How to not get hacked: real example
ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2023
- I have been consistently spammed with infostealer malware links on google drive designed to steal my login credentials and hack my TH-cam account. Here's an in-depth analysis of the technique and how to not get hacked. Join a live Q&A with me on Discord: discord.gg/MgBm5sy9?event=113...
Get Crowdsec to stop DDoS and brute force attacks: www.crowdsec.net/?mtm_campaig... (sponsor)
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact - วิทยาศาสตร์และเทคโนโลยี
Thanks a ton. I have seen many videos like these but this one helped me up my knowledge by large also I was glued for the entire 13mins. It has all a user needs to know. More important complicated things explained in an easy way. I liked the crowd sec mention
...And he still made money from the sponsorship :)
@@user-mn7ot9bf1usmart man
🔥مرشحه الرئاسه التونسيه ترد على المتطاولين على المصريين من الدول الناشئه
⭕️يا مصـــــــــرى.. لما حد يقولك انت منين
⭕️رد عليه قوله انا من البلد اللي فيها
الفلسطيني والعراقي والسوري والليبي واليمني والسوداني عايشين فيها و مفيهاش مخيمات
⭕️قوله انا من البلد اللي ياما كست و علفت
و لبست حافيين من غير مقابل
⭕️قوله انا من البلد اللي مفتوحه لكل اللي بيسعي ع شغل و اكل عيش مهماكانت جنسيته و من غير كفيل
⭕️قوله انا من البلد اللي حررت ارضها بدم ولادها مطلبتش من حد يموت عشان يحررها
⭕️قوله انا من البلد اللي استقبلتكم كلكم لاجئين و لما اتحرقت ف العدوان الثلاثي محدش من اهلها لجأ لحد بره حدودها
⭕️قوله انا من البلد اللي جدودها بالدهب مدفونين .....
⭕️قوله انا من البلداللي مفيهاش عيل قفل حمام ع ابوه و خد منه الكرسي
⭕️ولا فيها ولاد منها في الصحرا "بدون" جنسية مرميين ....
⭕️قوله انا من البلد اللي آوت المسيح و امه
و نصفت يوسف بعد ما اخواته فالجب رموه
⭕️قوله انا م البلد اللي شعبها كله جيش وجيشها خير جنود الارض ...
⭕️قوله انا من البلد اللي قامت فيها ثورتين ولسه اللي يلمس طرف مجدي يعقوب فيها بسنانهم ياكلوه
قوله انا من مصـــــــــر ام الدنيا 🇪🇬🔥🇪🇬
⭕️لو لم أكن تونسية لطلبت من الله أن أكون مصـــــــــريه
حفظ الله مصـــــــــر 🇪🇬❤️🇪🇬Omar Hashish
"Japanese website"
All that geekiness and still can't differentiate languages. Lmao
@@chrisdawson1776 Its like he only knows the things he knows, i know, unfathomable.
And this is why Windows shouldn't hide file extensions by default.
Even this can bypassed(kinda) by using text-inverter characters
and this is why you should avoid windows altogether
@@abhisheksinghsolanki3750 how so?
@@DragoNate ThioJoe made a video about it. Basically some languages write from right-to-left instead of left-to-right as in English. To achieve right-to-left, a special character is used. This can be exploited to show fake extension of file in the display name
Edit: In "properties" it will correctly show "executable" but in display name it will show different
Edit: Like this
text:"fdp.file.exe", an executable
it will display as this(this contains the special character, you can copy it and try): ""fdp.file.exe
makes me mad that windows is moving to be like macos w none of its benefits and all of its downsides
In case anyone's curious why Screensaver files are executables: they're not videos, they're programs that run in real time on your pc
just think it as a script, but even so the windows name / icon formatting is kinda bad by showing as pdf, xls, etc
@@kingofstrike1234 windows isn't showing it as those files, that's what the scammer has told the system it looks like.
you can also make "windows show it as" another file type by putting .pdf before the .scr - if file extensions are hidden, you'll think it's a pdf.
but that isn't windows' fault. and believe me, i'll criticize windows and complain about it for every little tiny thing.
I wonder what the thinking was behind letting SCR files have all the privileges, reminds me of Visual Basic scripts in Word and font preview pane in Explorer. What was the developers thinking; wouldn't it be nice if you could install a screen saver from Word and then let that screen saver create an admin account.
Some of the weaknesses in Windows stems from Windows 1.0, and I'm guessing most of the code. That's a joke but I'm also kinda serious. It makes sense because the developers lived through the hippie era, peace & love (maaan).
Oh wow, this one actually makes me feel old. 😢
@@uniktbrukernavnexactly. why did the devs decide to let a screensaver file's code have basically the same power as a normal programming language?
Actually that website was a legit Korean website, and the kakao email adress domain is like a South Korean gmail, it's the standard there. When a regular person has that it's nothing to worry about, but when a company uses that in their official email instead of a company domain it's definitely something that should set off some alarm bells.
Meanwhile in some countries, we have legit businesses, larges institution, academic orgs, and even countless government agencies proudly sporting Gmail address as their official mail.
But now with chat gpt it would be quite easy to create a fake website filled with company infos etc.
@@jonathaningram8157 yup, almost fell for a scam involving a translation job from english to spanish, there was no malware involved but the "company" that wanted me to work at had this somewhat impressive webpage, or at least on the front-end cause most links were broken and the address was on some non-existant place in Canada.
Probably the email has been spoofed
Lots of small businesses use Gmail as their official address. Large businesses have the option to have Google host the e-mail for their domain, either on the GMail platform or just in the cloud.@@NopWorks
As many people pointed out already, that's Korean not Japanese. Here's a quick way to tell CJK (Chinese, Japanese, Korean) characters apart for all English speaker out there. A) If it has lots of circle, it's Korean. B) If it has lots of line and square and the character looks "blocky" and "complicate", that's Chinese. C) If it's not of the first two and it has lots of curvy character mixed in with some square and line, that's Japanese. The Chinese and Japanese is a bit tricky because Japanese do mix character from Chinese (Kanji) in their language. However, the Japanese character will standout from the Chinese one, they will look less "blocky" and "less complicated" and has lots of curve line. Hope you learn something new!
Bookmark comment later
Chinese characters have lot of corners and less curves, japanese characters have frequent curves. Japanese looks like it is in Comic Sans by default
Edit: About japanese, there are 3 systems(?), Hiragana(like あ) has frequent curves, Katakana has less curves. But both look like Comic Sans to me. These two are most popular.
@@abhisheksinghsolanki3750"Japanese looks like comic sans by default" is a great way to put it!
@@abhisheksinghsolanki3750I absolutely do not understand why Chinese insist on writing their characters in sharp angled & outdated looking font when Japanese already moved on to a tidier font that's easier on the eyes, even though they share lots of the characters.
Japanese have actually three character sets. They derive more complex Concepts with Chinese characters and they use syllabaries to phonetically spell out words. One syllabary for Japanese words is hiragana. For foreign words they use katakana. Katakana is much more sharp and angular looking whereas hiragana has much more rounded curves to the letter forms.
Ah yes.. I love opening screensaver files.
Me omw: to open a .scr file thats about 500mb
@@Freegame4.Don't worry guys it's just a really cool screensaver!
So you have chosen death.
So let me get this straight. The hackers decided to try and scam a youtube channel by the name "The PC Security Channel" and thought you were an easy target. I'd be offended!!
they were hoping he'd be caught off guard.
Jim Browning, the guy most famous for scambaiting and shutting down entire scam operations, fell victim to one last year I think having his youtube channel removed.
the important thing to remember is that ANYONE can be scammed. even the people who are extremely extremely careful about security, even the best of the best who have so far never been scammed.
once you think you're invulnerable, you become _more_ vulnerable.
"You only have to lose once."
I mean... it would be very ironic wouldn't it?
Like Linus Tech Tips?
@@randompost78154 theres a video about that on this channel
I've made some pretty suboptimal PDFs in my time, but 600+ mb for a PDF would be a huge warning bell for me.
Kakao is Korean. Its like Whatsapp.
You called korean japanese..
uh crap, there was another japanese one and I thought this was similar, my bad.
Correction on 1:07
that is a South Korean website
Edge even says it's detected a page in Korean, haha.
It's an honest mistake.
This TH-camr is from UK. Its not easy to tell Chinese and Japanese characters nor Chinese and Taiwanese characters or Vietnamese or Thailand characters.
It's going to be the same for Asians, they'll mostly treat every English speakers as Americans when English originated from England.
I was already aware of this information partially in thanks to your channel, but it is always good to be reminded in order to stay sharp of real and ominous threats that are just a single click and slip of the mind away.
Thank you for the video. I already knew about all this but still stuck because you go straight to the point and don't waste the viewer's time, unlike those videos where there's a 4-minute intro asking you in 15 different ways whether you were hacked before.
I love your videos, TPSC! Keep them up!
I've been having the exact same email myself (amongst many similar others) , I swiftly block and delete.. another great informative video. keep these up )
Found your channel today, Really enjoying it!
I love this channel. As someone starting my bachelors in cybersecurity I love learning about this.
Exactly the Same over here bro!
Great video as always. As to the people who says you go to in depth and would never do some of the things you show doing your videos, well then they shouldn't watch these videos! Leo you are here to educate and impart some of your knowledge and experience to help "The lay people" (i.e. me) understand a little more about cybersecurity. Secondly, to impart some experience and provide examples of real life threats to students of Cybersecurity and Network Administrators. I am treating this as a hobby while learning to strengthen my own families' Cybersecurity posture. So Thanks for all you do Leo.
Also with regards to ChatGPT, yeah thanks! Seems like the unintended (or maybe intentional) consequence of its creation is to help cyber criminals. :(
Thank a million 👍🏻. As someone currently studying cyber security. This video is actually helpful.
Love the channel, thank you for all the knowledge
Thanks for sharing. A very helpful and clear explanation of what the scammers are up to.
Great Tips! For someone who isnt into Tech, these are good Tips and examples. I really appreciate this Video!!!
These are some awesome tips for someone that hasn't seen a piece of malware that mimics a pdf. I did an incident response scenario for the first time and kept seeing that MZ on the malicious files and sad to say I didn't know that about pexe files but I knew it was malicious.
Great stuff keep up the good work
Great informative video. Thanks
love this channel keep it up
Amazing tutorial my friend.
awesome video, i learn a lot with you!! Greetings from BRAZIL!
What a fabulous explanation.
Right off the bat, that opening line is a Chinese greeting
Likely AI used
as I put on screen, thanks Chat-GPT!
In any case, we, or at least I, don't speak like that though.
"High spirits." isn't something I'd say in an email. (Maybe that's just me.)
This channel is basically a public utility for youtubers specially
thank you for all this info.
Thank you. This was quite useful when just dipping your toes into security.
We will be doing a live discord event tomorrow associated with this video, feel free to join in here: discord.com/invite/MgBm5sy9?event=1136673606273871983
Hey is there a video or link with all of the tools you use? If not, would you do a video showing us all the tools you use and links where to download them?
they tried to hack the wrong man
The sudo command didn't work, but I just asked ChatGPT to give me instructions on how to install the sudo command and WSL
Bruh, I can’t be there 😫😩 - By Juls
Can we get hacked by a pdf file?
Very helpful video, thank you
From the privacy perspective it's nice to see that Google has problems with scanning big files. Also using a pdf icon as an icon for an executable is very smart I never thought about how easy that could be done (probably because I never made actual maleware, If I would would have to think about the icon at some point).
It's not that it has problems is that they won't place the resources on scanning random files that are too big because that costs money, they still archive and store copies of your data anyway.
pdf icon is the oldest trick in the book
@@ieatthighsfr imagine pdf icon doc.exe no one falling for that
Why is it nice that google has problems with scanning big files?
@@SqualidsargeStudios they won't gather info about your files
Thank you for sharing this, super insightful and helpful. Can you please let me know what material you studied to become a malware analyst?
Thanks for sharing.
This is helpful. I've always wanted to touch into analyzing files to check if they're malicious. Having this in the back of my head will probably be helpfull if employees call in with suspicious files
I had an AI generate a couple videos for me on that exact topic.
Thanks, Leo!
Great and informative video! What Windows theme are you using?
Well even for a layman, rule of thumb is if an agreement document is 600+ mb while it should be 20 megs tops (and that's generous) - somethings up.
Simple rule to follow
I agree, but you're assuming a layman understands file sizes. A lot of people don't understand it and don't care to do so.
@@JJFlores197 srsly???... i guess my definition of a layman was to generous ;-/
@@pwilkutowski Have you ever worked in IT support or provided tech support to people? You would be surprised at the amount of stuff regular computer users don't understand about technology.
Increased my confidence that I did the exact same steps as you did, though I am guessing you left a lot of the technical stuff out as well, is there any resources you can point me too?
Excellent video and tutorial, thanks.
With regard to the 600 megabytes of all zeros.
It seems to me that if you zip the 650 mb, file it would compress down to about the actual code size.
This extreme compression could give a big clue about what the heck it is.
Yes, it would encode the number of zeros it was removing, you are correct
Yeah. But antimalware solutions don't do this because you still have to read the entire file and count up all those zeroes in order to compress it down, and it would take a long time and CPU horsepower the user might actually want.
And even if you did, malware makers could just replace the filler pattern with anything else that happens to compress well. Now, if an AV could check inside already compressed files and perform the analysis without resorting to decompression, eg, by applying the compression to its own malware database and checking compressed patterns against compressed patterns, maybe you could get somewhere. Encrypted files would throw all of that work out the window, though. But when the user types in the password to decrypt the file, that gives the AV the opportunity to intercept the file's password in memory and analyze the file before the user has the chance to decompress, let alone execute it.
This is in no way trivial, as you would need specialized versions of all the heuristics, reengineered to work with compressed data directly. And you would need to do this for every major compression format out there. Fortunately as all lossless compression formats are wholly deterministic, it is at least theoretically possible to do this. I doubt any AVs would, though. It'd be pretty costly and difficult to do this, let alone maintain and support.
@@3lH4ck3rC0mf0r7 you said ' by applying the compression to its own malware database and checking compressed patterns', that's not how signatures work, signatures are a set of rules
Nope, not for log files!
I've seen gigabytes of system log get crushed into a 12 meg ball, since 99.9% of the text is identical, it can get pretty small by only keeping one copy of the recurring lines, and just counting the number of times it repeats!
moral of the story. *Have a Hex editor*
Thanks a lot bro, very useful.
Shoutout to Japanese, my favorite Korean language of all time
I really really enjoyed this video .
thanks for the video although it was a bit intimidating to me.🙂
but basically what I understood that to have a VM dedicated for that subject would be safer for the PC
but what about my network and the router will they be easy to attack or is it safe?🤔
Heavily obfuscated / self written malware usually not getting detected in one drive or any other drive / cloud services... All in all still a good example!
Hello I have a few questions regarding another video you've done that sort of relates back to this one.
Have you heard about the new exploit " bleedingpipe " on modded minecraft, and are you going to make a video discussing that?
Are minecraft mods from modrinth, or curseforge still dangerous to download and run?
What is your opinion on the frequency of attacks being launched against Users using mods?
What are the best options that you would personally use to defend yourself against harmful programs that are currently undetected, ready to be deployed as zero days against consumers?
Hi Leo, as far as I know on a lot of the antiviruses you can tweak the setting of the size of files you're scanning. This way the scanner can look at what's inside zip file at any size.
That’s neat. Do you know if this works on windows defender?
@@seinodernichtsein8710sadly, no, since Defender is designed to be a product for all users, even those who know almost nothing about computers, and don't even know they need and should want protection - which is why you can't really customize anything. It's basically a set and forget program, but without the "set" part.
Hmmm. This comment shows 5 replies. But when I open it up there's only one. Plus mine if it shows up.
@@henryD9363 you should see comments by @seinodernichtsein8710 and me ( @the-Gammaron )
@@henryD9363 tell me if you see my other 2 comments (you can type random letters if you wanna)
Bottom line -
1. enable “show file extension” in explorer.
2. Don’t run files with extensions such as exe com scr bat files unless you known what they actually are.
Can you do a video where you talk about how you get into the malware analysis field as a job? What positions to look at right out of college etc?
If I received an unsolicited email from an unknown sender, I'd immediately delete it. On top of that, if the attachment was any bigger than a 1 or 2 Mb and didn't have an ext that I would expect like in this case a pdf - I'd be even more suspicious. Even then, sending a contract without even contacting you directly to discuss the matter is very odd, setting off even more red flags and alarms!
The danger is if you are busy and wading through tons of email. The best first line of defense and safeguard would be to use a mail filtering gateway like mimecast. They would pick up and flag 99.9% of all questionable incoming mail and hold all email from unknown sources - prior to release.
Wow, I learned a lot from this video.
Loved the video, could you breifly teach us on how exactly do we use the HxD properly for analysis, i could not find a good video about it.
Could you do "cat file" in linux and would serve the same way as with that editor you're using kn windows?
Amazing video
we need to reestructure the way we interact with file execution / command execution. We need a persistent shield watching the onmouse over and onmouseclick events, not allowing user to "execute" a command, before the destination of that "click" to be scanned. I was trying to implement a python-based resident shield that disables all execution commands at startup and only allows the click, after checking its after events. Tried to manage the virustotal api to do the hard work. Im still developing it, hard, but on the go
Hello. Can you recommend some good real time malware scanners you were talking about. Thank you. I just found your channel and this is very good.
Well done
Would be nice with a antivirus comparison of the 658MB file. E.g. how does kapersky, eset etc handle the file when it’s downloaded and also when it is executed.
YES. this is what I was thinking while watching the video. How would Kaspersky deal with this?
anyone?
got answered ?
@@defnotatrollit force deletes it 😉
One more question, could they use unprintable character codes that will affect text order or visibility of other characters to spoof the extension of the file?
Yooo thank you !
Good stuff
The best way to not get hacked is to have common sense
Also that’s why you enable all the eventlogs audit logging. If you parse those logs you’ll get a very detailed idea about what happened.
Ransomware deletes event logs after the dirty deed is done.
@@keepanopenmindlookatallthe2540 setup some script that automatically copies them somewhere or sends them idk
but that might also do nothing, waste resources, be unreliable. never tried it.
@@keepanopenmindlookatallthe2540 - not all ransomware does, just like not all malware does. It depends on the actual ransomware/malware and what it's designed to do.
@@mcdazz2011 And whether it really wants to prompt the administrator dialog (suspicious) instead of just phishing your MetaMask credentials while staying sneakily in userspace.
good content👍 i approve
Changing a single value, Microsoft could greatly reduce the success rate of these attacks, but file extensions are just too unsightly to be visible by default.
1:06 Actually Kakao is a South Korean internet company lol
So is the text he showed which he called "Japanese" 🙂!!!
Just proof that people can be intelligent in one way but dumb in many others 😂
I am not trying to mock or criticize a person for not recognizing a Korean company or Korean characters. I just want to provide additional information and correct the information 😂
Thank you helpful
Very good video
I would like to see a test between f-secure Bitdefender and Malwarebytes
This is why i dont answer these emails
7:00 im soooo proud of myself for understanding what you talking about
This makes me want to get rid of all my email accounts and throw out my phones... Mahalo for bringing all this to our attention.
Does it? Because I see this and am thankful that it's still so obvious. If you spend 30 seconds looking for the common red flags, scams like this aren't all that clever. Hell, just the fact an agreement form is 600+ MB should make anyone with basic computer knowledge pause. Then of course it's titled "Kappa" which is a very common meme these days indicating a troll or sarcasm. I wouldn't expect everyone to know that but a quick Google search would point this out immediately.
The acceptable email formatting is really the only significant improvement I see. Everything else isn't much better than it was a decade ago.
@@JJFX- For boring, irrelevant geezers such as I, for my email, it's "Select All" and then "Delete." Not really an issue. Being irrelevant, it's safe for me to assume that all my emails are irrelevant. The phones sit in a drawer somewhere, their SIM cards removed and discarded from disuse. Keeps the phones at bay yet out of landfills. Can't legally chuck a phone out, so mine are good for watching TH-cam and listening to music. I do not envy the people for whom their phones are their lives...
@@jimcabezola3051 I hear you, honestly that's a good way to do it if you have reason to believe most email isn't relevant. I'm not the freshest fruit on the vine either, I'm simply saying that it's not as cunning as this video may make it seem. Even if you get an email from an old friend you recognize, just don't download anything without looking for obvious indicators. Picture and videos are typically safe to at least view in a browser but approach anything requiring a download with skepticism.
What you're doing with old phones is great. I wish more people wouldn't use their primary devices for everything. Just make sure the browsers aren't horribly outdated and avoid clicking anything requesting access like notifications. Just never login to critical accounts on a device with questionable security but it sounds like you're already more careful than most people.
Believe it or not, computers these days aren't as dangerous as they seem. Most exploits require some participation on your part beyond just visiting sites or even downloading something. Simply avoiding as much of it as possible is actually more secure than installing a bunch of anti-virus programs.
@@jimcabezola3051
You're not irrelevant, love yourself NOW!
thank you for the great explanation of this problem
Thanks my friend, unfortunately this has NOTHiNG to be new. It is a very old and basic method that exist for more than 10years already.
I have being doing this since and way more analyzing since 2012.
Still..its a good video to show the only first very easy steps into the process of analyzing completely a file execution stages.
So although I use vmwarepro to Loren suspect files ect what do you think of Windows Sandbox?
I have used sandboxie to do my browsing and installing of unknown software etc but was curious what the strength/quality of Windows Sandbox is. Thoughts?
to make it obvious since it was not clearly stated. do not doubbleclick to run files / scripts from unkown sources. since this is what they want. always when you recieve files like this think first about what it truly is. the default application is what "they" want their script to run with.
Windows should add an option to give the file extension another colour, that way you can’t get tricked with a RTLO character.
You could make video about how to tell if images or videos are malware.
Why don't these anti-virus's see if the file is full of empty space? If we can manually check to see where the tail end is, I'm sure an AV could as well. Then It could truncate it and scan it as needed.
props to the guy that sent a malicious e-mail to a channel named "The PC Security Channel".
What makes this analysis scary to do is the fact my mouse have tendency to double click on accident..
Same lol i need a new mouse
Thats why I disable opening remote images setting in my email setting.
I think you should have had a bit at the end showing where to get those tools and how to know if they are the legit versions.
And mention at the start that you’ll give those instructions at the end.
thanks for the video
I really miss your AV test videos, I keep waiting for one but they don't seem to happen anymore. Am I the only one who wants to see tests of 2023 AV vs malwares?
شكرا لك
I was wondering if utube videos could also be a problem in sending you an executable file?
Hi Leo, can you please provide the download link of the hex editor you used in the video in the description?
Glad know this stuff now.
Would love if you could take a look at the Adobe GenP method that is becoming increasingly popular.
Would you mind testing some other systems? Like phones. And tablets, macs etc ?
I was wondering are all malwares downloaded need to be executed in order for them to work ? Or some by just downloading them on your system you get hacked ?
Because I have downloaded Unreal Engine Project from github and got hacked not sure it was the source of the malware or not.
What is best certification of malware analysis
By the way, I have been using this method for two decades. Actually, from 1997 until today. I still use the same method. Signature was important thing.
should sell this video to corporates, this video alone would save them hundreds of thousands on cyber attacks