never provided at all—for targeted advertising. A group of academic researchers from Northeastern University and Princeton University, along with Gizmodo reporters, have used real-world tests to demonstrate how Facebook’s latest deceptive practice works. They found that Facebook harvests user phone numbers for targeted advertising in two disturbing ways: two-factor authentication (2FA) phone numbers, and “shadow” contact information. Two-Factor Authentication Is Not The Problem First, when a user gives Facebook their number for security purposes—to set up 2FA, or to receive alerts about new logins to their account—that phone number can become fair game for advertisers within weeks. (This is not the first time Facebook has misused 2FA phone numbers.) But the important message for users is: this is not a reason to turn off or avoid 2FA. The problem is not with two-factor authentication. It’s not even a problem with the inherent weaknesses of SMS-based 2FA in particular. Instead, this is a problem with how Facebook has handled users’ information and violated their reasonable security and privacy expectations. There are many types of 2FA. SMS-based 2FA requires a phone number, so you can receive a text with a “second factor” code when you log in. Other types of 2FA—like authenticator apps and hardware tokens—do not require a phone number to work. However, until just four months ago, Facebook required users to enter a phone number to turn on any type of 2FA, even though it offers its authenticator as a more secure alternative. Other companies—Google notable among them—also still follow that outdated practice. Even with the welcome move to no longer require phone numbers for 2FA, Facebook still has work to do here. This finding has not only validated users who are suspicious of Facebook's repeated claims that we have “complete control” over our own information, but has also seriously damaged users’ trust in a foundational security practice. Until Facebook and other companies do better, users who need privacy and security most—especially those for whom using an authenticator app or hardware key is not feasible—will be forced into a corner. Shadow Contact Information Second, Facebook is also grabbing your contact information from your friends. Kash Hill of Gizmodo provides an example: ...if User A, whom we’ll call Anna, shares her contacts with Facebook, including a previously unknown phone number for User B, whom we’ll call Ben, advertisers will be able to target Ben with an ad using that phone number, which I call “shadow contact information,” about a month later. This means that, even if you never directly handed a particular phone number over to Facebook, advertisers may nevertheless be able to associate it with your account based on your friends’ phone books. Even worse, none of this is accessible or transparent to users. You can’t find such “shadow” contact information in the “contact and basic info” section of your profile; users in Europe can’t even get their hands on it despite explicit requirements under the GDPR that a company give users a “right to know” what information it has on them. As Facebook attempts to salvage its reputation among users in the wake of the Cambridge Analytica scandal, it needs to put its money where its mouth is. Wiping 2FA numbers and “shadow” contact data from non-essential use would be a good start. Source: EFF
  8. Yahoo Mail and AOL Mail, which both fly under the Oath banner, a Verizon owned company, scan emails that arrive in user inboxes to improve advertisement targeting. An article published by The Wall Street Journal (sorry, no link as it is paywalled), suggests that Oath's email scanning may go beyond what users of the service may deem acceptable. According to the article, Yahoo is scanning commercial emails of all free users who did not opt-out of personalized advertisement to improve targeted advertising. Yahoo creates profiles of users by assigning them to certain groups or categories. A user who receives receipts for online purchases may be put into different categories based on the purchases, frequent traveler for example for users who get emails about several plane tickets in a period of time. Yahoo Mail users who get brokerage emails, e.g. trade confirmations, may be assigned to the investors group. While the exact classification and profiling system is unknown, it is clear that it uses information found in emails to profile users. The system places a cookie on users systems that identifies the interest groups the Yahoo user is associated with. Companies and advertisers may use the data to serve personalized advertisement to users and the paper suggests that Oath may also use receipts in the Yahoo Mail inbox as proof to advertisers that a particular campaign worked. Yahoo confirmed to The Wall Street Journal that it scans commercial emails only, and that the algorithms the company uses strip out personal information to make sure that those are not leaked in any way. The company claimed that the majority of emails that arrive in user inboxes are commercial in nature, and that the system is adjusted when the need arises to avoid wrong classifications and other issues. Yahoo customers have some options to deal with the email scanning: Close the account. Opt-out of interested-based ads and hope for the best. Closing an email account is problematic for a number of reasons. Users have to find another email provider, may want to back up all emails they received over the years, and may even want to keep the account open for a period to make sure no mail is lost. Closing the account may require that users change email addresses on websites, for instance those that they signed up for using the email address. One good option to back up all emails is the free MailStore Home software for Windows. It is capable of backing up all emails on the local system. You can read my review of MailStore Home here. The desktop email client Thunderbird is another option. Tip: Find out how to delete your entire Yahoo account. We published the guide after a Reuter's article suggested that Yahoo has been working with U.S. intelligence services to search all customer emails. Opt-out of interest-based ads on Yahoo Yahoo customers can opt-out of interest-based ads. Yahoo notes on the page that opting-out will stop the analysis of communication content for advertising purposes among other things. You can opt out of interest-based advertising, analysis of communications content for advertising purposes, and the sharing of your information with partners for data matching and appends using the tools on this page. Perform the following steps to opt-out. Visit The Ad Internet Manager page on the Yahoo website. Click on the opt-out button to opt-out of interest-based ads and thus also the analysis of communication content for advertising purposes. The button should change to a "opt-in" button after the request has been processed. Switch to "On Yahoo", and opt-out there as well. Note that the use of ad-blockers or content-blockers may prevent the opt-out from working correctly. Closing Words I don't know how good Yahoo's algorithms are to distinguish between commercial emails and others; the past has shown that it is tricky to get it right. Yahoo customers who use email may want to opt-out of the automated scanning to avoid any issues related to the scanning; some may want to create new email accounts at providers that don't scan emails or put privacy first. Examples of such providers are Startmail or ProtonMail. Now You: Would you use email providers that scan your emails for commercial purposes? Source
  9. Paying for a premium service is the absolute best way to stream your favorite songs—you’ll get a better selection and more importantly, few, if any, frustrating ads. But Spotify is still pushing its free streaming option to keep growing, despite that being one of the biggest, dumbest sticking points in Spotify’s tussle with the music industry. Though its free service comparatively sucks, Spotify has improved it this year, giving listeners more choices for how they stream songs on their phones. Free Spotify may have another upgrade on the way, too: The company is currently testing letting users “skip audio and video ads any time they want, as often as they want, allowing them to quickly get back to music,” Ad Age reports. This test is only live in Australia for now, but Spotify aims to one day bring the option to everyone, according to the report. The move could make Spotify more money per ad for the ads users don’t skip, but hopefully the average listener will also have to deal with fewer ads overall. We’ve reached out to Spotify for more information and will update this story once we hear back. Update 12:55pm ET: A Spotify spokesperson tells Gizmodo that the company “will consider expanding” its ad skipping experiment “to additional markets in the future.” They added, “We are committed to our freemium model and will continue innovating our products to ensure the best experience on both our free and premium tiers.” Source
  10. Income, pregnancies, personal activities, all up for grabs Facebook’s advertising platform is riddled with loopholes that can help miscreants obtain private information on individual users, according to a recent study. Personally identifiable details – such as someone's email address, full name, date of birth, and home address – are used with their likes and dislikes to slot them into categories for targeted adverts. That means advertisers can zero in on their products' ideal buyers, and, say, sling expensive pet food ads at rich dog owners. However, these systems can also be exploited by scumbags to potentially slurp sensitive records. Researchers at the University of Southern California, in the US, studied Facebook’s targeted advertising capabilities in detail, and published their findings in a paper late last month. “We focus on three downsides: privacy violations, microtargeting (i.e., the ability to reach a specific individual or individuals without their explicit knowledge that they are the only ones an ad reaches) and ease of reaching marginalized groups,” the pair, Irfan Faizullabhoy and Aleksandra Korolova, stated in their paper's abstract. How it works Anyone with a Facebook profile can set up what's called a custom audience that defines a particular demographic for ad targeting. The trick here is to provide just enough information, and game the system, to narrow down the audience search results not to a select bunch of people, but down to just one unlucky person on the social network. Although Facebook treats that as an invalid demographic, its other tool, audience insights, which lets advertisers learn more about groups of netizens reached by adverts, can be used with that tiny custom audience to reveal that one person's private information. It means a miscreant can go on a fishing expedition, looking for a particular person or type of person, and extract private information, such as that person's age, income, how many people they live with, their personal activities, and so on, by combining the custom audience search function and the audience insights analytics. It seemingly gives anyone the power to learn more about strangers' lives – and there are more than 2,000 types of information that can be discerned per individual user. The researchers experimented with the analytics functions with the consent of their Facebook friends, who they asked to temporarily unfriend them. The duo found the audience insights results to be “highly accurate” when pulling up data on their pals. Information that can be gleaned from that tiny audience of one can range from hobbies to their family's details. “Questions such as, 'is this person [or] their wife pregnant?' 'how old are their children?' 'do they like to gamble?' 'are they living at home, or with roommates?' 'do they hunt?' can all be answered, efficiently and at no cost, by anyone,” Faizullabhoy and Korolova warned. The minimum number of people in a custom audience is, right now, 20. It’s a low number compared to 1,000 for Google, 300 for LinkedIn, and 500 for Twitter. By peppering in 19 fake or complicit accounts, for example, advertisers, and anyone else curious, can narrowly target and snoop on just a single person, or a group of people by going through them one at a time. Another potential flaw relates to Facebook allowing advertisers to refine their audience by location to within a one-mile radius. Small areas or even single houses can be targeted, as long as there are at least 20 users that match the advert’s criteria. It’s particularly concerning if those areas include vulnerable people who frequent planned parenthood clinics, rehab centers, or medical facilities, as they might be more easily picked out by ad campaigns. “It's difficult to predict how such a powerful tool can be abused by a clever and resourceful adversary, especially because neither researchers nor users have full transparency into what is feasible using Facebook's advertising platform and what data about them is being used when ad matching and reporting is performed,” Korolova, an assistant professor of computer science, told The Register. When the duo asked Facebook to increase the custom audience size to somewhere between 500 and 1,000, the Silicon Valley giant ignored the request, and still hasn't addressed it. For the geolocation targeting issue, the researchers were asked to “clarify how this bug is able to compromise the integrity of Facebook user data, circumvent the privacy protections of Facebook user data, or enable access to a system within Facebook’s infrastructure.” After the pair replied, Facebook did not respond, and even closed the bug bounty report, so that they could no longer engage in any sort of dialog. In the paper, Faizullabhoy and Korolova said they believed the reason why it was so easy to snoop on people via Facebook's ad platform was down to the website's careless approach to privacy. Facebook simply doesn’t care, they stated, to put it bluntly. “Facebook’s response to our white hat reports of 'single person targeting' that 'this is working as designed' shows an apathy toward micro-targeting and circumventions of the rudimentary micro-targeting protections Facebook has put in place,” the duo stated in their paper. Facebook declined to comment. Even when appearing before US Congress this week, CEO Mark Zuckerberg continued to dodge questions about the true nature of Facebook’s abilities to silently and secretly track millions of people’s online and offline activities, and how it that information may be passed to third parties with dodgy intentions. Facebook’s response: Do as little as possible When the researchers alerted Facebook to these vulnerabilities, they were stonewall. At one point, though, Facebook agreed to increase the number of people able to be targeted using the custom audience tool and audience insights analytics from one to 20. The researchers were required to submit video proof of the network's shortcomings, and were awarded $2,000 from the website's bug bounty program. When the duo asked Facebook to increase the custom audience size to somewhere between 500 and 1,000, the Silicon Valley giant ignored the request, and still hasn't addressed it. For the geolocation targeting issue, the researchers were asked to “clarify how this bug is able to compromise the integrity of Facebook user data, circumvent the privacy protections of Facebook user data, or enable access to a system within Facebook’s infrastructure.” After the pair replied, Facebook did not respond, and even closed the bug bounty report, so that they could no longer engage in any sort of dialog. In the paper, Faizullabhoy and Korolova said they believed the reason why it was so easy to snoop on people via Facebook's ad platform was down to the website's careless approach to privacy. Facebook simply doesn’t care, they stated, to put it bluntly. “Facebook’s response to our white hat reports of 'single person targeting' that 'this is working as designed' shows an apathy toward micro-targeting and circumventions of the rudimentary micro-targeting protections Facebook has put in place,” the duo stated in their paper. Facebook declined to comment. Even when appearing before US Congress this week, CEO Mark Zuckerberg continued to dodge questions about the true nature of Facebook’s abilities to silently and secretly track millions of people’s online and offline activities, and how it that information may be passed to third parties with dodgy intentions. Source
  11. It appears ads, which are becoming increasingly pervasive on Microsoft’s Windows 10 operating system, have now reached the Windows 10 Mail app. Users on Reddit are now reporting that a banner has shown up in the Windows 10 Mail app in a space above the Mail, Calendar and People buttons. The banner cannot be removed except by closing the menu, and currently advertises the Office 365 subscription service. The ads in the mail app are somewhat ironic, given Microsoft’s ad campaign against Google a decade ago, criticising the company for reading user’s email and showing them ads appropriate to the content of the email. Gmail is, of course, a free service, while most users pay for Windows 10 when they purchase their PC, making the operating system ads a deal Windows 10 users have not really signed up for. The current ads appear to be a test at present, and it is not clear how Microsoft is targeting them, though of course Windows 10 does include a privacy control related to Microsoft collecting data specifically for targetted ads, suggesting these ads are not being shown randomly. How do our readers feel about this latest move by Microsoft to monetize Windows? Let us know below. Source: Microsoft start testing ads in Windows 10 Mail and Calendar app ( MSPoweruser)
  12. New UpdateChecker Coinminer Package Also Displays Ads to Further Piss You Off These days it is not uncommon to find both adware and miners being installed together through adware bundles. These programs, though, are typically not created by the same developer and are just being included as different "offers" by the software monetization company. After examining a new malware sample that was sent to BleepingComputer, I discovered that a new malware called "UpdateChecker" not only includes a miner, but also includes an adware component that displays a popup ad every 60 minutes. UpdateChecker being distributed as a Adobe Flash Player update While I have not been able to find the site that actually pushes this malware, based on the "update_flash_player----3006603784----33362_ac4-461___.exe" name of the main installer, it's clear that it is being distributed as a fake update to Adobe Flash Player. It has become more and more common for fake Adobe Flash update sites to be created that push malware and JS script downloaders onto unsuspecting users. These users then run the executables thinking it's a Flash Update, but will have malware installed on their computer instead. An example of what one of these fake Flash Update sites look like can be seen below. Fake Flash Update Site Fake Update installs a adware and miner package When this particular fake Flash Player update is installed, it will connect to the fup.host site and download a zip file that contains the adware and miner malware package. This package is then unzipped into the %UserProfile%\AppData\Local\Microsoft\WindowsUpdate\ folder as shown below. Malware Folder As you can see, quite a few files are extracted and we will take a look at most of them below. The most important file is the updatechecker.exe file, which acts as the main controller for the rest of the malware package. Updatechecker.exe will be configured to start automatically when a user logs into Windows by creating an autorun called "WindowsUpdateChecker". When Updatechecker.exe is launched, it will read its configuration from the file located at update.json. This file contains the advertisement URL it should open, the frequency that an ad should be displayed, the max amount of ads, a list of Chrome extensions that are force installed, and a URL that will be opened on first run. Update.json File Updatechecker.exe will then launch the taskhostw.exe executable, which is the included Monero miner. This miner will read its configuration and what mining pools it should connect to from the config.json file. A removal guide for this miner can be found here. Config.json File Updatechecker will continue running in the background and based on the settings in the config.json will display advertisements at various intervals. The default setting is to show advertisements 24 times a day at 60 minute intervals. The ads that are displayed will be for unwanted chrome extensions, adult sites, online stores with affiliate links, and other unwanted programs. Advertisement Displayed by UpdateChecker Finally, Updatechecker will occasionally launch the update.exe executable, which will connect to the fup.host site to check for an updated zip file. If one is detected, it will download it and extract the components. To make it difficult to remove, Updatechecker.exe will automatically be launched again if you attempt to kill it and will automatically relaunch the taskhostw.exe miner if it is not running. Therefore, to remove it you will need to do so from safe mode or useing a security program. Thankfully, most anti-malware programs including Emsisoft and Malwarebytes are able to remove it for free. As it has become very common for malware to be distributed as an update to a popular program, you should never download and install Flash, Java, video player, or any other update from random sites. Instead only install them from the actual developer's site or a very trusted site. IOCs Hashes: Hosts: Source
  13. Adguard provides you with a reliable and manageable protection that immediately and without your participation filters the loading web pages. Adguard removes all the annoying ads, blocks loading of dangerous websites, and will not allow anyone to track your activities on the Internet. When processing a web page, Adguard does several things at once: 1. Removes ads and online tracking code directly from the page. 2. Checks a page against our database of phishing and malicious sites. 3. Checks apps downloaded from unknown sources. WHAT'S NEW PREMIUM features Unlocked A small update (release candidate) that fixes one major and a couple of minor bugs. [Fixed] "Protection" button misbehaves The AOT (ahead-of-time) compilation method on Android 7.x could remove whole chunks of AdGuard code on its optimization step. This led to various problems, including the persistance of VPN connection despite the disabled protection. [Fixed] bccard.com, local.gosi.go.kr are not accessible with the HTTPS filtering enabled [Fixed] Alisa is broken in Yandex.Browser alpha This app has no advertisements Download: Site: https://www.upload.ee Sharecode[?]: /files/7601338/AdGuard-Premium-2.10.155.apk.html
  14. straycat19

    Ad Feeder IPs and Blocking

    I was getting a bunch of ads that adguard and ublock origin could not stop. They would initially open a webpage with an address like lqpkjasgqjve.com/ and then real ad pages. If I blocked lqpkjasgqjve.com/ then I might not get ads for a little while but then a new page bkmtspywevsk.com would open and send me to another real ad page. Block that and another web page, mictxtwtjigs.com/ would be the initial page. I chased these web sites, adding them to ublock until it became obvious something else was happening. The initial page with the 10 character addresses passed so fast that the only way to see them was to press print screen real quick when they first came up, I literally only had a second. I then traced the websites and found that they all came back to the same group of IP addresses. I block that entire group with my firewall - Since then I have not had one ad pop up in any browser. Now I just get a notification that my firewall blocked an IP if the website uses that service to feed ads to its visitors.
  15. Adblock Plus Acquires Pirate Bay Founder’s Micropayment Service Flattr The company behind the popular Adblock Plus software has acquired Flattr, the micropayment service co-founded by Pirate Bay's Peter Sunde. With the deal the two companies hope to take their partnership to the next level, offering publishers a way to get paid without having to show annoying ads. After Pirate Bay co-founder Peter Sunde cut his ties with the notorious torrent site he moved on to several new projects. The micropayment system Flattr is one of his best-known ventures. With Flattr, people can easily send money to the websites and services they like, without having to enter their payment details time and time again. Last year Flattr partnered with Adblock Plus to launch a new service Flattr Plus, allowing publishers to generate revenue directly from readers instead of forcing ads upon them. Flattr Plus is built on the existing micropayment platform that was launched in 2010. Through a new browser add-on it allows users to automatically share money with website owners when an ad is blocked. Today, the cooperation between the two companies is strengthened even further after eyeo, the parent company of Adblock Plus, aquired Flattr. “Over the past ten months, we collaborated closely and in fact, became one team with a joint vision. So it was just natural to remove the remaining structural barriers and make it official,” Sunde says, commenting on the announcement. “We’re excited to continue our work on the Flattr project to give back control to the users of the internet. They should decide how they want to use the internet and how they want to support the content they enjoy.” Talking to TorrentFreak, Sunde says that he’ll stay on as an unpaid advisor. He has no official stake in Flattr so Hollywood shouldn’t expect to see any of the proceeds of the deal. That said, he’s put a lot of work in the company over the past eight years, building it from the ground up, so it’s a big step to let someone else take over. “It’s just that Flattr is my baby and she got married to someone who will take care of her from now,” says Sunde, summarizing his feelings. Flattr co-founder Linus Olsson will stay on to lead the Flattr operation, and other staff members will keep their jobs as well. Sunde will have an advisory role in the company, and continues to work on various side-projects, including a new privacy service he’ll launch soon. Source
  16. A fake Flash Player update ad on Skype | via reddit A number of users are complaining that the popular communication application Skype has been hosting rogue advertisements, which has a large risk of triggering malware. The issue was elevated to reddit last Wednesday, where the original poster complained that a malicious ad appeared while he was on Skype's home screen, and it was pretending to be a Flash update for the computer's browser. As the redditor points out, the ad would prompt the user to download an HTML application named "FlashPlayer.hta," designed to look like a legitimate program. However, once opened, it would download a malicious payload, which could potentially harm a computer in the long run. The poster has successfully deconstructed the code, and has posted it publicly on reddit. In an investigation by ZDNet, the experts they contacted found the following regarding rogue Skype ads: According to Ali-Reza Anghaie, co-founder of cybersecurity firm Phobos Group, the issue is what is called a "two-stage dropper". "It's effectively the utility component of the malware that then decides what else to do based on the command and control it connects to", he shared. While the domain used by the attacker no longer exists, Anghaie believes that it very likely serves ransomware. Other people have complained about malicious ads inside Skype, with the fake Flash update as a common denominator. Responding to the issue, a Microsoft spokesperson said that the issue was a "social-engineering effort," and that they should not be held responsible for the malicious content. The company further explains: As stated, it pays to be careful in opening suspicious content off the internet. Many are out there to deceive users, and steal sensitive information, aside from malware's usual work of wreaking havoc in our computers. Source
  17. As a follow up to its study which found up to $16.4 billion could be lost to ad fraud in 2017, The&Partnership is, well, basically demanding that Google, Facebook, et al open up their walled gardens and allow inside third party purveyors of ad verification solutions such as Adloox, a company The&Partnership partnered with for the study. The&Partnership argues ad spend lost to ad fraud could be reduced to single digits if only the giants would allow in solutions such as Adlooz. Currently the big boys don't allow in third party solutions of this type. Arguing for a doorway into the walled garden, The&Partnership Founder Johnny Hornby said, "Without this, not only are these platforms denying our clients the clean, brand-safe environments they quite rightly demand - but advertisers also lack full transparency and visibility in terms of the money they are losing to fraudulent advertising and advertising that never gets seen. If Google wants to see advertisers returning to YouTube in significant numbers. it is going to have to move quickly." Hornby suggests Google needs to do two things, "Firstly, Google needs to stop marking its own homework, fully opening up its walled gardens to independent, specialist ad verification software, to give brands the visibility and transparency they deserve. Secondly, Google will need to start looking at brand safety from completely the other end of the telescope. Instead of allowing huge volumes of content to become ad-enabled every minute, and then endeavoring to convince advertisers that the dangerous and offensive content among it will be found and weeded out, it should be presenting advertisers only with advertising opportunities that have already been pre-vetted and found to be 100% safe." Does anyone think Google is actually going to allow this? Of course, they could just buy Adloox and then there might be some actual headway. By Richard Whitman http://www.mediapost.com/publications/article/297997/agency-urges-google-to-allow-third-party-ad-verifi.html
  18. Windows 10 already shows users ads on the lock screen and the Start Menu, but now Microsoft appears to be promoting its services via Windows' File Explorer. Want more about Windows? Various Windows 10 users are reporting seeing adverts for Microsoft's cloud storage service OneDrive while browsing files on their machine. The ad offers 1TB of OneDrive storage for $6.99 per month, and is technically a 'sync notification', designed to let people know they can get more than the 5GB of free storage that comes with a Microsoft account. Ads for apps and services are already shown throughout Windows 10, and can be found on the Start Menu and lock screen. The introduction of promotions to File Explorer has been heavily criticized by some Microsoft watchers, and marks a widening of advertising to new areas of Windows 10. Most of the ads in the Windows 10 are pitched as suggestions for apps and services that might appeal to the user, and some users don't appear to notice them. But to some they are intrusive, and if they are offensive to you there are steps you can take to remove them. Follow the video guide to ensure you won't see these ads again. Video Source
  19. In many ways, Windows 10 is the best version of Windows ever. The operating system has grabbed a considerable amount of market share thanks to the free upgrade offer from Microsoft. Windows 10 users often complain about ads on the lock screen and app suggestions on the Start, and how Microsoft is pushing advertising in its latest version of Windows operating system. As if ads and suggestions were not enough on the Start and lock screen, Microsoft is displaying ads (Microsoft likes to call it as notification!) right in your File Explorer starting with Creators Update for Windows 10. Yes, Windows 10 will now display ads and notifications in the Windows Explorer as well. The so called Sync provider notification feature, according to Microsoft, is designed to help users by displaying quick, easy information about things that can improve the overall experience with Windows 10. The notifications appear just below the address bar as you can see in the picture above. While most users will not mind seeing information about Windows 10 and newly added features, Microsoft is using the space to display ads as well. For instance, according to a Reddit user, Windows 10 File Explorer is displaying OneDrive and Office 365 subscription offers. Luckily, there is an option in Windows 10 Folder Options to turn off Sync provider notifications or notifications in File Explorer. Method 1 of 2 Turn off ads in Windows Explorer in Windows 10 Complete the given below directions to disable Sync provider notifications or ads in File Explorer. Step 1: Open File Explorer. Click File menu and then click Change folder and search options or Options to open Folder Options. Step 2: In the Folder Options dialog, click on the View tab to switch to the same. Step 3: Here, under the Advanced settings, look for an option called Show sync provider notifications. Uncheck Show sync provider notifications and then click Apply button. That’s it! Windows 10’s File Explorer should now stop showing ads or notifications. Method 2 of 2 Disable notifications/ads in File Explorer via Registry Step 1: First of all, open Registry Editor. Type Regedit in Start menu or taskbar search box and then press Enter key. If you see the UAC prompt, click Yes button to open Registry Editor. Step 2: In the Registry Editor window, navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\Advanced Step 3: On the right-side, look for ShowSyncProviderNotifications DWORD, double-click on it and finally, change its value data to 0 (zero) to turn off notifications. To show notifications again, change the value data to 1. NOTE: If ShowSyncProviderNotifications DWORD doesn’t exist, right-click on an empty spot, click New, click DWORD (32-bit) and name it as ShowSyncProviderNotifications. Guide source
  20. Don't believe what Microsoft tells you -- Windows 10 is not an operating system. Oh, sure, it has many features that make it look like an operating system, but in reality it is nothing more than a vehicle for advertisements. Since the launch of Windows 10, there have been numerous complaints about ads in various forms. They appear in the Start menu, in the taskbar, in the Action Center, in Explorer, in the Ink Workspace, on the Lock Screen, in the Share tool, in the Windows Store and even in File Explorer. Microsoft has lost its grip on what is acceptable, and even goes as far as pretending that these ads serve users more than the company -- "these are suggestions", "this is a promoted app", "we thought you'd like to know that Edge uses less battery than Chrome", "playable ads let you try out apps without installing". But if we're honest, the company is doing nothing more than abusing its position, using Windows 10 to promote its own tools and services, or those with which it has marketing arrangements. Does Microsoft think we're stupid? See also: Oh joy -- playable ads arrive in Windows 10 How to disable ads in File Explorer in Windows 10 When Windows 10 first hit computers without a price tag, questions were asked about what the hidden cost might be. We've talked about the various telemetry, privacy-invading and tracking features that are to be found, and this is certainly part of the price one pays for a free operating system ... sorry, ad platform. But as more and more ads have gradually crept into Windows 10, the implications of using Windows 10 become ever clearer. Microsoft has boasted about the millions and millions of computers that now have Windows 10 installed. These are not just additions to the user-base, they are consumers ready to be advertised at. It is a captive audience staring at screens all around the world -- perfect for pummelling with ads as there's nowhere to hide! Microsoft is not only incredibly aggressive with its advertising, it is also disgustingly sneaky. Many of the various forms of advertising that can be found in Windows 10 can be disabled, but don't expect this to be easy, particularly if you're not completely au fait with the world of technology. The settings and toggles that need to be changed are far from obviously placed, and the misleading wording used (yes, we're looking at you OneDrive ads in File Explorer...) means many people would simply have no idea what the settings refer to even if they stumbled across them by accident. Seriously... who would think that in order to hide the OneDrive ads, you'd need to flick a toggle labeled Show sync provider notifications? Over the months since the Windows 10's launch, poor users have been gradually pushed harder and harder. It's as though Microsoft is trying to see just how much it can get away with before people reach breaking point. The company is utterly shameless, and it's high time more people spoke out about it. Microsoft has found itself in court on more than one occasion for anticompetitive behavior with Internet Explorer, and if its actions with ads are anything to go by it would appear that the company has learned nothing about stopping abusing its position. As each new layer of advertising has been revealed in Windows 10, Microsoft has managed to annoy and alienate more users. Each time there have been plenty of people to jump to the company's defense and stick up for what it is doing. But the sheer prevalence of ads in myriad forms is making Microsoft's actions indefensible. It might feel as though we're going over old ground here, and we are. Microsoft just keeps letting us (and you) down, time and time and time again. It's time for things to change, but will Microsoft listen? Source: Microsoft is disgustingly sneaky: Windows 10 isn't an operating system, it's an advertising platform (BetaNews)
  21. Microsoft Edge Browser Accused of Displaying Fake News in New Tabs News outlet partnership go wrong for Edge users All the news is delivered by MSN with help from news outlets across the world, and while at first glance everything should be pretty helpful for users, it turns out that the browser is suffering from an issue that the Internet is trying to deal with as we speak: fake news. A number of users have turned to the built-in Windows 10 Feedback Hub app to complain about what they claim to be fake news displayed in Microsoft Edge, explaining that the balanced news that they should find in the browser do not exist and most sources are trying to give articles a certain spin that shouldn’t be there. “I have been disgusted to read such clearly slanted stories. I would prefer to read news reports that allowed me to draw my own conclusions that did not seem intent on spinning the news in one direction or another. It is time that you offered BALANCED news instead of relying on your partnerships with news outlets that clearly have an agenda in their news reporting,” one such comment reads. Microsoft still tightlipped Microsoft Edge does not allow users to edit news sources, but only to choose the categories they want to receive articles for, so there’s no way to deal with the alleged fake news without the company’s own tweaks. Of course, Microsoft Edge does not deliberately spread fake news, and if this is indeed happening, it’s only the fault of the sources that the browser is configured to use to show articles in the start page and in new tabs. Microsoft, however, hasn’t said a single thing until now and is yet to respond to the suggestion posted in the Feedback Hub, so it remains to be seen if the company gives more power to users to configure news sources or if the company itself removes sources involved in spreading fake news. Source
  22. Bad Ad Johnny Is An Ad, Tracker And Malware-Blocker For Chrome Developed by VPN provider PureVPN, Bad Ad Johnny is a one-stop ad, tracker and malware-blocker for Chrome. The extension aims to block absolutely everything, says the website, in particular those "acceptable ads": "I DO NOT shake hands with publishers under the table and let some ads slide." Installation is automatic and initially there’s nothing to do, just browse as usual and enjoy your ad-free existence. The Bad Ad Johnny icon updates in real time with the total number of blocked threats on the current page. If a figure seems high or you’re just curious, clicking the icon breaks down the figure by ads, trackers and malware. If this doesn’t completely work, a "Targeted Elements" enables choosing an area of the current page to block. A "Disable on this site" button turns the extension off for the current site only, and as you click a voice says "Enable me if you want to live". That’s funny for the first two or three times, annoying after that, but fortunately it can be turned off with a click. If you need more control, there are plenty of settings available. The "Global List" section is a good place to start, displaying the lists used to identify ads, malware, privacy and social media intrusions. You can disable some of these if they’re causing problems, or turn on others to try and block even more threats. Bad Ad Johnny is a free extension for Google Chrome. Source
  23. Mozilla: The Internet Is Unhealthy And Urgently Needs Your Help Mozilla argues that the internet's decentralized design is under threat by a few key players, including Google, Facebook, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce, and search. Can the internet as we know it survive the many efforts to dominate and control it, asks Firefox maker Mozilla. Much of the internet is in a perilous state, and we, its citizens, all need to help save it, says Mark Surman, executive director of Firefox maker the Mozilla Foundation. We may be in awe of the web's rise over the past 30 years, but Surman highlights numerous signs that the internet is dangerously unhealthy, from last year's Mirai botnet attacks, to market concentration, government surveillance and censorship, data breaches, and policies that smother innovation. "I wonder whether this precious public resource can remain safe, secure and dependable. Can it survive?" Surman asks. "These questions are even more critical now that we move into an age where the internet starts to wrap around us, quite literally," he adds, pointing to the Internet of Things, autonomous systems, and artificial intelligence. In this world, we don't use a computer, "we live inside it", he adds. "How [the internet] works -- and whether it's healthy -- has a direct impact on our happiness, our privacy, our pocketbooks, our economies and democracies." Surman's call to action coincides with nonprofit Mozilla's first 'prototype' of the Internet Health Report, which looks at healthy and unhealthy trends that are shaping the internet. Its five key areas include open innovation, digital inclusion, decentralization, privacy and security, and web literacy. Mozilla will launch the first report after October, once it has incorporated feedback on the prototype. That there are over 1.1 billion websites today, running on mostly open-source software, is a positive sign for open innovation. However, Mozilla says the internet is "constantly dodging bullets" from bad policy, such as outdated copyright laws, secretly negotiated trade agreements, and restrictive digital-rights management. Similarly, while mobile has helped put more than three billion people online today, there were 56 internet shutdowns last year, up from 15 shutdowns in 2015, it notes. Mozilla fears the internet's decentralized design, while flourishing and protected by laws, is under threat by a few key players, including Facebook, Google, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce and search. "While these companies provide hugely valuable services to billions of people, they are also consolidating control over human communication and wealth at a level never before seen in history," it says. Mozilla approves of the wider adoption of encryption today on the web and in communications but highlights the emergence of new surveillance laws, such as the UK's so-called Snooper's Charter. It also cites as a concern the Mirai malware behind last year's DDoS attacks, which abused unsecured webcams and other IoT devices, and is calling for safety standards, rules and accountability measures. The report also draws attention to the policy focus on web literacy in the context of learning how to code or use a computer, which ignores other literacy skills, such as the ability to spot fake news, and separate ads from search results. Source Alternate Source - 1: Mozilla’s First Internet Health Report Tackles Security, Privacy Alternate Source - 2: Mozilla Wants Infosec Activism To Be The Next Green Movement
  24. Windows 10 Share “Soon With” Ads Microsoft plans to roll out the upcoming Windows 10 feature update Creators Update with a new Share UI, and will push ads in that UI. Microsoft is working on the next feature update for Windows 10 called the Creators Update. The new version of Windows 10 will be made available in April 2017 according to latest projections, and it will introduce a series of new features and changes to the operating system. The built-in Share functionality of Windows 10 will be updated in the Creators Update as well. We talked about this when the first screenshots of the new user interface leaked. The core change is that the Share user interface will open up in the center of the screen instead of the sidebar. Along with the change come ads. If you take a look at the following screenshot, courtesy of Twitter user Vitor Mikaelson (via Winaero), you see the Box application listed as one of the available share options even though it is not installed on the device (and never was according to Vitor). The suggested app is listed right in the middle of the share interface, and not at the bottom. Microsoft uses the Share UI to promote Windows Store applications. This is one of the ways for Microsoft to increase the visibility of the operating system's built-in Store. The Share UI is not the first, and likely not the last, location to receive ads on Windows 10. Ads are shown on Windows 10's lockscreen, and in the Windows 10 start menu for instance. While it is possible to disable the functionality, it is turned on by default. Ads in the Share UI will likely be powered by the same system which means that you will be able to turn these ads off in the Settings. Microsoft is not the only company that uses recommendations in their products to get users to install other products. I'm not fond of this as I don't like it that these suggestions take away space. While I don't use the Share UI at all, I do use the Start Menu. The recommendations there take away space from programs and applications that I have installed or am using. Yes, it is easy enough to turn these off, and that's what I did as I have no need for them. Should I ever run into a situation where I require functionality, say sharing to Box, I'd search for a solution and find it. I can see these recommendations being useful to inexperienced users however who may appreciate the recommendations. There is a debate going on currently whether to call these promotions advertisement, or recommendations / suggestions. Now You: What's your take on these? How do you call them? Source
  25. Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads Millions of readers who visited popular news websites have been targeted by a series of malicious ads redirecting to an exploit kit exploiting several Flash vulnerabilities. Since at least the beginning of October, users might have encountered ads promoting applications calling themselves “Browser Defence” and “Broxu” using banners similar to the ones below: These advertisement banners were stored on a remote domain with the URL hxxps://browser-defence.com and hxxps://broxu.com. Without requiring any user interaction, the initial script reports information about the victim’s machine to the attacker’s remote server. Based on server-side logic, the target is then served either a clean image or its almost imperceptibly modified malicious evil twin. The malicious version of the graphic has a script encoded in its alpha channel, which defines the transparency of each pixel. Since the modification is minor, the final picture’s color tone is only slightly different to that of the clean version: Using the known Internet Explorer vulnerability CVE-2016-0162, the encoded script attempts to verify that it is not being run in a monitored environment such as a malware analyst’s machine. ”If the script does not detect any signs of monitoring, it redirects to the Stegano exploit kit’s landing page, via the TinyURL service. The landing page loads a Flash file that is able to exploit three different vulnerabilities (CVE-2015-8651, CVE-2016-1019, CVE-2016-4117), depending on the version of Flash found on the victim’s system. Upon successful exploitation, the executed shell code collects information on installed security products and performs – as paranoid as the cybercriminals behind this attack – yet another check to verify that it is not being monitored. If results are favorable, it will attempt to download the encrypted payload from the same server again, disguised as a gif image. The payload is then decrypted and launched via regsvr32.exe or rundll32.exe. Payloads detected so far include backdoors, banking trojans, spyware, file stealers and various trojan downloaders. Technical analysis of the Stegano exploit kit An earlier variant of this stealthy exploit pack has been hiding in plain sight since at least late 2014, when we spotted it targeting Dutch customers. In spring 2015 the attackers focused on the Czech Republic and now they have shifted their focus onto Canada, Britain, Australia, Spain and Italy. In the earlier campaigns, in an effort to masquerade as an advertisement, the exploit kit was using domain names starting with “ads*.” and URI names containing watch.flv, media.flv, delivery.flv, player.flv, or mediaplayer.flv. In the current campaign, they have improved their tactics significantly. It appears that the exploit pack’s targeting of specific countries is a result of the advertising networks the attackers were able to abuse. We can say that even some of the other major exploit kits, like Angler and Neutrino, are outclassed by the Stegano kit in terms of referrals – ‘the websites onto which they managed to get the malicious banners installed. We have observed major domains, including news websites visited by millions of people every day, acting as “referrers” hosting these advertisements. Upon hitting the advertising slot, the browser will display an ordinary-looking banner to the observer. There is, however, a lot more to it than advertising. The steganography advertisement In the vast majority of the cases, the advertisement was promoting a product called “Browser Defence” and it has been only recently when we started to detect banners promoting the software “Broxu”. However, for the sake of simplicity, and since the campaigns are practically identical (apart from the banner and its hosting domain, of course), only the “Browser Defence” campaign is analyzed below. The advertisement was located at the browser-defence.com domain with a URI structure similar to the following (note the https): hxxps://browser-defence.com/ads/s/index.html?w=160&h=600 The index.html loads countly.min.js and feeds the initial parameters to the script. This countly, however, is not the stock library of the open source mobile & web analytics platform you would download from github. It is a heavily modified and obfuscated version, with some parts deleted and interlaced with custom code. This custom code is responsible for an initial environment check. Information about the environment is reported back to the server as XOR-encrypted parameters of the 1x1gif file, as captured in the image above. The following information about the environment is sent: systemLocale^screenResolution^GMT offset^Date^userAgent^pixelRatio After that, the script will request the advertising banner. The server will reply with either a clean or a malicious version, most likely also depending on the previous environment check. The script will then attempt to load the banner and read the RGBA structure. If a malicious version of the image was received, it will decode some Javascript and variables from the alpha channel The steganography is implemented in the following way: Two consecutive alpha values represent the tens and ones of a character code, encoded as a difference from 255 (the full alpha). Moreover, in order to make the change more difficult to spot by naked eye, the difference is minimized using an offset of 32. For instance, if the first few alpha bytes contained the values 239, 253, 237, 243, 239, 237, 241, 239, 237, 245, 239, 247, 239, 235, 239 and 237, they would decode to the word “function”. In this example, the first two alpha values 239, 253 would give us an ‘f’: A closer look at one of the clean banners and one with the Stegano code shows only a subtle difference. Clean picture; picture with malicious content; malicious version enhanced for illustrative purposes. The alpha channel of the unused pixels is filled with some pseudorandom values, in order to make the “alpha noise” evenly distributed and thus more difficult to spot. After successful extraction, the JS code integrity is checked against a hash encoded at the end of the picture, then executed. Next, the new script attempts to check the browser and computer environment further using a known Internet Explorer vulnerability, CVE-2016-0162. In particular, it is it is focused on checking for the presence of packet capture, sandboxing, and virtualization software, as well as various security products. Also, it checks for various graphics and security drivers to verify whether it is running on a real machine. More details can be found Appendix 1. If no indication of monitoring is detected, it creates an iframe (just one pixel in size) at coordinates off the screen, sets its window.name property (this name will be used later) and redirects to TinyURL via https. TinyURL then redirects to an exploit landing page via http. The referrer to the original site is lost during this process. The exploit After successful redirection, the landing page checks the userAgent looking for Internet Explorer, loads a Flash file, and sets the FlashVars parameters via an encrypted JSON file. The landing page also serves as a middleman for the Flash and the server via ExternalInterface and provides basic encryption and decryption functions. The Flash file has another Flash file embedded inside and, similarly to the Neutrino exploit kit, it comes with three different exploits based on the Flash version. The second stage Flash file decrypts the FlashVars. It contains a JSON file with URI for error reporting, JS function names for ExternalInterface, the callback function name and some unused data: {“a”:”\/e.gif?ts=1743526585&r=10&data=”,”b”:”dUt”,”c”:”hML”,”d”:true,”x”:”\/x.gif?ts=1743526585&r=70&data=”} Subsequently, it invokes a JS via ExtelnalInterface.call() that checks for the Flash version and communicates this to the server via the landing page. This is done through an encrypted URI parameter of a request for a GIF file. The encryption’s algorithm is simple, and uses the window.name from the advertisement: The response is a GIF image of which the first bytes are discarded and the rest is decrypted using the same algorithm and then passed back to Flash. The response is a JSON containing a letter denoting which exploit to use (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117), a password for the corresponding exploit and a shell code ready with the URI for the payload. The shell code The shell code is decrypted into its final stage during the exploitation phase. It will attempt to download an encrypted payload, again disguised as a GIF image. First, however, it performs yet another check for signs that could suggest it is being analyzed. It is particularly interested in presence software containing the following strings in their filenames: vmtoolsd.exe VBoxService.exe prl_tools_service.exe VBoxHook.dll SBIEDLL.DLL fiddler.exe charles.exe wireshark.exe proxifier.exe procexp.exe ollydbg.exe windbg.exe eset*, kasper*, avast*, alwil*, panda*, nano a*, bitdef*, bullgu*, arcabi*, f-secu*, g data*, escan*, trustp*, avg*, sophos*, trend m*, mcafee*, lavaso*, immune*, clamav*, emsiso*, superanti*, avira*, vba32*, sunbel*, gfi so*, vipre*, microsoft sec*, microsoft ant*, norman*, ikarus*, fortin*, filsec*, k7 com*, ahnlab*, malwareby*, comodo*, symant*, norton*, agnitu*, drweb*, 360*, quick h If it detects anything suspicious, it will not attempt to download the payload. The payload If the payload is received, the first 42 bytes of the GIF are discarded; the rest is decrypted and saved to a file using one of the following methods: CreateFile, WriteFile CreateUrlCacheEntryA(*” http://google.com/”,,,,), CreateFileA, CreateFileMappingA, MapViewOfFile, {loop of moving bytes}, FlushViewOfFile, UnmapViewOfFile The payload is then launched via regsvr32.exe or rundll32.exe. During our research, we have seen the following payloads being downloaded by the Stegano exploit kit: Win32/TrojanDownloader.Agent.CFH Win32/TrojanDownloader.Dagozill.B Win32/GenKryptik.KUM Win32/Kryptik.DLIF After a detailed analysis of the Downloaders and Kryptiks (the latter are ESET’s detections of extensively obfuscated variants), we found out that they either contained or were downloading Ursnif and Ramnit malware. Ursnif has a multitude of modules for stealing email credentials, has a backdoor, keylogger, screenshot maker, and video maker, is injecting into IE/FF/Chrome and modifying http traffic, and can steal any file from the victim computer. According to the configuration files found in the analyzed samples, they seem to be targeting the corporate sector, focusing on payment services and institutions. Ramnit is a file infector that has been targeting the banking sector as well, utilizing its many capabilities, such as information exfiltration, screenshot capture, file execution, etc. Conclusion The Stegano exploit kit has been trying to fly under the radar since at least 2014. Its authors have put quite some effort into implementing several techniques to achieve self-concealment. In one of the most recent campaigns we detected, which we traced back at least to the beginning of October 2016, they had been distributing the kit through advertisement banners using steganography and performing several checks to confirm that they were not being monitored. In the event of successful exploitation, the vulnerable victims’ systems had been left exposed to further compromise by various malicious payloads including backdoors, spyware and banking Trojans. Exploitation by the Stegano kit, or any other known exploit kit for that matter, can often be avoided by running fully patched software and by using a reliable, updated internet security solution. Appendix 1 – Strings scanned for by Stegano exploit kit Security products C:\Windows\System32\drivers\vmci.sys C:\Program Files\VMware\VMware Tools\vmtoolsd.exe C:\Program Files (x86)\VMware\VMware Tools\vmtoolsd.exe C:\Windows\System32\drivers\vboxdrv.sys C:\Windows\System32\vboxservice.exe C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxTray.exe C:\Program Files (x86)\Oracle\VirtualBox Guest Additions\VBoxTray.exe C:\Windows\System32\drivers\prl_fs.sys C:\Program Files\Parallels\Parallels Tools\prl_cc.exe C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe C:\Windows\System32\VMUSrvc.exe C:\Windows\System32\VMSrvc.exe C:\Program Files\Fiddler\Fiddler.exe C:\Program Files (x86)\Fiddler\Fiddler.exe C:\Program Files\Fiddler2\Fiddler.exe C:\Program Files (x86)\Fiddler2\Fiddler.exe C:\Program Files\Fiddler4\Fiddler.exe C:\Program Files (x86)\Fiddler4\Fiddler.exe C:\Program Files\FiddlerCoreAPI\FiddlerCore.dll C:\Program Files (x86)\FiddlerCoreAPI\FiddlerCore.dll C:\Program Files\Charles\Charles.exe C:\Program Files (x86)\Charles\Charles.exe C:\Program Files\Wireshark\wireshark.exe C:\Program Files (x86)\Wireshark\wireshark.exe C:\Program Files\Sandboxie\SbieDll.dll C:\Program Files (x86)\Sandboxie\SbieDll.dll SbieDll.dll C:\Program Files\Invincea\Enterprise\InvProtect.exe C:\Program Files (x86)\Invincea\Enterprise\InvProtect.exe C:\Program Files\Invincea\Browser Protection\InvBrowser.exe C:\Program Files (x86)\Invincea\Browser Protection\InvBrowser.exe C:\Program Files\Invincea\threat analyzer\fips\nss\lib\ssl3.dll C:\Program Files (x86)\Invincea\threat analyzer\fips\nss\lib\ssl3.dll InvGuestIE.dll InvGuestIE.dll/icon.png sboxdll.dll InvRedirHostIE.dll C:\Windows\System32\PrxerDrv.dll PrxerDrv.dll C:\Program Files\Proxifier\Proxifier.exe C:\Program Files (x86)\Proxifier\Proxifier.exe C:\Windows\System32\pcapwsp.dll pcapwsp.dll C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe C:\Program Files (x86)\Proxy Labs\ProxyCap\pcapui.exe C:\Windows\System32\socketspy.dll socketspy.dll C:\Program Files\Ufasoft\SocksChain\sockschain.exe C:\Program Files (x86)\Ufasoft\SocksChain\sockschain.exe C:\Program Files\Debugging Tools for Windows (x86)\windbg.exe C:\Program Files (x86)\Debugging Tools for Windows (x86)\windbg.exe C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe mbae.dll C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\System32\drivers\hmpalert.sys C:\Program Files\EMET 4.0\EMET_GUI.exe C:\Program Files (x86)\EMET 4.0\EMET_GUI.exe C:\Program Files\EMET 4.1\EMET_GUI.exe C:\Program Files (x86)\EMET 4.1\EMET_GUI.exe C:\Program Files\EMET 5.0\EMET_GUI.exe C:\Program Files (x86)\EMET 5.0\EMET_GUI.exe C:\Program Files\EMET 5.1\EMET_GUI.exe C:\Program Files (x86)\EMET 5.1\EMET_GUI.exe C:\Program Files\EMET 5.2\EMET_GUI.exe C:\Program Files (x86)\EMET 5.2\EMET_GUI.exe C:\Program Files\EMET 5.5\EMET_GUI.exe C:\Program Files (x86)\EMET 5.5\EMET_GUI.exe C:\Python27\python.exe C:\Python34\python.exe C:\Python35\python.exe C:\Program Files\GeoEdge\GeoProxy\GeoProxy.exe C:\Program Files (x86)\GeoEdge\GeoProxy\GeoProxy.exe C:\Program Files\geoedge\geovpn\bin\geovpn.exe C:\Program Files (x86)\geoedge\geovpn\bin\geovpn.exe C:\Program Files\GeoSurf by BIscience Toolbar\tbhelper.dll C:\Program Files (x86)\GeoSurf by BIscience Toolbar\tbhelper.dll C:\Program Files\AdClarity Toolbar\tbhelper.dll C:\Program Files (x86)\AdClarity Toolbar\tbhelper.dll XProxyPlugin.dll C:\Program Files\EffeTech HTTP Sniffer\EHSniffer.exe C:\Program Files (x86)\EffeTech HTTP Sniffer\EHSniffer.exe C:\Program Files\HttpWatch\httpwatch.dll C:\Program Files (x86)\HttpWatch\httpwatch.dll httpwatch.dll C:\Program Files\IEInspector\HTTPAnalyzerFullV7\HookWinSockV7.dll C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV7\HookWinSockV7.dll C:\Program Files\IEInspector\HTTPAnalyzerFullV6\HookWinSockV6.dll C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\HookWinSockV6.dll C:\Program Files\IEInspector\IEWebDeveloperV2\IEWebDeveloperV2.dll C:\Program Files (x86)\IEInspector\IEWebDeveloperV2\IEWebDeveloperV2.dll HookWinSockV6.dll/#10/PACKAGEINFO HookWinSockV7.dll/#10/PACKAGEINFO C:\Program Files\NirSoft\SmartSniff\smsniff.exe C:\Program Files (x86)\NirSoft\SmartSniff\smsniff.exe C:\Program Files\SoftPerfect Network Protocol Analyzer\snpa.exe C:\Program Files (x86)\SoftPerfect Network Protocol Analyzer\snpa.exe C:\Program Files\York\York.exe C:\Program Files (x86)\York\York.exe C:\Windows\System32\drivers\pssdklbf.sys C:\Program Files\Andiparos\Andiparos.exe C:\Program Files (x86)\Andiparos\Andiparos.exe C:\Program Files\IEInspector\HTTPAnalyzerStdV7\HTTPAnalyzerStdV7.exe C:\Program Files (x86)\IEInspector\HTTPAnalyzerStdV7\HTTPAnalyzerStdV7.exe C:\Program Files\IEInspector\HTTPAnalyzerFullV7\HttpAnalyzerStdV7.exe C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV7\HttpAnalyzerStdV7.exe C:\Program Files\HTTPDebuggerPro\HTTPDebuggerUI.exe C:\Program Files (x86)\HTTPDebuggerPro\HTTPDebuggerUI.exe C:\Program Files\OWASP\ed Attack Proxy\AP.exe C:\Program Files (x86)\OWASP\ed Attack Proxy\AP.exe C:\Program Files\Iarsn\AbpMon 9.x\AbpMon.exe C:\Program Files (x86)\Iarsn\AbpMon 9.x\AbpMon.exe C:\Program Files\AnVir Task ManagerAnVir.exe C:\Program Files (x86)\AnVir Task ManagerAnVir.exe C:\Program Files\rohitab.com\API Monitor\apimonitor-x64.exe C:\Program Files (x86)\rohitab.com\API Monitor\apimonitor-x64.exe C:\Program Files\Chameleon Task Manager\manager_task.exe C:\Program Files (x86)\Chameleon Task Manager\manager_task.exe C:\Program Files\Free Extended Task Manager\Extensions\ExtensionsTaskManager.exe C:\Program Files (x86)\Free Extended Task Manager\Extensions\ExtensionsTaskManager.exe C:\Program Files\Kozmos\Kiwi Application Monitor\Kiwi Application Monitor.exe C:\Program Files (x86)\Kozmos\Kiwi Application Monitor\Kiwi Application Monitor.exe C:\Program Files\PerfMon4x\PerfMon.exe C:\Program Files (x86)\PerfMon4x\PerfMon.exe C:\Program Files\Process Lasso\ProcessLasso.exe C:\Program Files (x86)\Process Lasso\ProcessLasso.exe C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe C:\Program Files\Psymon\Psymon.exe C:\Program Files (x86)\Psymon\Psymon.exe C:\Program Files\LizardSystems\Remote Process Explorer\rpexplorer.exe C:\Program Files (x86)\LizardSystems\Remote Process Explorer\rpexplorer.exe C:\Program Files\Security Process Explorer\procmgr.exe C:\Program Files (x86)\Security Process Explorer\procmgr.exe C:\Program Files\System Explorer\SystemExplorer.exe C:\Program Files (x86)\System Explorer\SystemExplorer.exe C:\Program Files\Iarsn\TaskInfo 10.x\TaskInfo.exe C:\Program Files (x86)\Iarsn\TaskInfo 10.x\TaskInfo.exe C:\Program Files\What’s my computer doing\WhatsMyComputerDoing.exe C:\Program Files (x86)\What’s my computer doing\WhatsMyComputerDoing.exe C:\Program Files\VMware\VMware Workstation\vmware.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe C:\Program Files\Oracle\VirtualBox\VirtualBox.exe C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe C:\Windows\System32\VBoxControl.exe C:\Windows\System32\VBoxTray.exe C:\Windows\System32\vmms.exe C:\Program Files\HitmanPro.Alert\hmpalert.exe C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe Drivers and libraries (needs to find at least one) C:\Windows\System32\drivers\igdkmd64.sys C:\Windows\System32\drivers\atikmdag.sys C:\Windows\System32\drivers\nvlddmkm.sys C:\Windows\System32\drivers\igdkmd32.sys C:\Windows\System32\drivers\nvhda64v.sys C:\Windows\System32\drivers\atihdmi.sys C:\Windows\System32\drivers\nvhda32v.sys C:\Windows\System32\drivers\igdpmd64.sys C:\Windows\System32\drivers\ATI2MTAG.SYS C:\Windows\System32\drivers\igdpmd32.sys C:\Windows\System32\OpenCL.dll C:\Windows\System32\igdumd32.dll C:\Windows\System32\igd10umd32.dll C:\Windows\System32\igdumd64.dll C:\Windows\System32\igd10umd64.dll C:\Windows\System32\igdusc64.dll C:\Windows\System32\igdumdim64.dll C:\Windows\System32\igdusc32.dll C:\Windows\System32\igdumdim32.dll C:\Windows\System32\atibtmon.exe C:\Windows\System32\aticfx32.dll C:\Windows\System32\nvcpl.dll C:\Windows\System32\nvcuda.dll C:\Windows\System32\aticfx64.dll C:\Windows\System32\nvd3dumx.dll C:\Windows\System32\nvwgf2umx.dll C:\Windows\System32\igdumdx32.dll C:\Windows\System32\nvcuvenc.dll C:\Windows\System32\amdocl64.dll C:\Windows\System32\amdocl.dll C:\Windows\System32\nvopencl.dll C:\Windows\System32\ATI2CQAG.DLL C:\Windows\System32\ati3duag.dll C:\Windows\System32\ATI2DVAG.DLL C:\Windows\System32\ativvaxx.dll C:\Windows\System32\ATIKVMAG.DLL C:\Windows\System32\OEMinfo.ini C:\Windows\System32\OEMlogo.bmp C:\Windows\System32\nvsvc32.exe C:\Windows\System32\nvvsvc.exe C:\Windows\System32\nvsvc.dll C:\Windows\System32\nview.dll (must not find any of these) C:\Windows\System32\drivers\ehdrv.sys C:\Windows\System32\drivers\eamon.sys C:\Windows\System32\drivers\eamonm.sys C:\Windows\System32\drivers\klif.sys C:\Windows\System32\drivers\klflt.sys C:\Windows\System32\drivers\kneps.sys ie_plugin.dll ToolbarIE.dll C:\Windows\System32\drivers\tmtdi.sys C:\Windows\System32\drivers\tmactmon.sys C:\Windows\System32\drivers\tmcomm.sys C:\Windows\System32\drivers\tmevtmgr.sys tmopieplg.dll Unreferenced strings mhtml:file:///Program Files\asus/ mhtml:file:///Program Files\acer/ mhtml:file:///Program Files\apple/ mhtml:file:///Program Files\dell/ mhtml:file:///Program Files\fujitsu/ mhtml:file:///Program Files\hp/ mhtml:file:///Program Files\lenovo/ mhtml:file:///Program Files\ibm/ mhtml:file:///Program Files\sumsung/ mhtml:file:///Program Files\sony/ mhtml:file:///Program Files\toshiba/ mhtml:file:///Program Files\nero/ mhtml:file:///Program Files\abbyy/ mhtml:file:///Program Files\bonjour/ mhtml:file:///Program Files\divx/ mhtml:file:///Program Files\k-lite codec pack/ mhtml:file:///Program Files\quicktime/ mhtml:file:///Program Files\utorrent/ mhtml:file:///Program Files\yahoo!/ mhtml:file:///Program Files\ask.com/ mhtml:file:///Program Files\the bat!/ mhtml:file:///Program Files\atheros/ mhtml:file:///Program Files\realtek/ mhtml:file:///Program Files\synaptics/ mhtml:file:///Program Files\creative/ mhtml:file:///Program Files\broadcom/ mhtml:file:///Program Files\intel/ mhtml:file:///Program Files\amd/ mhtml:file:///Program Files\msi/ mhtml:file:///Program Files\nvidia corporation/ mhtml:file:///Program Files\ati technologies/ Appendix 2 – Hashes (sha1) countly.min.js 24FA6490D207E06F22A67BC261C68F61B082ACF8 Code from banner A57971193B2FFFF1137E083BFACFD694905F1A94 banner.png with stegano 55309EAE2B826A1409357306125631FDF2513AC5 67799F80CEF4A82A07EFB3698627D7AE7E6101AB 09425B3B8BF71BA12B1B740A001240CD43378A6C 4528736618BBB44A42388522481C1820D8494E37 FE841DF1ACD15E32B4FFC046205CAAFD21ED2AB2 7BE0A9387F8528EC185ACC6B9573233D167DF71B A5BC07E8E223A0DF3E7B45EEFD69040486E47F27 EC326BA5CD406F656C3B26D4A5319DAA26D4D5FE 3F1A5F624E0E974CAA4F290116CE7908D360E981 33F921C61D02E0758DCB0019C5F37A4D047C9EC7 2FF89048D39BE75F327031F6D308CE1B5A512F73 9A0D9EBC236DF87788E4A3E16400EB8513743233 F36C283B89C9F1B21A4AD3E384F54B0C8E7D417A 17787879D550F11580C74DA1EA36561A270E16F7 9090DB6731A8D49E8B2506087A261D857946A0EB 45B3EE46ADA9C842E65DCF235111AB81EF733F34 F56A878CA094D461BDF0E5E0CECED5B9903DB6E0 6C74A357B932CF27D5634FD88AA593AEF3A77672 0C3C22B8AA461C7DE4D68567EEA4AE3CD8E4D845 5A5A015C378159E6DC3D7978DAD8D04711D997F8 B2473B3658C13831C62A85D1634B035BC7EBD515 9638E1897B748D120149B94D596CEC6A5D547067 0195C8C7B687DD4CBF2578AD3CB13CD2807F25CB FEC222095ABD62FC7635E2C7FA226903C849C25C 0FCB2B3ED16672A94CD003B4B53181B568E35912 03483E4039839F0807D7BEC08090179E62DBCC60 Stegano exploit kit landing page 67E26597CF1FF35E4B8300BF181C84015F9D1134 CD46CEE45F2FC982FBA7C4D246D3A1D58D13ED4A 191FFA6EB2C33A56E750BFFEFFE169B0D9E4BBE4 4B2F4C20CC9294F103319938F37C99C0DE7B4932 3FCEA1AFDA9888400D8DE5A232E4BF1E50D3380F CA750F492691F4D31A31D8A638CE4A56AF8690D0 1374EE22D99ECFC6D68ADE3ACE833D4000E4705B 6BF1A2B7E8CA44E63E1A801E25189DC0212D71B9 B84AB2D5EAD12C257982386BC39F18532BF6939E 476A0455044B9111BDA42CDB7F4EA4E76AA7AB2D 0C1CA7D9C7E4B26A433946A6495782630EF6FD18 29B6DD92FBDF6070B171C38B1D3CA374F66E4B66 89DA7E7A88F9B6CBBFAF7F229BFEA8767220C831 CEE32C8E45A59D3084D832A9E6500AE44F75F7B5 A152AB43BEDCD8F6B7BFB67249C5599CF663D050 3AC722AC0D4764545A3E8A6DF02059C8A164CA17 25E0474E4F8D7D3053278B45A9C24380275B4705 35FB5F3C2957B4525A0330427397915AEEFDDD91 19EEE9745E25194DD573423C6DB0F5AF5D8CFE1D E88B2B7A08322738C74B29C4CA538741F85A0B7F A388A2A241339489685CB4AD22EBA9E04B72CD67 Flash files BADAE04BFF7AFD890C3275E0434F174C6706C2C6 6EF95ACB8AA14D3BA8F1B3C147B7FB0A9DA579A2 10840AEB8342A26DFC68E0E706B36AC2B5A0D5B2 093B25B04FE21185BFEEAFD48F712942D3A3F0C6 C680734AF8670895F961C951A3629B5BC64EFE8E EEDBBB65A441979974592343C6CA71C90CC2550F DE288CADE8EE3F13D44719796A5896D88D379A1E 9488CDBB242BE50DF3D20B12F589AF2E39080882 B664365FC8C0B93F6A992C44D11F44DD091426DD 7557B5D987F0236FF838CD3AF05663EFA98EBC56 24B7933A8A8F6ED50FBAF2A5021EF47CE614A46F 11BA8B354001900ED79C43EA858F1BC732961097 Appendix 3 – URL samples TinyURL.com /jf67ejb /jqp7efh /j56ks2b /gplnhvm /gwwltaf /hgnsysa /hvfnohs Stegano exploit kit landing pages hxxp://conce.republicoftaste.com/urq5kb7mnimqz/3dyv72cqtwjbgf5e89hyqryq5zu60_os24kfs1j3u_i hxxp://compe.quincephotographyvideo.com/kil5mrm1z0t-ytwgvx/g7fjx4_caz9 hxxp://ntion.atheist-tees.com/v2mit3j_fz0cx172oab_eys6940_rgloynan40mfqju6183a9a4kn/f hxxp://entat.usedmachinetools.co/6yg1vl0q15zr6hn780pu43fwm5297itxgd19rh54-3juc2xz1t-oes5bh hxxp://connt.modusinrebus.net/34v-87d0u3 hxxp://ainab.photographyquincemiami.com/w2juxekry8h9votrvb3-k72wiogn2yq2f3it5d17/j9r hxxp://rated.republicoftaste.com/6t8os/lv-pne1_dshrmqgx-8zl8wd2v5h5m26m_w_zqwzq hxxp://rence.backstageteeshirts.com/qen5sy/6hjyrw79zr2zokq1t4dpl276ta8h8-/3sf9jlfcu0v7daixie_do6zb843/z7 Source
  • Create New...