WOT: (Web of Trust) – A valuable extension

I’ve mentioned WOT in a number of my previous posts, but I thought I’d give it a bit more exposure, given the amount of scams, fake news websites, and general internet douchebaggery that is so prevalent right now.

Web of Trust is a FREE extension that adds a small circle after any clickable link on your computer to let you know how trustworthy that site is. Here’s an example – recently I was trying to remove a hijacker that redirected me to Spectrum’s search service when an unknown URL was encountered:

WOT

Notice that the circles can be green, yellow, and red – just like  stoplight. That’s your first clue – but it pays to drill down for more information as I mention below. Green is generally trustworthy, yellow is questionable, and red is downright dangerous. A gray circle with a question mark means there is no information (yet) about the site in question.

Some dangerous websites will be flagged by Google directly (Click image to enlarge)

Google1

If you have a paid version of Malwarebytes, known malware websites will be automatically blocked:
Malwarebytes

But if neither one of these help, WOT will give you a warning for red-circle links that looks like this (Click image to enlarge):

WOT1

You’ll notice that you get a summary of ratings and reasons why the website is not trusted.

In addition, search engine results can be previewed simply by hovering your mouse over the colored circle:

WOT2

and then you can follow the “click to view details” link to get a full page of information about the website.

WOT3

As with anything that is crowdsourced, one needs to be cautious. A tool like this could be used to give bad ratings to a website by an unethical competitor, so look at the dates of the reviews and get an overall feel for the page in question. In general, though, I’ve found that this tool tends to be self-correcting, so if one person rates a site untrustworthy for malware, and five other more recent users give reasons why it’s safe, I feel pretty confident that the first review is either spurious or outdated.

If you want to rate websites yourself, you can create a free account, log in, and provide details of your experience.

In addition to protecting you from viruses or other malware, WOT can be very useful for verifying whether news sites are reliable or not.

An example: Today on Facebook I saw a link to a story that there was a second shooter in Las Vegas:

Facebook

That yellow circle told me right off that this story is questionable. Hovering over the warning gave me this:

WOT4

And a subsequent search on Google for yournewswire.com confirmed that this is a notorious clickbait, inflammatory, fake-news website:

Founded by Sean Adl-Tabatabai and Sinclair Treadway in 2014. It has published fake stories, such as “claims that the Queen had threatened to abdicate if the UK voted against Brexit” (Wikipedia)

It pays to be safe, and it pays to be careful. This little extension works well with Window 10 and earlier versions (I’ve tried it on XP and 7 both), it’s free, and it provides a wealth of information about internet dangers. I highly recommend it.

The Old Wolf has spoken.

Advertisements

The scammers don’t give up

scam1

The “Microsoft Customer Support” scam: Today’s number is 866-587-7384.

Your screen locks up. You can’t close your browser. You can’t go back. A computerized voice starts talking to you about pornographic malware. A warning message tells you your data is being stolen. You are given a phone number to call for help removing the malware.

Do NOT call this number. It has nothing to do with Microsoft. The page you are seeing is a malicious script that has been loaded from a website that you visited, probably from a banner ad or something else that the page owner is unaware of, and is designed to scare you. If you follow the steps the “support agent” gives you, he or she will have you  give them total control of your system. From there, anything can happen and none of it will be good.

In the event that you went through this process with an “agent,” it will be critical for you to run an anti-malware program such as Malwarebytes (I don’t work for them), or have your computer cleaned by a professional, before you do anything else.

Be careful out there.

The Old Wolf has spoken.

Microsoft, stop resetting my program defaults in Windows 10.

reset

Dear Microsoft,

  • I don’t give a rat’s south-40 whether or not an app caused a problem. Handle it with an error message, if you must. Or a recommendation.
  • I’ve been to “program defaults” and I have specified what program I want to handle given file types.
  • You have NO RIGHT to change those back just because you want me to use your own (often substandard) applications.
  • Stop doing this. I configure my computer to my own needs, not yours. This is beyond ignorant, beyond arrogant, beyond anything reasonable or normal. It is stupid and maddening. Just STOP IT.

cactus

No love,

The Old Wolf

Hard Drive Safety Delete Will Start in Five Minutes

Executive Summary: There is no “hard drive safety delete.” Your machine is not infected. You have been redirected to a malicious web page. Calling “support” will connect you to someone in India who wants to install malware on your computer. Don’t do it.

deleteDelete 2

Just posting this with a sample screen so that anyone who searches for the Zeus virus infection might see it.

A full description of this scam can be found at a previous entry.

Do NOT call 844-813-1552 to ask for support. Be very careful out there.

The Old Wolf has spoken.

Your Computer Has Been Blocked! (PS – no, it hasn’t)

scam

If you get a screen like this while doing something like trying to log in to Facebook or something else, usually as a result of clicking on a link after a web search, you are being scammed.

Typically your browser locks up – you can’t go back, you can’t navigate to anything else, and you even can’t close the window. Instructions tell you to call Microsoft support because your system is infected with spyware and viruses.

It hasn’t.

If you call the number (877-382-9050), a friendly person (in India, Pakistan, or somewhere else) will answer. THESE ARE NOT MICROSOFT SUPPORT CONSULTANTS. THEY ARE SCAMMERS AND CRIMINALS. They will ask you some questions about your system, and have you do the following things:

  • Press the windows+R keys to open the “Run” box
  • Type in ” iexplore http://www.go2patch.com ” and hit enter
  • Type in the access code that they give you
  • Press the “Connect” button and then allow the program to run

If you do this, you have just given full access of your system to criminals who will steal valuable information, download real spyware or malware, or turn your computer into part of a botnet to send out spam.

This is just another incarnation of the “Zeus Virus” scam – same technique, different remote connection software.

If this happens to you, hit Ctrl-Alt-Del and open the Task Manager. End the browser task from there, whatever you’re running (IE, Edge, Chrome, Firefox, NCSA Mosaic, etc.)

What do you do if you have already allowed access? According to “Slim,” a registered user at 800Notes.com,

Since the scammers accessed the computer, they probably did one or more of the following:
• Disabled the anti-virus software
• Added nasty malware to the computer
• Copied the Contact List (so they can spam/email your soon-to-be ex-friends)
• Copied any financial data or passwords they could find
• Compromised your ID on Facebook or other social site(s), and perhaps on shopping sites.
• “Zombied” the computer, so it would respond to THEIR commands sent via internet
• Deleted some important files
• Asked for money to repair the damage they caused

What can you do immediately after such an attack?

1.  Pull the cables on the computer, or otherwise disable it, so it cannot access the internet.
2.  Change ALL  passwords stored on the computer.
3.  Run FULL malware scans on the computer, in “SAFE” mode!
4.  Change the passwords again, particularly if the malware scans showed anything.
5.  Inform your bank and credit card companies.
6.  Sign up for credit monitoring, and check the status frequently
7.  Backup non-executable personal, data files to an external storage device.  (Executable files might be infected).
8.  You may have to bring the computer to a local repair shop, and tell them the story.
9.  Tell friends what happened, so they can be aware of strange emails from you.
10.  Connect to the internet only AFTER all the above have been done.
11.  Change the passwords on all online accounts.  Even better – access a “safe”, uninfected  computer, and change your online account passwords RIGHT NOW.

Be careful out there – don’t help the bad guys mess up your machine.

The Old Wolf has spoken.

Here’s to the crazy ones – and to the creators of the campaign.

Recently I posted this image over at Facebook:

77e93b96856f2692806beb5c95fa0b7f

At once I began to get pushback on the source, so I thought I’d do a bit of digging – and what I found was interesting.

One thing is certain – the quote was part of Apple’s “Think Different” campaign. There were two versions of the commercial, one voice-overed by Steve Jobs himself (this one never aired):

And the one that actually hit the airwaves, with Richard Dreyfuss as the narrator:

But who actually wrote the text?

Not Jack Kerouac: “Sometimes attributed to Kerouac on the internet, perhaps because it evokes his famous quote from On the Road: “The only people for me are the mad ones, the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn, like fabulous yellow roman candles exploding like spiders across the stars and in the middle you see the blue centerlight pop and everybody goes “Awww!” ” (Wikiquote)

Not John Chapman, aka “Johnny Appleseed“: If you look closely at the Text Edit icon in Apple’s OS X, you’ll see the the quote there in the form of a letter to “Kate” from “John Appleseed.”

Text Edit

This has led some to attribute the quote to Chapman himself, which is just all wrong – the language is never something that the historical Johnny Appleseed would have used; on a side note of interest, this article at the Smithsonian suggests that Chapman was planting apples for hard liquor, not for eating.

“Apple cider provided those on the frontier with a safe, stable source of drink, and in a time and place where water could be full of dangerous bacteria, cider could be imbibed without worry.”

So who is the John Appleseed referred to in the icon, and who is Kate?

Not John Appleseed, the shadowy “Apple Insider:” This article at Techradar gives the background on who John Appleseed was – a Cupertino-based software developer who had developed Apple II software under his own name. When Apple’s CEO Mike Markkula (also a coder) developed some Apple II software under the pseudonym John Appleseed, the real Appleseed didn’t sue – he launched a campaign to meet Steve Jobs, as described in the article. Ultimately Appleseed’s image and name became the face of the iPhone and other products, although he was never really an “Apple Insider.”

5a104893d7f8b30ae52b64e25a6fa545-1200-80

Unfortunately for him, Jobs died, Apple evolved, and his usefulness as a mascot came to an end. As for Kate? Best guess is that she’s an open source text editor in KDE in the linux operating system. It is possible that during his time of interfacing with Steve Jobs, some of Appleseed’s ideas may have insinuated them into Jobs’ consciousness to have an impact later.

Yes, it was John Siltanen and Lee Clow (and a few others): John Siltanen chronicled the real genesis of the campaign’s text in an article at Forbes (caution: Forbes now makes you whitelist their site if you have AdBlock Plus installed, which I happen to think is a scummy move – but there it is.) Siltanen and Lee Clow were employed by the TBWA/Chiat/Day advertising agency that were shooting to get Apple’s business for a new campaign. The whole article is a fascinating first-person look at how the campaign was designed, pitched, and won.

Some of the original thoughts behind the text in question came from these quotes from “Dead Poet’s Society,” among others:

“We must constantly look at things in a different way. Just when you think you know something, you must look at it in a different way. Even though it may seem silly or wrong, you must try. Dare to strike out and find new ground.”

“Despite what anyone might tell you, words and ideas can change the world.”

“We don’t read and write poetry because it’s cute. We read and write poetry because we are members of the human race. And the human race is filled with passion. Poetry, beauty, love, romance. These are what we stay alive for. The powerful play goes on and you may contribute a verse. What will your verse be?”

So even though the text was really a collaborative effort, at the end Lee Clow made sure that Steve Jobs’ name was included in the credits on the campaign. As a result, I’m going with “Correct Attribution by Association” on the authorship of the quote.

The Old Wolf has spoken.

Marketing by terror

I’ve mentioned Android webjacking before, but here’s another example. Things like this are not usually “viruses” on your handheld device, but rather malicious code embedded in a legitimate website by unscrupulous advertisers.

screenshot_2017-02-16-11-04-16

 

First, this exploit makes your phone buzz like a hornet that’s just been pinched in a vise, and locks your browser. No going back. Second, vulgar sites? No, actually this popped up when I was trying to leave a comment at retailcomic.com. I trust the site not to hide exploits like this on purpose.

 

screenshot_2017-02-16-11-04-35

The claims on these “warnings,” along with being written in questionable English, are absolute lies: “If the problem can not be resolved immediately , the viruses will spy your phone, and destroy your SIM card, delete all your contacts.”

Now I’m just following the trail to see who’s behind this.

screenshot_2017-02-16-11-04-49

Looks like someone is hawking an app (surprise, surprise):

screenshot_2017-02-16-11-05-09

A comment at the app’s site complained, and the developer responded; notice the salutation “Dear,” usually seen on Nigerian scam emails but certainly a red flag that the app developer is not a native English speaker.

 

Screenshot_2017-02-16-11-05-51.png

Despite the apology and denial of malicious intent, I would be very suspicious of apps that are advertised in this way.

Be careful out there.

The Old Wolf has spoken.