Thanks a ton. I have seen many videos like these but this one helped me up my knowledge by large also I was glued for the entire 13mins. It has all a user needs to know. More important complicated things explained in an easy way. I liked the crowd sec mention
🔥مرشحه الرئاسه التونسيه ترد على المتطاولين على المصريين من الدول الناشئه ⭕️يا مصـــــــــرى.. لما حد يقولك انت منين ⭕️رد عليه قوله انا من البلد اللي فيها الفلسطيني والعراقي والسوري والليبي واليمني والسوداني عايشين فيها و مفيهاش مخيمات ⭕️قوله انا من البلد اللي ياما كست و علفت و لبست حافيين من غير مقابل ⭕️قوله انا من البلد اللي مفتوحه لكل اللي بيسعي ع شغل و اكل عيش مهماكانت جنسيته و من غير كفيل ⭕️قوله انا من البلد اللي حررت ارضها بدم ولادها مطلبتش من حد يموت عشان يحررها ⭕️قوله انا من البلد اللي استقبلتكم كلكم لاجئين و لما اتحرقت ف العدوان الثلاثي محدش من اهلها لجأ لحد بره حدودها ⭕️قوله انا من البلد اللي جدودها بالدهب مدفونين ..... ⭕️قوله انا من البلداللي مفيهاش عيل قفل حمام ع ابوه و خد منه الكرسي ⭕️ولا فيها ولاد منها في الصحرا "بدون" جنسية مرميين .... ⭕️قوله انا من البلد اللي آوت المسيح و امه و نصفت يوسف بعد ما اخواته فالجب رموه ⭕️قوله انا م البلد اللي شعبها كله جيش وجيشها خير جنود الارض ... ⭕️قوله انا من البلد اللي قامت فيها ثورتين ولسه اللي يلمس طرف مجدي يعقوب فيها بسنانهم ياكلوه قوله انا من مصـــــــــر ام الدنيا 🇪🇬🔥🇪🇬 ⭕️لو لم أكن تونسية لطلبت من الله أن أكون مصـــــــــريه حفظ الله مصـــــــــر 🇪🇬❤️🇪🇬Omar Hashish
@@DragoNate ThioJoe made a video about it. Basically some languages write from right-to-left instead of left-to-right as in English. To achieve right-to-left, a special character is used. This can be exploited to show fake extension of file in the display name Edit: In "properties" it will correctly show "executable" but in display name it will show different Edit: Like this text:"fdp.file.exe", an executable it will display as this(this contains the special character, you can copy it and try): ""fdp.file.exe
@@kingofstrike1234 windows isn't showing it as those files, that's what the scammer has told the system it looks like. you can also make "windows show it as" another file type by putting .pdf before the .scr - if file extensions are hidden, you'll think it's a pdf. but that isn't windows' fault. and believe me, i'll criticize windows and complain about it for every little tiny thing.
I wonder what the thinking was behind letting SCR files have all the privileges, reminds me of Visual Basic scripts in Word and font preview pane in Explorer. What was the developers thinking; wouldn't it be nice if you could install a screen saver from Word and then let that screen saver create an admin account. Some of the weaknesses in Windows stems from Windows 1.0, and I'm guessing most of the code. That's a joke but I'm also kinda serious. It makes sense because the developers lived through the hippie era, peace & love (maaan).
Actually that website was a legit Korean website, and the kakao email adress domain is like a South Korean gmail, it's the standard there. When a regular person has that it's nothing to worry about, but when a company uses that in their official email instead of a company domain it's definitely something that should set off some alarm bells.
Meanwhile in some countries, we have legit businesses, larges institution, academic orgs, and even countless government agencies proudly sporting Gmail address as their official mail.
@@jonathaningram8157 yup, almost fell for a scam involving a translation job from english to spanish, there was no malware involved but the "company" that wanted me to work at had this somewhat impressive webpage, or at least on the front-end cause most links were broken and the address was on some non-existant place in Canada.
Lots of small businesses use Gmail as their official address. Large businesses have the option to have Google host the e-mail for their domain, either on the GMail platform or just in the cloud.@@NopWorks
As many people pointed out already, that's Korean not Japanese. Here's a quick way to tell CJK (Chinese, Japanese, Korean) characters apart for all English speaker out there. A) If it has lots of circle, it's Korean. B) If it has lots of line and square and the character looks "blocky" and "complicate", that's Chinese. C) If it's not of the first two and it has lots of curvy character mixed in with some square and line, that's Japanese. The Chinese and Japanese is a bit tricky because Japanese do mix character from Chinese (Kanji) in their language. However, the Japanese character will standout from the Chinese one, they will look less "blocky" and "less complicated" and has lots of curve line. Hope you learn something new!
Chinese characters have lot of corners and less curves, japanese characters have frequent curves. Japanese looks like it is in Comic Sans by default Edit: About japanese, there are 3 systems(?), Hiragana(like あ) has frequent curves, Katakana has less curves. But both look like Comic Sans to me. These two are most popular.
@@abhisheksinghsolanki3750I absolutely do not understand why Chinese insist on writing their characters in sharp angled & outdated looking font when Japanese already moved on to a tidier font that's easier on the eyes, even though they share lots of the characters.
Japanese have actually three character sets. They derive more complex Concepts with Chinese characters and they use syllabaries to phonetically spell out words. One syllabary for Japanese words is hiragana. For foreign words they use katakana. Katakana is much more sharp and angular looking whereas hiragana has much more rounded curves to the letter forms.
We will be doing a live discord event tomorrow associated with this video, feel free to join in here: discord.com/invite/MgBm5sy9?event=1136673606273871983
Hey is there a video or link with all of the tools you use? If not, would you do a video showing us all the tools you use and links where to download them?
I was already aware of this information partially in thanks to your channel, but it is always good to be reminded in order to stay sharp of real and ominous threats that are just a single click and slip of the mind away.
I've been having the exact same email myself (amongst many similar others) , I swiftly block and delete.. another great informative video. keep these up )
So let me get this straight. The hackers decided to try and scam a youtube channel by the name "The PC Security Channel" and thought you were an easy target. I'd be offended!!
they were hoping he'd be caught off guard. Jim Browning, the guy most famous for scambaiting and shutting down entire scam operations, fell victim to one last year I think having his youtube channel removed. the important thing to remember is that ANYONE can be scammed. even the people who are extremely extremely careful about security, even the best of the best who have so far never been scammed. once you think you're invulnerable, you become _more_ vulnerable.
From the privacy perspective it's nice to see that Google has problems with scanning big files. Also using a pdf icon as an icon for an executable is very smart I never thought about how easy that could be done (probably because I never made actual maleware, If I would would have to think about the icon at some point).
It's not that it has problems is that they won't place the resources on scanning random files that are too big because that costs money, they still archive and store copies of your data anyway.
Thank you for the video. I already knew about all this but still stuck because you go straight to the point and don't waste the viewer's time, unlike those videos where there's a 4-minute intro asking you in 15 different ways whether you were hacked before.
These are some awesome tips for someone that hasn't seen a piece of malware that mimics a pdf. I did an incident response scenario for the first time and kept seeing that MZ on the malicious files and sad to say I didn't know that about pexe files but I knew it was malicious.
Does it? Because I see this and am thankful that it's still so obvious. If you spend 30 seconds looking for the common red flags, scams like this aren't all that clever. Hell, just the fact an agreement form is 600+ MB should make anyone with basic computer knowledge pause. Then of course it's titled "Kappa" which is a very common meme these days indicating a troll or sarcasm. I wouldn't expect everyone to know that but a quick Google search would point this out immediately. The acceptable email formatting is really the only significant improvement I see. Everything else isn't much better than it was a decade ago.
@@JJFX- For boring, irrelevant geezers such as I, for my email, it's "Select All" and then "Delete." Not really an issue. Being irrelevant, it's safe for me to assume that all my emails are irrelevant. The phones sit in a drawer somewhere, their SIM cards removed and discarded from disuse. Keeps the phones at bay yet out of landfills. Can't legally chuck a phone out, so mine are good for watching TH-cam and listening to music. I do not envy the people for whom their phones are their lives...
@@jimcabezola3051 I hear you, honestly that's a good way to do it if you have reason to believe most email isn't relevant. I'm not the freshest fruit on the vine either, I'm simply saying that it's not as cunning as this video may make it seem. Even if you get an email from an old friend you recognize, just don't download anything without looking for obvious indicators. Picture and videos are typically safe to at least view in a browser but approach anything requiring a download with skepticism. What you're doing with old phones is great. I wish more people wouldn't use their primary devices for everything. Just make sure the browsers aren't horribly outdated and avoid clicking anything requesting access like notifications. Just never login to critical accounts on a device with questionable security but it sounds like you're already more careful than most people. Believe it or not, computers these days aren't as dangerous as they seem. Most exploits require some participation on your part beyond just visiting sites or even downloading something. Simply avoiding as much of it as possible is actually more secure than installing a bunch of anti-virus programs.
With regard to the 600 megabytes of all zeros. It seems to me that if you zip the 650 mb, file it would compress down to about the actual code size. This extreme compression could give a big clue about what the heck it is.
Yeah. But antimalware solutions don't do this because you still have to read the entire file and count up all those zeroes in order to compress it down, and it would take a long time and CPU horsepower the user might actually want. And even if you did, malware makers could just replace the filler pattern with anything else that happens to compress well. Now, if an AV could check inside already compressed files and perform the analysis without resorting to decompression, eg, by applying the compression to its own malware database and checking compressed patterns against compressed patterns, maybe you could get somewhere. Encrypted files would throw all of that work out the window, though. But when the user types in the password to decrypt the file, that gives the AV the opportunity to intercept the file's password in memory and analyze the file before the user has the chance to decompress, let alone execute it. This is in no way trivial, as you would need specialized versions of all the heuristics, reengineered to work with compressed data directly. And you would need to do this for every major compression format out there. Fortunately as all lossless compression formats are wholly deterministic, it is at least theoretically possible to do this. I doubt any AVs would, though. It'd be pretty costly and difficult to do this, let alone maintain and support.
@@3lH4ck3rC0mf0r7 you said ' by applying the compression to its own malware database and checking compressed patterns', that's not how signatures work, signatures are a set of rules
Nope, not for log files! I've seen gigabytes of system log get crushed into a 12 meg ball, since 99.9% of the text is identical, it can get pretty small by only keeping one copy of the recurring lines, and just counting the number of times it repeats!
@@3lH4ck3rC0mf0r7 7zip only takes up 5MB (~4 compressed), and while there are probably (commonish) formats it doesn't know what to do with, it also has 1 MB of translations, and likely other code it doesn't need to decompress files. Computers are also ridiculously fast now, so the overhead should be readily available without the user noticing.
This is helpful. I've always wanted to touch into analyzing files to check if they're malicious. Having this in the back of my head will probably be helpfull if employees call in with suspicious files
Great video as always. As to the people who says you go to in depth and would never do some of the things you show doing your videos, well then they shouldn't watch these videos! Leo you are here to educate and impart some of your knowledge and experience to help "The lay people" (i.e. me) understand a little more about cybersecurity. Secondly, to impart some experience and provide examples of real life threats to students of Cybersecurity and Network Administrators. I am treating this as a hobby while learning to strengthen my own families' Cybersecurity posture. So Thanks for all you do Leo. Also with regards to ChatGPT, yeah thanks! Seems like the unintended (or maybe intentional) consequence of its creation is to help cyber criminals. :(
Bottom line - 1. enable “show file extension” in explorer. 2. Don’t run files with extensions such as exe com scr bat files unless you known what they actually are.
@@keepanopenmindlookatallthe2540 setup some script that automatically copies them somewhere or sends them idk but that might also do nothing, waste resources, be unreliable. never tried it.
@mcdazz2011 And whether it really wants to prompt the administrator dialog (suspicious) instead of just phishing your MetaMask credentials while staying sneakily in userspace.
Changing a single value, Microsoft could greatly reduce the success rate of these attacks, but file extensions are just too unsightly to be visible by default.
Well even for a layman, rule of thumb is if an agreement document is 600+ mb while it should be 20 megs tops (and that's generous) - somethings up. Simple rule to follow
@@pch_mechanika Have you ever worked in IT support or provided tech support to people? You would be surprised at the amount of stuff regular computer users don't understand about technology.
Hi Leo, as far as I know on a lot of the antiviruses you can tweak the setting of the size of files you're scanning. This way the scanner can look at what's inside zip file at any size.
@@seinodernichtsein8710sadly, no, since Defender is designed to be a product for all users, even those who know almost nothing about computers, and don't even know they need and should want protection - which is why you can't really customize anything. It's basically a set and forget program, but without the "set" part.
Would be nice with a antivirus comparison of the 658MB file. E.g. how does kapersky, eset etc handle the file when it’s downloaded and also when it is executed.
If I received an unsolicited email from an unknown sender, I'd immediately delete it. On top of that, if the attachment was any bigger than a 1 or 2 Mb and didn't have an ext that I would expect like in this case a pdf - I'd be even more suspicious. Even then, sending a contract without even contacting you directly to discuss the matter is very odd, setting off even more red flags and alarms! The danger is if you are busy and wading through tons of email. The best first line of defense and safeguard would be to use a mail filtering gateway like mimecast. They would pick up and flag 99.9% of all questionable incoming mail and hold all email from unknown sources - prior to release.
Heavily obfuscated / self written malware usually not getting detected in one drive or any other drive / cloud services... All in all still a good example!
to make it obvious since it was not clearly stated. do not doubbleclick to run files / scripts from unkown sources. since this is what they want. always when you recieve files like this think first about what it truly is. the default application is what "they" want their script to run with.
Probably bulk-sent to a bunch of TH-camr's email. Doesn't take too long for a less tech-savvy channel to fail for it. Thankfully, they sent it to the wrong channel here, once a a malware analyst make a video about it, more channel are going to be aware of it.
i wish i saw this video around a week ago when i stupidly downloaded and ran malware... my instagram acc was completely stolen, discord sent malicious link and DC disabled my account permanently without giving me a chance to copy down some of my friends i don't have any other way of contacting, money taken from my account, someone buying gift cards from amazon from my account, constant attempts to login to my microsoft account, facebook account, multiple places i had subscriptions with blocked my accounts due to suspicious/ unusual activities :') All this happening not too long after i lost my job so... yeah. This video would have saved me big time. But it's too late now.
@Patience-mj8hl So I had no choice and had to just clean my PC entirely. Then I just changed all my passwords and so far I think it's fine although I need to cancel my current bank card...
Tech channels have been hit with this... what they need to do is have a big disclaimer when SCR files are used... "Warning, this is trying to run a screensaver program, do you want to proceed?" Should be enough to get most people... but sadly there are many people who don't bother reading a message on the screen.
I think you should have had a bit at the end showing where to get those tools and how to know if they are the legit versions. And mention at the start that you’ll give those instructions at the end.
sir, everyone is vulnerable, even yourself as an expert in this field. please do not get cocky. you are extremely knowledgeable in this field, you know your $h!t and you are much much less susceptible to basic attempts, absolutely. but every time i hear someone say "this doesn't work on me" or something similar, it ends up happening to them shortly after.
Why don't these anti-virus's see if the file is full of empty space? If we can manually check to see where the tail end is, I'm sure an AV could as well. Then It could truncate it and scan it as needed.
Usually the best way to see if an email is scam or not is to look at the email signature. Usually legit emails will have a real person with social media links and more info in the signature.
By the way, I have been using this method for two decades. Actually, from 1997 until today. I still use the same method. Signature was important thing.
This shows one of the fundamental weaknesses of the Windows operating system, which misses the most basic tools people have been using for 40+ years. macOS for example is based upon BSD and BSD, like Linux, like any UNIX like operating system ships with a tool named "file" and if you are unsure about the type of a file, you open a terminal window and type "file " and then drag a file into that window and hit return and the file tool is going to tell you exactly what kind of file that is. It's not using the file extension, the name, or the icon for that, it just looks into the file to figure that out. And trust me, it can tell an executable program apart from a PDF file and it will tell you that.
The domain is THE MOST important red flag. I don't care if you are from a real PR firm. If your employer/client does not provide you with a legitimate e-mail address within his native domain, your e-mails are going straight to SPAM folder, without even reading them. What is more scary is that sometimes real/serious companies send marketing e-mails that are either badly written as if they were actually spam/phishing or embed links that point to some doggy looking domains, or both. Those e-mails make it somewhat hard to judge if the e-mails are real or somehow fake. Of course any attachment with a fake extension is an immediate red-flag, no matter what the e-mail domain is but a word/excel/pdf file could be a real dilemma and a threat that is hard to asses on the spot.
My mom's channel got hacked one time. They posted a bunch of crypto scam videos (not the Elon Musk ones,) but I was able to save her channel and delete the videos posted by the hackers.
lol, a 700mb scr file, also she signed the email, PR Manager Sarah. Most people would put their title after and most likely under their name in a corporate email. Nice video
Thanks my friend, unfortunately this has NOTHiNG to be new. It is a very old and basic method that exist for more than 10years already. I have being doing this since and way more analyzing since 2012. Still..its a good video to show the only first very easy steps into the process of analyzing completely a file execution stages.
Dealing with the aftermath is hard, I wish this video was watched earlier. The one thing that will be with me constantly is the daily hacking attempts each and every day forcing me to reset password every day. 2fa, Ubikey and Linux OS is a start
I really miss your AV test videos, I keep waiting for one but they don't seem to happen anymore. Am I the only one who wants to see tests of 2023 AV vs malwares?
That email sounds like ai generated, because I use gpt to generate email templates to modify, the use of “high sprit” in that first sentence is really common in gpt generated email. Which also explains why the format was so good too.
Seems so weird to me that by now AVs and such don't have any means of detecting such file padding. I get padding could potentially be a lot more sophisticated, but come on simply hundreds of megabytes of null bytes at the end of the file? That seems trivial to detect idk.
It still baffles me that Adobe do not enable security on their Adobe Reader by default. I do not use Adobe reader because it literally sucks at protecting against infected documents, thus I use another PDF reader that actually encapsulates each document it opens to not have system access and I use Avast but with Hardened Mode enabled. This is probably the best option to enable because it literally blocks everything (all ransomware I have tested so far) that just looks at it sideways.
Thanks a ton. I have seen many videos like these but this one helped me up my knowledge by large also I was glued for the entire 13mins. It has all a user needs to know. More important complicated things explained in an easy way. I liked the crowd sec mention
...And he still made money from the sponsorship :)
@@abrendtrosmart man
🔥مرشحه الرئاسه التونسيه ترد على المتطاولين على المصريين من الدول الناشئه
⭕️يا مصـــــــــرى.. لما حد يقولك انت منين
⭕️رد عليه قوله انا من البلد اللي فيها
الفلسطيني والعراقي والسوري والليبي واليمني والسوداني عايشين فيها و مفيهاش مخيمات
⭕️قوله انا من البلد اللي ياما كست و علفت
و لبست حافيين من غير مقابل
⭕️قوله انا من البلد اللي مفتوحه لكل اللي بيسعي ع شغل و اكل عيش مهماكانت جنسيته و من غير كفيل
⭕️قوله انا من البلد اللي حررت ارضها بدم ولادها مطلبتش من حد يموت عشان يحررها
⭕️قوله انا من البلد اللي استقبلتكم كلكم لاجئين و لما اتحرقت ف العدوان الثلاثي محدش من اهلها لجأ لحد بره حدودها
⭕️قوله انا من البلد اللي جدودها بالدهب مدفونين .....
⭕️قوله انا من البلداللي مفيهاش عيل قفل حمام ع ابوه و خد منه الكرسي
⭕️ولا فيها ولاد منها في الصحرا "بدون" جنسية مرميين ....
⭕️قوله انا من البلد اللي آوت المسيح و امه
و نصفت يوسف بعد ما اخواته فالجب رموه
⭕️قوله انا م البلد اللي شعبها كله جيش وجيشها خير جنود الارض ...
⭕️قوله انا من البلد اللي قامت فيها ثورتين ولسه اللي يلمس طرف مجدي يعقوب فيها بسنانهم ياكلوه
قوله انا من مصـــــــــر ام الدنيا 🇪🇬🔥🇪🇬
⭕️لو لم أكن تونسية لطلبت من الله أن أكون مصـــــــــريه
حفظ الله مصـــــــــر 🇪🇬❤️🇪🇬Omar Hashish
"Japanese website"
All that geekiness and still can't differentiate languages. Lmao
@@chrisdawson1776 Its like he only knows the things he knows, i know, unfathomable.
And this is why Windows shouldn't hide file extensions by default.
Even this can bypassed(kinda) by using text-inverter characters
and this is why you should avoid windows altogether
@@abhisheksinghsolanki3750 how so?
@@DragoNate ThioJoe made a video about it. Basically some languages write from right-to-left instead of left-to-right as in English. To achieve right-to-left, a special character is used. This can be exploited to show fake extension of file in the display name
Edit: In "properties" it will correctly show "executable" but in display name it will show different
Edit: Like this
text:"fdp.file.exe", an executable
it will display as this(this contains the special character, you can copy it and try): ""fdp.file.exe
makes me mad that windows is moving to be like macos w none of its benefits and all of its downsides
In case anyone's curious why Screensaver files are executables: they're not videos, they're programs that run in real time on your pc
just think it as a script, but even so the windows name / icon formatting is kinda bad by showing as pdf, xls, etc
@@kingofstrike1234 windows isn't showing it as those files, that's what the scammer has told the system it looks like.
you can also make "windows show it as" another file type by putting .pdf before the .scr - if file extensions are hidden, you'll think it's a pdf.
but that isn't windows' fault. and believe me, i'll criticize windows and complain about it for every little tiny thing.
I wonder what the thinking was behind letting SCR files have all the privileges, reminds me of Visual Basic scripts in Word and font preview pane in Explorer. What was the developers thinking; wouldn't it be nice if you could install a screen saver from Word and then let that screen saver create an admin account.
Some of the weaknesses in Windows stems from Windows 1.0, and I'm guessing most of the code. That's a joke but I'm also kinda serious. It makes sense because the developers lived through the hippie era, peace & love (maaan).
Oh wow, this one actually makes me feel old. 😢
@@uniktbrukernavnexactly. why did the devs decide to let a screensaver file's code have basically the same power as a normal programming language?
Actually that website was a legit Korean website, and the kakao email adress domain is like a South Korean gmail, it's the standard there. When a regular person has that it's nothing to worry about, but when a company uses that in their official email instead of a company domain it's definitely something that should set off some alarm bells.
Meanwhile in some countries, we have legit businesses, larges institution, academic orgs, and even countless government agencies proudly sporting Gmail address as their official mail.
But now with chat gpt it would be quite easy to create a fake website filled with company infos etc.
@@jonathaningram8157 yup, almost fell for a scam involving a translation job from english to spanish, there was no malware involved but the "company" that wanted me to work at had this somewhat impressive webpage, or at least on the front-end cause most links were broken and the address was on some non-existant place in Canada.
Probably the email has been spoofed
Lots of small businesses use Gmail as their official address. Large businesses have the option to have Google host the e-mail for their domain, either on the GMail platform or just in the cloud.@@NopWorks
As many people pointed out already, that's Korean not Japanese. Here's a quick way to tell CJK (Chinese, Japanese, Korean) characters apart for all English speaker out there. A) If it has lots of circle, it's Korean. B) If it has lots of line and square and the character looks "blocky" and "complicate", that's Chinese. C) If it's not of the first two and it has lots of curvy character mixed in with some square and line, that's Japanese. The Chinese and Japanese is a bit tricky because Japanese do mix character from Chinese (Kanji) in their language. However, the Japanese character will standout from the Chinese one, they will look less "blocky" and "less complicated" and has lots of curve line. Hope you learn something new!
Bookmark comment later
Chinese characters have lot of corners and less curves, japanese characters have frequent curves. Japanese looks like it is in Comic Sans by default
Edit: About japanese, there are 3 systems(?), Hiragana(like あ) has frequent curves, Katakana has less curves. But both look like Comic Sans to me. These two are most popular.
@@abhisheksinghsolanki3750"Japanese looks like comic sans by default" is a great way to put it!
@@abhisheksinghsolanki3750I absolutely do not understand why Chinese insist on writing their characters in sharp angled & outdated looking font when Japanese already moved on to a tidier font that's easier on the eyes, even though they share lots of the characters.
Japanese have actually three character sets. They derive more complex Concepts with Chinese characters and they use syllabaries to phonetically spell out words. One syllabary for Japanese words is hiragana. For foreign words they use katakana. Katakana is much more sharp and angular looking whereas hiragana has much more rounded curves to the letter forms.
I've made some pretty suboptimal PDFs in my time, but 600+ mb for a PDF would be a huge warning bell for me.
We will be doing a live discord event tomorrow associated with this video, feel free to join in here: discord.com/invite/MgBm5sy9?event=1136673606273871983
Hey is there a video or link with all of the tools you use? If not, would you do a video showing us all the tools you use and links where to download them?
they tried to hack the wrong man
The sudo command didn't work, but I just asked ChatGPT to give me instructions on how to install the sudo command and WSL
Bruh, I can’t be there 😫😩 - By Juls
Can we get hacked by a pdf file?
I was already aware of this information partially in thanks to your channel, but it is always good to be reminded in order to stay sharp of real and ominous threats that are just a single click and slip of the mind away.
I've been having the exact same email myself (amongst many similar others) , I swiftly block and delete.. another great informative video. keep these up )
So let me get this straight. The hackers decided to try and scam a youtube channel by the name "The PC Security Channel" and thought you were an easy target. I'd be offended!!
they were hoping he'd be caught off guard.
Jim Browning, the guy most famous for scambaiting and shutting down entire scam operations, fell victim to one last year I think having his youtube channel removed.
the important thing to remember is that ANYONE can be scammed. even the people who are extremely extremely careful about security, even the best of the best who have so far never been scammed.
once you think you're invulnerable, you become _more_ vulnerable.
"You only have to lose once."
I mean... it would be very ironic wouldn't it?
Like Linus Tech Tips?
@@randompost78154 theres a video about that on this channel
Ah yes.. I love opening screensaver files.
Me omw: to open a .scr file thats about 500mb
@@Freegame4.Don't worry guys it's just a really cool screensaver!
So you have chosen death.
From the privacy perspective it's nice to see that Google has problems with scanning big files. Also using a pdf icon as an icon for an executable is very smart I never thought about how easy that could be done (probably because I never made actual maleware, If I would would have to think about the icon at some point).
It's not that it has problems is that they won't place the resources on scanning random files that are too big because that costs money, they still archive and store copies of your data anyway.
pdf icon is the oldest trick in the book
@@ieatthighsfr imagine pdf icon doc.exe no one falling for that
Why is it nice that google has problems with scanning big files?
@@SqualidsargeStudios they won't gather info about your files
Kakao is Korean. Its like Whatsapp.
Kakao - when roasted, makes tasty chocolate 🤭🙄I'll see myself out...😋
I love this channel. As someone starting my bachelors in cybersecurity I love learning about this.
Exactly the Same over here bro!
I love your videos, TPSC! Keep them up!
Thank you for the video. I already knew about all this but still stuck because you go straight to the point and don't waste the viewer's time, unlike those videos where there's a 4-minute intro asking you in 15 different ways whether you were hacked before.
This channel is basically a public utility for youtubers specially
These are some awesome tips for someone that hasn't seen a piece of malware that mimics a pdf. I did an incident response scenario for the first time and kept seeing that MZ on the malicious files and sad to say I didn't know that about pexe files but I knew it was malicious.
This makes me want to get rid of all my email accounts and throw out my phones... Mahalo for bringing all this to our attention.
Does it? Because I see this and am thankful that it's still so obvious. If you spend 30 seconds looking for the common red flags, scams like this aren't all that clever. Hell, just the fact an agreement form is 600+ MB should make anyone with basic computer knowledge pause. Then of course it's titled "Kappa" which is a very common meme these days indicating a troll or sarcasm. I wouldn't expect everyone to know that but a quick Google search would point this out immediately.
The acceptable email formatting is really the only significant improvement I see. Everything else isn't much better than it was a decade ago.
@@JJFX- For boring, irrelevant geezers such as I, for my email, it's "Select All" and then "Delete." Not really an issue. Being irrelevant, it's safe for me to assume that all my emails are irrelevant. The phones sit in a drawer somewhere, their SIM cards removed and discarded from disuse. Keeps the phones at bay yet out of landfills. Can't legally chuck a phone out, so mine are good for watching TH-cam and listening to music. I do not envy the people for whom their phones are their lives...
@@jimcabezola3051 I hear you, honestly that's a good way to do it if you have reason to believe most email isn't relevant. I'm not the freshest fruit on the vine either, I'm simply saying that it's not as cunning as this video may make it seem. Even if you get an email from an old friend you recognize, just don't download anything without looking for obvious indicators. Picture and videos are typically safe to at least view in a browser but approach anything requiring a download with skepticism.
What you're doing with old phones is great. I wish more people wouldn't use their primary devices for everything. Just make sure the browsers aren't horribly outdated and avoid clicking anything requesting access like notifications. Just never login to critical accounts on a device with questionable security but it sounds like you're already more careful than most people.
Believe it or not, computers these days aren't as dangerous as they seem. Most exploits require some participation on your part beyond just visiting sites or even downloading something. Simply avoiding as much of it as possible is actually more secure than installing a bunch of anti-virus programs.
@@jimcabezola3051
You're not irrelevant, love yourself NOW!
Thank a million 👍🏻. As someone currently studying cyber security. This video is actually helpful.
instructions unclear, i hacked the hacker instead
Right off the bat, that opening line is a Chinese greeting
Likely AI used
as I put on screen, thanks Chat-GPT!
In any case, we, or at least I, don't speak like that though.
"High spirits." isn't something I'd say in an email. (Maybe that's just me.)
With regard to the 600 megabytes of all zeros.
It seems to me that if you zip the 650 mb, file it would compress down to about the actual code size.
This extreme compression could give a big clue about what the heck it is.
Yes, it would encode the number of zeros it was removing, you are correct
Yeah. But antimalware solutions don't do this because you still have to read the entire file and count up all those zeroes in order to compress it down, and it would take a long time and CPU horsepower the user might actually want.
And even if you did, malware makers could just replace the filler pattern with anything else that happens to compress well. Now, if an AV could check inside already compressed files and perform the analysis without resorting to decompression, eg, by applying the compression to its own malware database and checking compressed patterns against compressed patterns, maybe you could get somewhere. Encrypted files would throw all of that work out the window, though. But when the user types in the password to decrypt the file, that gives the AV the opportunity to intercept the file's password in memory and analyze the file before the user has the chance to decompress, let alone execute it.
This is in no way trivial, as you would need specialized versions of all the heuristics, reengineered to work with compressed data directly. And you would need to do this for every major compression format out there. Fortunately as all lossless compression formats are wholly deterministic, it is at least theoretically possible to do this. I doubt any AVs would, though. It'd be pretty costly and difficult to do this, let alone maintain and support.
@@3lH4ck3rC0mf0r7 you said ' by applying the compression to its own malware database and checking compressed patterns', that's not how signatures work, signatures are a set of rules
Nope, not for log files!
I've seen gigabytes of system log get crushed into a 12 meg ball, since 99.9% of the text is identical, it can get pretty small by only keeping one copy of the recurring lines, and just counting the number of times it repeats!
@@3lH4ck3rC0mf0r7 7zip only takes up 5MB (~4 compressed), and while there are probably (commonish) formats it doesn't know what to do with, it also has 1 MB of translations, and likely other code it doesn't need to decompress files.
Computers are also ridiculously fast now, so the overhead should be readily available without the user noticing.
This is helpful. I've always wanted to touch into analyzing files to check if they're malicious. Having this in the back of my head will probably be helpfull if employees call in with suspicious files
I had an AI generate a couple videos for me on that exact topic.
Great video as always. As to the people who says you go to in depth and would never do some of the things you show doing your videos, well then they shouldn't watch these videos! Leo you are here to educate and impart some of your knowledge and experience to help "The lay people" (i.e. me) understand a little more about cybersecurity. Secondly, to impart some experience and provide examples of real life threats to students of Cybersecurity and Network Administrators. I am treating this as a hobby while learning to strengthen my own families' Cybersecurity posture. So Thanks for all you do Leo.
Also with regards to ChatGPT, yeah thanks! Seems like the unintended (or maybe intentional) consequence of its creation is to help cyber criminals. :(
Love the channel, thank you for all the knowledge
Bottom line -
1. enable “show file extension” in explorer.
2. Don’t run files with extensions such as exe com scr bat files unless you known what they actually are.
Great Tips! For someone who isnt into Tech, these are good Tips and examples. I really appreciate this Video!!!
Also that’s why you enable all the eventlogs audit logging. If you parse those logs you’ll get a very detailed idea about what happened.
Ransomware deletes event logs after the dirty deed is done.
@@keepanopenmindlookatallthe2540 setup some script that automatically copies them somewhere or sends them idk
but that might also do nothing, waste resources, be unreliable. never tried it.
@mcdazz2011 And whether it really wants to prompt the administrator dialog (suspicious) instead of just phishing your MetaMask credentials while staying sneakily in userspace.
Changing a single value, Microsoft could greatly reduce the success rate of these attacks, but file extensions are just too unsightly to be visible by default.
Well even for a layman, rule of thumb is if an agreement document is 600+ mb while it should be 20 megs tops (and that's generous) - somethings up.
Simple rule to follow
I agree, but you're assuming a layman understands file sizes. A lot of people don't understand it and don't care to do so.
@@JJFlores197 srsly???... i guess my definition of a layman was to generous ;-/
@@pch_mechanika Have you ever worked in IT support or provided tech support to people? You would be surprised at the amount of stuff regular computer users don't understand about technology.
From this video. How to exact without downloading?
Hi Leo, as far as I know on a lot of the antiviruses you can tweak the setting of the size of files you're scanning. This way the scanner can look at what's inside zip file at any size.
That’s neat. Do you know if this works on windows defender?
@@seinodernichtsein8710sadly, no, since Defender is designed to be a product for all users, even those who know almost nothing about computers, and don't even know they need and should want protection - which is why you can't really customize anything. It's basically a set and forget program, but without the "set" part.
Hmmm. This comment shows 5 replies. But when I open it up there's only one. Plus mine if it shows up.
@@henryD9363 you should see comments by @seinodernichtsein8710 and me ( @the-Gammaron )
@@henryD9363 tell me if you see my other 2 comments (you can type random letters if you wanna)
Would be nice with a antivirus comparison of the 658MB file. E.g. how does kapersky, eset etc handle the file when it’s downloaded and also when it is executed.
YES. this is what I was thinking while watching the video. How would Kaspersky deal with this?
anyone?
got answered ?
@@defnotatrollit force deletes it 😉
Shoutout to Japanese, my favorite Korean language of all time
I can't believe you said being a cooking TH-camr is worse than being a gaming TH-camr
If I received an unsolicited email from an unknown sender, I'd immediately delete it. On top of that, if the attachment was any bigger than a 1 or 2 Mb and didn't have an ext that I would expect like in this case a pdf - I'd be even more suspicious. Even then, sending a contract without even contacting you directly to discuss the matter is very odd, setting off even more red flags and alarms!
The danger is if you are busy and wading through tons of email. The best first line of defense and safeguard would be to use a mail filtering gateway like mimecast. They would pick up and flag 99.9% of all questionable incoming mail and hold all email from unknown sources - prior to release.
What makes this analysis scary to do is the fact my mouse have tendency to double click on accident..
Same lol i need a new mouse
that kids yay noises scared me fr in the intro section
Heavily obfuscated / self written malware usually not getting detected in one drive or any other drive / cloud services... All in all still a good example!
to make it obvious since it was not clearly stated. do not doubbleclick to run files / scripts from unkown sources. since this is what they want. always when you recieve files like this think first about what it truly is. the default application is what "they" want their script to run with.
Funny, Atomic Shrimp uploaded a video today that also had this scam briefly mentioned. Thanks for sharing!
Probably bulk-sent to a bunch of TH-camr's email. Doesn't take too long for a less tech-savvy channel to fail for it.
Thankfully, they sent it to the wrong channel here, once a a malware analyst make a video about it, more channel are going to be aware of it.
i wish i saw this video around a week ago when i stupidly downloaded and ran malware... my instagram acc was completely stolen, discord sent malicious link and DC disabled my account permanently without giving me a chance to copy down some of my friends i don't have any other way of contacting, money taken from my account, someone buying gift cards from amazon from my account, constant attempts to login to my microsoft account, facebook account, multiple places i had subscriptions with blocked my accounts due to suspicious/ unusual activities :') All this happening not too long after i lost my job so... yeah. This video would have saved me big time. But it's too late now.
@Patience-mj8hl So I had no choice and had to just clean my PC entirely. Then I just changed all my passwords and so far I think it's fine although I need to cancel my current bank card...
Tech channels have been hit with this... what they need to do is have a big disclaimer when SCR files are used... "Warning, this is trying to run a screensaver program, do you want to proceed?" Should be enough to get most people... but sadly there are many people who don't bother reading a message on the screen.
Found your channel today, Really enjoying it!
You called korean japanese..
uh crap, there was another japanese one and I thought this was similar, my bad.
I think you should have had a bit at the end showing where to get those tools and how to know if they are the legit versions.
And mention at the start that you’ll give those instructions at the end.
sir, everyone is vulnerable, even yourself as an expert in this field. please do not get cocky. you are extremely knowledgeable in this field, you know your $h!t and you are much much less susceptible to basic attempts, absolutely. but every time i hear someone say "this doesn't work on me" or something similar, it ends up happening to them shortly after.
Exactly, people are not everytime the same, sometimes unconcentrated, tired etc.
@@Bigmike83007 depression or too frustrated to think clearly as well - many many things
moral of the story. *Have a Hex editor*
Why don't these anti-virus's see if the file is full of empty space? If we can manually check to see where the tail end is, I'm sure an AV could as well. Then It could truncate it and scan it as needed.
Usually the best way to see if an email is scam or not is to look at the email signature. Usually legit emails will have a real person with social media links and more info in the signature.
An agreement as large as 658Mb is a big red flag for me.
By the way, I have been using this method for two decades. Actually, from 1997 until today. I still use the same method. Signature was important thing.
7:00 im soooo proud of myself for understanding what you talking about
I don't know... "I hope this message finds you in high spirits" sets my internal alarms off.
This shows one of the fundamental weaknesses of the Windows operating system, which misses the most basic tools people have been using for 40+ years. macOS for example is based upon BSD and BSD, like Linux, like any UNIX like operating system ships with a tool named "file" and if you are unsure about the type of a file, you open a terminal window and type "file " and then drag a file into that window and hit return and the file tool is going to tell you exactly what kind of file that is. It's not using the file extension, the name, or the icon for that, it just looks into the file to figure that out. And trust me, it can tell an executable program apart from a PDF file and it will tell you that.
The domain is THE MOST important red flag. I don't care if you are from a real PR firm. If your employer/client does not provide you with a legitimate e-mail address within his native domain, your e-mails are going straight to SPAM folder, without even reading them.
What is more scary is that sometimes real/serious companies send marketing e-mails that are either badly written as if they were actually spam/phishing or embed links that point to some doggy looking domains, or both. Those e-mails make it somewhat hard to judge if the e-mails are real or somehow fake.
Of course any attachment with a fake extension is an immediate red-flag, no matter what the e-mail domain is but a word/excel/pdf file could be a real dilemma and a threat that is hard to asses on the spot.
My mom's channel got hacked one time. They posted a bunch of crypto scam videos (not the Elon Musk ones,) but I was able to save her channel and delete the videos posted by the hackers.
One of the best smartest guys around. Thanks even aged techs guys like me can still learn something new
props to the guy that sent a malicious e-mail to a channel named "The PC Security Channel".
thank you for all this info.
Thanks for sharing. A very helpful and clear explanation of what the scammers are up to.
lol, a 700mb scr file, also she signed the email, PR Manager Sarah. Most people would put their title after and most likely under their name in a corporate email. Nice video
Thank you for sharing this, super insightful and helpful. Can you please let me know what material you studied to become a malware analyst?
Whenever they say, "I hope this message reaches you in blah blah blah" then you know.
RED ALERT: "I hope this message finds you in high spirits!" DING DING DING - major RED FLAG
Thanks my friend, unfortunately this has NOTHiNG to be new. It is a very old and basic method that exist for more than 10years already.
I have being doing this since and way more analyzing since 2012.
Still..its a good video to show the only first very easy steps into the process of analyzing completely a file execution stages.
Dealing with the aftermath is hard, I wish this video was watched earlier. The one thing that will be with me constantly is the daily hacking attempts each and every day forcing me to reset password every day. 2fa, Ubikey and Linux OS is a start
does Windows even give a warning when you open the file like "We weren't able to scan this file, run at your own risk" ?
Amazing tutorial my friend.
I really miss your AV test videos, I keep waiting for one but they don't seem to happen anymore. Am I the only one who wants to see tests of 2023 AV vs malwares?
What a fabulous explanation.
This is why i dont answer these emails
Thank you. This was quite useful when just dipping your toes into security.
That email sounds like ai generated, because I use gpt to generate email templates to modify, the use of “high sprit” in that first sentence is really common in gpt generated email. Which also explains why the format was so good too.
Great and informative video! What Windows theme are you using?
Thats why I disable opening remote images setting in my email setting.
this dude getting a scam email: "you dare oppose me mortal"
The best way to not get hacked is to have common sense
Seems so weird to me that by now AVs and such don't have any means of detecting such file padding. I get padding could potentially be a lot more sophisticated, but come on simply hundreds of megabytes of null bytes at the end of the file? That seems trivial to detect idk.
Very helpful video, thank you
I would like to see a test between f-secure Bitdefender and Malwarebytes
I wonder what happens when, instead of double-clicking on a PDF file, you open a PDF reader and select the file from there...
Kakao: A company behind the largest chat app in South Korea
The PC Security Channel: Some weird Japanese website
💀💀💀
Great informative video. Thanks
I was really waiting for this video to be 30 sec long and him just unplugging the internet
might be dumb question and obvious one but what if i download the scr file and change its type to lets say txt and run it? would it still run?
Instructions unclear, got massively hacked.
should sell this video to corporates, this video alone would save them hundreds of thousands on cyber attacks
Great stuff keep up the good work
Just receiving a very large “document” file would be enough for me to spot it as a virus lol
Excellent video and tutorial, thanks.
Just for clarification kakao is a korean based site, great insightful video though.
As this channel is focused on computer security, making videos on portmaster and simplewall. Users should aware regarding firewalls
4:35 I mean, there's also polyglots and document viewer exploits, but those are too sophisticated for your average attacker, apparently.
About what happened on the Iphone Of the Egyptian President candidate, The predator virus .
kakao is like a korean yahoo that is harmless, but the actor is definitely a threat
we need updated "best antivirus" video
It still baffles me that Adobe do not enable security on their Adobe Reader by default. I do not use Adobe reader because it literally sucks at protecting against infected documents, thus I use another PDF reader that actually encapsulates each document it opens to not have system access and I use Avast but with Hardened Mode enabled. This is probably the best option to enable because it literally blocks everything (all ransomware I have tested so far) that just looks at it sideways.
At 1:06, FYI, that's Korean, not Japanese. Loved the video thoough.
Can you do a video where you talk about how you get into the malware analysis field as a job? What positions to look at right out of college etc?