How to not get hacked: real example

แชร์
ฝัง
  • เผยแพร่เมื่อ 28 ธ.ค. 2024

ความคิดเห็น • 813

  • @itenthusiast5988
    @itenthusiast5988 ปีที่แล้ว +323

    Thanks a ton. I have seen many videos like these but this one helped me up my knowledge by large also I was glued for the entire 13mins. It has all a user needs to know. More important complicated things explained in an easy way. I liked the crowd sec mention

    • @abrendtro
      @abrendtro ปีที่แล้ว +4

      ...And he still made money from the sponsorship :)

    • @midogaming2141
      @midogaming2141 ปีที่แล้ว

      @@abrendtrosmart man

    • @Vulneraontop
      @Vulneraontop ปีที่แล้ว

      ‏🔥مرشحه الرئاسه التونسيه ترد على المتطاولين على المصريين من الدول الناشئه
      ‏⭕️يا مصـــــــــرى.. لما حد يقولك انت منين
      ‏⭕️رد عليه قوله انا من البلد اللي فيها
      ‏الفلسطيني والعراقي والسوري والليبي واليمني والسوداني عايشين فيها و مفيهاش مخيمات
      ‏⭕️قوله انا من البلد اللي ياما كست و علفت
      ‏و لبست حافيين من غير مقابل
      ‏⭕️قوله انا من البلد اللي مفتوحه لكل اللي بيسعي ع شغل و اكل عيش مهماكانت جنسيته و من غير كفيل
      ‏⭕️قوله انا من البلد اللي حررت ارضها بدم ولادها مطلبتش من حد يموت عشان يحررها
      ‏⭕️قوله انا من البلد اللي استقبلتكم كلكم لاجئين و لما اتحرقت ف العدوان الثلاثي محدش من اهلها لجأ لحد بره حدودها
      ‏⭕️قوله انا من البلد اللي جدودها بالدهب مدفونين .....
      ‏⭕️قوله انا من البلداللي مفيهاش عيل قفل حمام ع ابوه و خد منه الكرسي
      ‏⭕️ولا فيها ولاد منها في الصحرا "بدون" جنسية مرميين ....
      ‏⭕️قوله انا من البلد اللي آوت المسيح و امه
      ‏و نصفت يوسف بعد ما اخواته فالجب رموه
      ‏⭕️قوله انا م البلد اللي شعبها كله جيش وجيشها خير جنود الارض ...
      ‏⭕️قوله انا من البلد اللي قامت فيها ثورتين ولسه اللي يلمس طرف مجدي يعقوب فيها بسنانهم ياكلوه
      ‏قوله انا من مصـــــــــر ام الدنيا 🇪🇬🔥🇪🇬
      ‏⭕️لو لم أكن تونسية لطلبت من الله أن أكون مصـــــــــريه
      ‏حفظ الله مصـــــــــر 🇪🇬❤️🇪🇬Omar Hashish

    • @chrisdawson1776
      @chrisdawson1776 ปีที่แล้ว +1

      "Japanese website"
      All that geekiness and still can't differentiate languages. Lmao

    • @CatgirlExplise6039
      @CatgirlExplise6039 ปีที่แล้ว +7

      @@chrisdawson1776 Its like he only knows the things he knows, i know, unfathomable.

  • @Homelander-ftw
    @Homelander-ftw ปีที่แล้ว +2285

    And this is why Windows shouldn't hide file extensions by default.

    • @abhisheksinghsolanki3750
      @abhisheksinghsolanki3750 ปีที่แล้ว +68

      Even this can bypassed(kinda) by using text-inverter characters

    • @markganus1085
      @markganus1085 ปีที่แล้ว +138

      and this is why you should avoid windows altogether

    • @DragoNate
      @DragoNate ปีที่แล้ว +10

      @@abhisheksinghsolanki3750 how so?

    • @abhisheksinghsolanki3750
      @abhisheksinghsolanki3750 ปีที่แล้ว +19

      ​@@DragoNate ThioJoe made a video about it. Basically some languages write from right-to-left instead of left-to-right as in English. To achieve right-to-left, a special character is used. This can be exploited to show fake extension of file in the display name
      Edit: In "properties" it will correctly show "executable" but in display name it will show different
      Edit: Like this
      text:"fdp.file.exe", an executable
      it will display as this(this contains the special character, you can copy it and try): "‮"fdp.file.exe

    • @oh-ox9sj
      @oh-ox9sj ปีที่แล้ว +86

      makes me mad that windows is moving to be like macos w none of its benefits and all of its downsides

  • @jvdg_hanna
    @jvdg_hanna ปีที่แล้ว +284

    Actually that website was a legit Korean website, and the kakao email adress domain is like a South Korean gmail, it's the standard there. When a regular person has that it's nothing to worry about, but when a company uses that in their official email instead of a company domain it's definitely something that should set off some alarm bells.

    • @NopWorks
      @NopWorks ปีที่แล้ว +29

      Meanwhile in some countries, we have legit businesses, larges institution, academic orgs, and even countless government agencies proudly sporting Gmail address as their official mail.

    • @jonathaningram8157
      @jonathaningram8157 ปีที่แล้ว +2

      But now with chat gpt it would be quite easy to create a fake website filled with company infos etc.

    • @ViroRads
      @ViroRads ปีที่แล้ว

      @@jonathaningram8157 yup, almost fell for a scam involving a translation job from english to spanish, there was no malware involved but the "company" that wanted me to work at had this somewhat impressive webpage, or at least on the front-end cause most links were broken and the address was on some non-existant place in Canada.

    • @LaroTayoGaming
      @LaroTayoGaming ปีที่แล้ว +7

      Probably the email has been spoofed

    • @LaziestTechinCyberSec
      @LaziestTechinCyberSec ปีที่แล้ว

      Lots of small businesses use Gmail as their official address. Large businesses have the option to have Google host the e-mail for their domain, either on the GMail platform or just in the cloud.@@NopWorks

  • @Nickwilde7755
    @Nickwilde7755 ปีที่แล้ว +581

    In case anyone's curious why Screensaver files are executables: they're not videos, they're programs that run in real time on your pc

    • @kingofstrike1234
      @kingofstrike1234 ปีที่แล้ว +22

      just think it as a script, but even so the windows name / icon formatting is kinda bad by showing as pdf, xls, etc

    • @DragoNate
      @DragoNate ปีที่แล้ว +34

      @@kingofstrike1234 windows isn't showing it as those files, that's what the scammer has told the system it looks like.
      you can also make "windows show it as" another file type by putting .pdf before the .scr - if file extensions are hidden, you'll think it's a pdf.
      but that isn't windows' fault. and believe me, i'll criticize windows and complain about it for every little tiny thing.

    • @uniktbrukernavn
      @uniktbrukernavn ปีที่แล้ว +25

      I wonder what the thinking was behind letting SCR files have all the privileges, reminds me of Visual Basic scripts in Word and font preview pane in Explorer. What was the developers thinking; wouldn't it be nice if you could install a screen saver from Word and then let that screen saver create an admin account.
      Some of the weaknesses in Windows stems from Windows 1.0, and I'm guessing most of the code. That's a joke but I'm also kinda serious. It makes sense because the developers lived through the hippie era, peace & love (maaan).

    • @SilverAura
      @SilverAura ปีที่แล้ว +3

      Oh wow, this one actually makes me feel old. 😢

    • @xE92vD
      @xE92vD ปีที่แล้ว +16

      ​@@uniktbrukernavnexactly. why did the devs decide to let a screensaver file's code have basically the same power as a normal programming language?

  • @Alberos
    @Alberos ปีที่แล้ว +599

    As many people pointed out already, that's Korean not Japanese. Here's a quick way to tell CJK (Chinese, Japanese, Korean) characters apart for all English speaker out there. A) If it has lots of circle, it's Korean. B) If it has lots of line and square and the character looks "blocky" and "complicate", that's Chinese. C) If it's not of the first two and it has lots of curvy character mixed in with some square and line, that's Japanese. The Chinese and Japanese is a bit tricky because Japanese do mix character from Chinese (Kanji) in their language. However, the Japanese character will standout from the Chinese one, they will look less "blocky" and "less complicated" and has lots of curve line. Hope you learn something new!

    • @BakrAli10
      @BakrAli10 ปีที่แล้ว +13

      Bookmark comment later

    • @abhisheksinghsolanki3750
      @abhisheksinghsolanki3750 ปีที่แล้ว +35

      Chinese characters have lot of corners and less curves, japanese characters have frequent curves. Japanese looks like it is in Comic Sans by default
      Edit: About japanese, there are 3 systems(?), Hiragana(like あ) has frequent curves, Katakana has less curves. But both look like Comic Sans to me. These two are most popular.

    • @JJFX-
      @JJFX- ปีที่แล้ว +24

      ​@@abhisheksinghsolanki3750"Japanese looks like comic sans by default" is a great way to put it!

    • @NopWorks
      @NopWorks ปีที่แล้ว +2

      ​​@@abhisheksinghsolanki3750I absolutely do not understand why Chinese insist on writing their characters in sharp angled & outdated looking font when Japanese already moved on to a tidier font that's easier on the eyes, even though they share lots of the characters.

    • @basspig
      @basspig ปีที่แล้ว +15

      Japanese have actually three character sets. They derive more complex Concepts with Chinese characters and they use syllabaries to phonetically spell out words. One syllabary for Japanese words is hiragana. For foreign words they use katakana. Katakana is much more sharp and angular looking whereas hiragana has much more rounded curves to the letter forms.

  • @RobotsWithKnivesCartoons
    @RobotsWithKnivesCartoons ปีที่แล้ว +61

    I've made some pretty suboptimal PDFs in my time, but 600+ mb for a PDF would be a huge warning bell for me.

  • @Bellicosy
    @Bellicosy ปีที่แล้ว +69

    I was already aware of this information partially in thanks to your channel, but it is always good to be reminded in order to stay sharp of real and ominous threats that are just a single click and slip of the mind away.

  • @toddsimone7182
    @toddsimone7182 ปีที่แล้ว +236

    So let me get this straight. The hackers decided to try and scam a youtube channel by the name "The PC Security Channel" and thought you were an easy target. I'd be offended!!

    • @DragoNate
      @DragoNate ปีที่แล้ว +90

      they were hoping he'd be caught off guard.
      Jim Browning, the guy most famous for scambaiting and shutting down entire scam operations, fell victim to one last year I think having his youtube channel removed.
      the important thing to remember is that ANYONE can be scammed. even the people who are extremely extremely careful about security, even the best of the best who have so far never been scammed.
      once you think you're invulnerable, you become _more_ vulnerable.

    • @PipoZePoulp
      @PipoZePoulp ปีที่แล้ว +31

      "You only have to lose once."

    • @mr.highschoollocksmith6080
      @mr.highschoollocksmith6080 ปีที่แล้ว +4

      I mean... it would be very ironic wouldn't it?

    • @randompost78154
      @randompost78154 ปีที่แล้ว +7

      Like Linus Tech Tips?

    • @hotsauce2446
      @hotsauce2446 ปีที่แล้ว

      @@randompost78154 theres a video about that on this channel

  • @cinna9552
    @cinna9552 ปีที่แล้ว +87

    Ah yes.. I love opening screensaver files.

    • @Freegame4.
      @Freegame4. ปีที่แล้ว +15

      Me omw: to open a .scr file thats about 500mb

    • @meemuboi
      @meemuboi ปีที่แล้ว +2

      ​@@Freegame4.Don't worry guys it's just a really cool screensaver!

    • @guydreamr
      @guydreamr 9 หลายเดือนก่อน +1

      So you have chosen death.

  • @Gazzz696
    @Gazzz696 ปีที่แล้ว +5

    I've been having the exact same email myself (amongst many similar others) , I swiftly block and delete.. another great informative video. keep these up )

  • @featurebreaker
    @featurebreaker ปีที่แล้ว +25

    I love your videos, TPSC! Keep them up!

  • @Sonyboj
    @Sonyboj ปีที่แล้ว +39

    Kakao is Korean. Its like Whatsapp.

    • @JimmyMatis-h9y
      @JimmyMatis-h9y 4 หลายเดือนก่อน

      Kakao - when roasted, makes tasty chocolate 🤭🙄I'll see myself out...😋

  • @omgabaddon
    @omgabaddon ปีที่แล้ว +3

    Thank you for the video. I already knew about all this but still stuck because you go straight to the point and don't waste the viewer's time, unlike those videos where there's a 4-minute intro asking you in 15 different ways whether you were hacked before.

  • @businesscatlimbo
    @businesscatlimbo ปีที่แล้ว +11

    I love this channel. As someone starting my bachelors in cybersecurity I love learning about this.

    • @SM-1010
      @SM-1010 ปีที่แล้ว +3

      Exactly the Same over here bro!

  • @pcsecuritychannel
    @pcsecuritychannel  ปีที่แล้ว +70

    We will be doing a live discord event tomorrow associated with this video, feel free to join in here: discord.com/invite/MgBm5sy9?event=1136673606273871983

    • @FantasySokka
      @FantasySokka ปีที่แล้ว +1

      Hey is there a video or link with all of the tools you use? If not, would you do a video showing us all the tools you use and links where to download them?

    • @MRNotAbdoOFF
      @MRNotAbdoOFF ปีที่แล้ว

      they tried to hack the wrong man

    • @privatechannel1272
      @privatechannel1272 ปีที่แล้ว

      The sudo command didn't work, but I just asked ChatGPT to give me instructions on how to install the sudo command and WSL

    • @sansin0
      @sansin0 ปีที่แล้ว

      Bruh, I can’t be there 😫😩 - By Juls

    • @galaxystars6409
      @galaxystars6409 ปีที่แล้ว

      Can we get hacked by a pdf file?

  • @jondo7680
    @jondo7680 ปีที่แล้ว +71

    From the privacy perspective it's nice to see that Google has problems with scanning big files. Also using a pdf icon as an icon for an executable is very smart I never thought about how easy that could be done (probably because I never made actual maleware, If I would would have to think about the icon at some point).

    • @Splarkszter
      @Splarkszter ปีที่แล้ว +8

      It's not that it has problems is that they won't place the resources on scanning random files that are too big because that costs money, they still archive and store copies of your data anyway.

    • @ieatthighs
      @ieatthighs ปีที่แล้ว +2

      pdf icon is the oldest trick in the book

    • @FusionXZ
      @FusionXZ ปีที่แล้ว

      ​@@ieatthighsfr imagine pdf icon doc.exe no one falling for that

    • @SqualidsargeStudios
      @SqualidsargeStudios ปีที่แล้ว

      Why is it nice that google has problems with scanning big files?

    • @ieatthighs
      @ieatthighs ปีที่แล้ว +1

      @@SqualidsargeStudios they won't gather info about your files

  • @Draxis32
    @Draxis32 ปีที่แล้ว +8

    This channel is basically a public utility for youtubers specially

  • @st.clairjrharris4211
    @st.clairjrharris4211 ปีที่แล้ว +4

    Thank a million 👍🏻. As someone currently studying cyber security. This video is actually helpful.

  • @henryD9363
    @henryD9363 ปีที่แล้ว +12

    With regard to the 600 megabytes of all zeros.
    It seems to me that if you zip the 650 mb, file it would compress down to about the actual code size.
    This extreme compression could give a big clue about what the heck it is.

    • @duplicake4054
      @duplicake4054 ปีที่แล้ว +3

      Yes, it would encode the number of zeros it was removing, you are correct

    • @3lH4ck3rC0mf0r7
      @3lH4ck3rC0mf0r7 ปีที่แล้ว +5

      Yeah. But antimalware solutions don't do this because you still have to read the entire file and count up all those zeroes in order to compress it down, and it would take a long time and CPU horsepower the user might actually want.
      And even if you did, malware makers could just replace the filler pattern with anything else that happens to compress well. Now, if an AV could check inside already compressed files and perform the analysis without resorting to decompression, eg, by applying the compression to its own malware database and checking compressed patterns against compressed patterns, maybe you could get somewhere. Encrypted files would throw all of that work out the window, though. But when the user types in the password to decrypt the file, that gives the AV the opportunity to intercept the file's password in memory and analyze the file before the user has the chance to decompress, let alone execute it.
      This is in no way trivial, as you would need specialized versions of all the heuristics, reengineered to work with compressed data directly. And you would need to do this for every major compression format out there. Fortunately as all lossless compression formats are wholly deterministic, it is at least theoretically possible to do this. I doubt any AVs would, though. It'd be pretty costly and difficult to do this, let alone maintain and support.

    • @duplicake4054
      @duplicake4054 ปีที่แล้ว

      @@3lH4ck3rC0mf0r7 you said ' by applying the compression to its own malware database and checking compressed patterns', that's not how signatures work, signatures are a set of rules

    • @KomiyanVT
      @KomiyanVT ปีที่แล้ว

      Nope, not for log files!
      I've seen gigabytes of system log get crushed into a 12 meg ball, since 99.9% of the text is identical, it can get pretty small by only keeping one copy of the recurring lines, and just counting the number of times it repeats!

    • @oncet0ldme1aint
      @oncet0ldme1aint 3 หลายเดือนก่อน

      @@3lH4ck3rC0mf0r7 7zip only takes up 5MB (~4 compressed), and while there are probably (commonish) formats it doesn't know what to do with, it also has 1 MB of translations, and likely other code it doesn't need to decompress files.
      Computers are also ridiculously fast now, so the overhead should be readily available without the user noticing.

  • @manprinsen8150
    @manprinsen8150 ปีที่แล้ว +44

    Would be nice with a antivirus comparison of the 658MB file. E.g. how does kapersky, eset etc handle the file when it’s downloaded and also when it is executed.

    • @defnotatroll
      @defnotatroll ปีที่แล้ว +17

      YES. this is what I was thinking while watching the video. How would Kaspersky deal with this?

    • @paularvie9473
      @paularvie9473 ปีที่แล้ว

      anyone?

    • @Unknown-qr7mj
      @Unknown-qr7mj ปีที่แล้ว

      got answered ?

    • @FraterSorax
      @FraterSorax ปีที่แล้ว

      ​@@defnotatrollit force deletes it 😉

  • @wilfredotorres6628
    @wilfredotorres6628 ปีที่แล้ว +13

    Hi Leo, as far as I know on a lot of the antiviruses you can tweak the setting of the size of files you're scanning. This way the scanner can look at what's inside zip file at any size.

    • @seinodernichtsein8710
      @seinodernichtsein8710 ปีที่แล้ว

      That’s neat. Do you know if this works on windows defender?

    • @the-Gammaron
      @the-Gammaron ปีที่แล้ว

      ​@@seinodernichtsein8710sadly, no, since Defender is designed to be a product for all users, even those who know almost nothing about computers, and don't even know they need and should want protection - which is why you can't really customize anything. It's basically a set and forget program, but without the "set" part.

    • @henryD9363
      @henryD9363 ปีที่แล้ว

      Hmmm. This comment shows 5 replies. But when I open it up there's only one. Plus mine if it shows up.

    • @the-Gammaron
      @the-Gammaron ปีที่แล้ว

      @@henryD9363 you should see comments by ​ @seinodernichtsein8710 and me ( @the-Gammaron )

    • @the-Gammaron
      @the-Gammaron ปีที่แล้ว

      @@henryD9363 tell me if you see my other 2 comments (you can type random letters if you wanna)

  • @velotheworld4860
    @velotheworld4860 ปีที่แล้ว +1

    Great Tips! For someone who isnt into Tech, these are good Tips and examples. I really appreciate this Video!!!

  • @Vandelay666
    @Vandelay666 ปีที่แล้ว +9

    Love the channel, thank you for all the knowledge

  • @zild3690
    @zild3690 ปีที่แล้ว +5

    instructions unclear, i hacked the hacker instead

  • @TediousSecurity
    @TediousSecurity ปีที่แล้ว +10

    These are some awesome tips for someone that hasn't seen a piece of malware that mimics a pdf. I did an incident response scenario for the first time and kept seeing that MZ on the malicious files and sad to say I didn't know that about pexe files but I knew it was malicious.

  • @nicolaecalin4217
    @nicolaecalin4217 10 วันที่ผ่านมา

    Your voice is so calming I fell asleep to it and missed a day in my Duolingo streak

  • @abitterberry2149
    @abitterberry2149 ปีที่แล้ว +26

    Changing a single value, Microsoft could greatly reduce the success rate of these attacks, but file extensions are just too unsightly to be visible by default.

  • @OtherWorldExplorers
    @OtherWorldExplorers ปีที่แล้ว +21

    Right off the bat, that opening line is a Chinese greeting
    Likely AI used

    • @pcsecuritychannel
      @pcsecuritychannel  ปีที่แล้ว +10

      as I put on screen, thanks Chat-GPT!

    • @ryanasazaki1291
      @ryanasazaki1291 ปีที่แล้ว +4

      In any case, we, or at least I, don't speak like that though.
      "High spirits." isn't something I'd say in an email. (Maybe that's just me.)

  • @ivans.935
    @ivans.935 ปีที่แล้ว +3

    Bottom line -
    1. enable “show file extension” in explorer.
    2. Don’t run files with extensions such as exe com scr bat files unless you known what they actually are.

  • @wannabedal-adx458
    @wannabedal-adx458 ปีที่แล้ว +3

    Great video as always. As to the people who says you go to in depth and would never do some of the things you show doing your videos, well then they shouldn't watch these videos! Leo you are here to educate and impart some of your knowledge and experience to help "The lay people" (i.e. me) understand a little more about cybersecurity. Secondly, to impart some experience and provide examples of real life threats to students of Cybersecurity and Network Administrators. I am treating this as a hobby while learning to strengthen my own families' Cybersecurity posture. So Thanks for all you do Leo.
    Also with regards to ChatGPT, yeah thanks! Seems like the unintended (or maybe intentional) consequence of its creation is to help cyber criminals. :(

  • @RitaAdkisson
    @RitaAdkisson 4 หลายเดือนก่อน

    Thanks!

  • @ashystyle
    @ashystyle 10 หลายเดือนก่อน +1

    8:00 why does antivirus programs have size limit?
    What does it take to create a solution for that so that AV's can actually scan past the 650MB limit?

  • @jimcabezola3051
    @jimcabezola3051 ปีที่แล้ว +23

    This makes me want to get rid of all my email accounts and throw out my phones... Mahalo for bringing all this to our attention.

    • @JJFX-
      @JJFX- ปีที่แล้ว +8

      Does it? Because I see this and am thankful that it's still so obvious. If you spend 30 seconds looking for the common red flags, scams like this aren't all that clever. Hell, just the fact an agreement form is 600+ MB should make anyone with basic computer knowledge pause. Then of course it's titled "Kappa" which is a very common meme these days indicating a troll or sarcasm. I wouldn't expect everyone to know that but a quick Google search would point this out immediately.
      The acceptable email formatting is really the only significant improvement I see. Everything else isn't much better than it was a decade ago.

    • @jimcabezola3051
      @jimcabezola3051 ปีที่แล้ว +1

      @@JJFX- For boring, irrelevant geezers such as I, for my email, it's "Select All" and then "Delete." Not really an issue. Being irrelevant, it's safe for me to assume that all my emails are irrelevant. The phones sit in a drawer somewhere, their SIM cards removed and discarded from disuse. Keeps the phones at bay yet out of landfills. Can't legally chuck a phone out, so mine are good for watching TH-cam and listening to music. I do not envy the people for whom their phones are their lives...

    • @JJFX-
      @JJFX- ปีที่แล้ว

      @@jimcabezola3051 I hear you, honestly that's a good way to do it if you have reason to believe most email isn't relevant. I'm not the freshest fruit on the vine either, I'm simply saying that it's not as cunning as this video may make it seem. Even if you get an email from an old friend you recognize, just don't download anything without looking for obvious indicators. Picture and videos are typically safe to at least view in a browser but approach anything requiring a download with skepticism.
      What you're doing with old phones is great. I wish more people wouldn't use their primary devices for everything. Just make sure the browsers aren't horribly outdated and avoid clicking anything requesting access like notifications. Just never login to critical accounts on a device with questionable security but it sounds like you're already more careful than most people.
      Believe it or not, computers these days aren't as dangerous as they seem. Most exploits require some participation on your part beyond just visiting sites or even downloading something. Simply avoiding as much of it as possible is actually more secure than installing a bunch of anti-virus programs.

    • @TheJohn_Highway
      @TheJohn_Highway ปีที่แล้ว

      ​@@jimcabezola3051
      You're not irrelevant, love yourself NOW!

  • @cc12yt
    @cc12yt ปีที่แล้ว +10

    Shoutout to Japanese, my favorite Korean language of all time

  • @rifwann
    @rifwann ปีที่แล้ว +4

    What makes this analysis scary to do is the fact my mouse have tendency to double click on accident..

    • @meemuboi
      @meemuboi ปีที่แล้ว +1

      Same lol i need a new mouse

  • @seansingh4421
    @seansingh4421 ปีที่แล้ว +3

    Also that’s why you enable all the eventlogs audit logging. If you parse those logs you’ll get a very detailed idea about what happened.

    • @keepanopenmindlookatallthe2540
      @keepanopenmindlookatallthe2540 ปีที่แล้ว +1

      Ransomware deletes event logs after the dirty deed is done.

    • @DragoNate
      @DragoNate ปีที่แล้ว

      @@keepanopenmindlookatallthe2540 setup some script that automatically copies them somewhere or sends them idk
      but that might also do nothing, waste resources, be unreliable. never tried it.

    • @counterleo
      @counterleo ปีที่แล้ว

      @mcdazz2011 And whether it really wants to prompt the administrator dialog (suspicious) instead of just phishing your MetaMask credentials while staying sneakily in userspace.

  • @AlexanderTatsumaki
    @AlexanderTatsumaki ปีที่แล้ว +3

    to make it obvious since it was not clearly stated. do not doubbleclick to run files / scripts from unkown sources. since this is what they want. always when you recieve files like this think first about what it truly is. the default application is what "they" want their script to run with.

  • @MisterQuacker
    @MisterQuacker ปีที่แล้ว +4

    Why don't these anti-virus's see if the file is full of empty space? If we can manually check to see where the tail end is, I'm sure an AV could as well. Then It could truncate it and scan it as needed.

  • @goatrecap
    @goatrecap 11 หลายเดือนก่อน

    Found your channel today, Really enjoying it!

  • @CoolJosh3k
    @CoolJosh3k ปีที่แล้ว +6

    I think you should have had a bit at the end showing where to get those tools and how to know if they are the legit versions.
    And mention at the start that you’ll give those instructions at the end.

  • @RickOShay
    @RickOShay ปีที่แล้ว +2

    If I received an unsolicited email from an unknown sender, I'd immediately delete it. On top of that, if the attachment was any bigger than a 1 or 2 Mb and didn't have an ext that I would expect like in this case a pdf - I'd be even more suspicious. Even then, sending a contract without even contacting you directly to discuss the matter is very odd, setting off even more red flags and alarms!
    The danger is if you are busy and wading through tons of email. The best first line of defense and safeguard would be to use a mail filtering gateway like mimecast. They would pick up and flag 99.9% of all questionable incoming mail and hold all email from unknown sources - prior to release.

  • @HasanAhmed-ex6jv
    @HasanAhmed-ex6jv 4 หลายเดือนก่อน +1

    Dealing with the aftermath is hard, I wish this video was watched earlier. The one thing that will be with me constantly is the daily hacking attempts each and every day forcing me to reset password every day. 2fa, Ubikey and Linux OS is a start

  • @elcat0
    @elcat0 ปีที่แล้ว +2

    that kids yay noises scared me fr in the intro section

  • @polaris911
    @polaris911 ปีที่แล้ว +1

    does Windows even give a warning when you open the file like "We weren't able to scan this file, run at your own risk" ?

  • @emrose3308
    @emrose3308 ปีที่แล้ว

    This is helpful. I've always wanted to touch into analyzing files to check if they're malicious. Having this in the back of my head will probably be helpfull if employees call in with suspicious files

    • @LaziestTechinCyberSec
      @LaziestTechinCyberSec ปีที่แล้ว

      I had an AI generate a couple videos for me on that exact topic.

  • @Reynardfoox
    @Reynardfoox ปีที่แล้ว +1

    8:53 How is that Google says Detected? Google drive didn't detected zip file 💀

  • @TutorialeGratuite
    @TutorialeGratuite ปีที่แล้ว +1

    Usually the best way to see if an email is scam or not is to look at the email signature. Usually legit emails will have a real person with social media links and more info in the signature.

  • @ilmu011
    @ilmu011 ปีที่แล้ว +1

    I can't believe you said being a cooking TH-camr is worse than being a gaming TH-camr

  • @pch_mechanika
    @pch_mechanika ปีที่แล้ว +3

    Well even for a layman, rule of thumb is if an agreement document is 600+ mb while it should be 20 megs tops (and that's generous) - somethings up.
    Simple rule to follow

    • @JJFlores197
      @JJFlores197 ปีที่แล้ว

      I agree, but you're assuming a layman understands file sizes. A lot of people don't understand it and don't care to do so.

    • @pch_mechanika
      @pch_mechanika ปีที่แล้ว +1

      @@JJFlores197 srsly???... i guess my definition of a layman was to generous ;-/

    • @JJFlores197
      @JJFlores197 ปีที่แล้ว

      @@pch_mechanika Have you ever worked in IT support or provided tech support to people? You would be surprised at the amount of stuff regular computer users don't understand about technology.

    • @Goldbeach_
      @Goldbeach_ 7 หลายเดือนก่อน

      From this video. How to exact without downloading?

  • @Team-1-Solo
    @Team-1-Solo ปีที่แล้ว +1

    Thank you for sharing this, super insightful and helpful. Can you please let me know what material you studied to become a malware analyst?

  • @wolphin732
    @wolphin732 ปีที่แล้ว +2

    Tech channels have been hit with this... what they need to do is have a big disclaimer when SCR files are used... "Warning, this is trying to run a screensaver program, do you want to proceed?" Should be enough to get most people... but sadly there are many people who don't bother reading a message on the screen.

  • @casev799
    @casev799 ปีที่แล้ว

    ~4:10 The file description read as SketchUp installer? Afaik isn't that Google's CAD software? Unless there's a specific installer suite called that, it's confusing me

  • @saadali6585
    @saadali6585 4 หลายเดือนก่อน

    8:20 "I recommend having a good real-time antivirus that's analyzing your processes because it's actually running on your system for real checking the actual code that's being executed" so what are some good real-time antivirus that you would suggest which work like this instead?

  • @henryijeoma
    @henryijeoma ปีที่แล้ว +4

    moral of the story. *Have a Hex editor*

  • @DragoNate
    @DragoNate ปีที่แล้ว +6

    sir, everyone is vulnerable, even yourself as an expert in this field. please do not get cocky. you are extremely knowledgeable in this field, you know your $h!t and you are much much less susceptible to basic attempts, absolutely. but every time i hear someone say "this doesn't work on me" or something similar, it ends up happening to them shortly after.

    • @Bigmike83007
      @Bigmike83007 ปีที่แล้ว +4

      Exactly, people are not everytime the same, sometimes unconcentrated, tired etc.

    • @DragoNate
      @DragoNate ปีที่แล้ว

      @@Bigmike83007 depression or too frustrated to think clearly as well - many many things

  • @versb5
    @versb5 ปีที่แล้ว +2

    I would like to see a test between f-secure Bitdefender and Malwarebytes

  • @rieper123a
    @rieper123a ปีที่แล้ว +1

    Heavily obfuscated / self written malware usually not getting detected in one drive or any other drive / cloud services... All in all still a good example!

  • @criticalgrower
    @criticalgrower 4 หลายเดือนก่อน

    One of the best smartest guys around. Thanks even aged techs guys like me can still learn something new

  • @officalcassiopeia
    @officalcassiopeia ปีที่แล้ว +20

    You called korean japanese..

    • @pcsecuritychannel
      @pcsecuritychannel  ปีที่แล้ว +10

      uh crap, there was another japanese one and I thought this was similar, my bad.

  • @vaakdemandante8772
    @vaakdemandante8772 ปีที่แล้ว +7

    The domain is THE MOST important red flag. I don't care if you are from a real PR firm. If your employer/client does not provide you with a legitimate e-mail address within his native domain, your e-mails are going straight to SPAM folder, without even reading them.
    What is more scary is that sometimes real/serious companies send marketing e-mails that are either badly written as if they were actually spam/phishing or embed links that point to some doggy looking domains, or both. Those e-mails make it somewhat hard to judge if the e-mails are real or somehow fake.
    Of course any attachment with a fake extension is an immediate red-flag, no matter what the e-mail domain is but a word/excel/pdf file could be a real dilemma and a threat that is hard to asses on the spot.

  • @NotGeri
    @NotGeri ปีที่แล้ว +5

    Funny, Atomic Shrimp uploaded a video today that also had this scam briefly mentioned. Thanks for sharing!

    • @ryanasazaki1291
      @ryanasazaki1291 ปีที่แล้ว +2

      Probably bulk-sent to a bunch of TH-camr's email. Doesn't take too long for a less tech-savvy channel to fail for it.
      Thankfully, they sent it to the wrong channel here, once a a malware analyst make a video about it, more channel are going to be aware of it.

  • @IslamAudioStation
    @IslamAudioStation ปีที่แล้ว +1

    Amazing tutorial my friend.

  • @Enum_Dev
    @Enum_Dev ปีที่แล้ว +5

    The best way to not get hacked is to have common sense

  • @Wolfennar
    @Wolfennar ปีที่แล้ว +1

    Seems so weird to me that by now AVs and such don't have any means of detecting such file padding. I get padding could potentially be a lot more sophisticated, but come on simply hundreds of megabytes of null bytes at the end of the file? That seems trivial to detect idk.

  • @xcoder1122
    @xcoder1122 ปีที่แล้ว +1

    This shows one of the fundamental weaknesses of the Windows operating system, which misses the most basic tools people have been using for 40+ years. macOS for example is based upon BSD and BSD, like Linux, like any UNIX like operating system ships with a tool named "file" and if you are unsure about the type of a file, you open a terminal window and type "file " and then drag a file into that window and hit return and the file tool is going to tell you exactly what kind of file that is. It's not using the file extension, the name, or the icon for that, it just looks into the file to figure that out. And trust me, it can tell an executable program apart from a PDF file and it will tell you that.

  • @G9Dsprite
    @G9Dsprite ปีที่แล้ว +1

    What a fabulous explanation.

  • @NICK....
    @NICK.... ปีที่แล้ว +2

    If the virus is sending the info to a server somewhere would it be possible to find the endpoint and spam it with real looking but completely fake data?

  • @Yuvalby
    @Yuvalby ปีที่แล้ว +1

    might be dumb question and obvious one but what if i download the scr file and change its type to lets say txt and run it? would it still run?

  • @RomireTV
    @RomireTV ปีที่แล้ว +2

    This is why i dont answer these emails

  • @sepremz
    @sepremz ปีที่แล้ว +3

    thank you for all this info.

  • @baruchben-david4196
    @baruchben-david4196 8 หลายเดือนก่อน

    I wonder what happens when, instead of double-clicking on a PDF file, you open a PDF reader and select the file from there...

  • @3lH4ck3rC0mf0r7
    @3lH4ck3rC0mf0r7 ปีที่แล้ว +1

    4:35 I mean, there's also polyglots and document viewer exploits, but those are too sophisticated for your average attacker, apparently.

  • @bazo0ky
    @bazo0ky ปีที่แล้ว +1

    When you opened the file with Process Explorer, it didn't show up, so it means that there might be viruses on a PC and even with Process Explorer it's difficult to detect them? I am new to this so sorry for this "nooby" question. Yesterday I did a full scan on my PC with Windows Defender and tried to look for malicious files in Process Explorer and found nothing. Now I ain't sure if my computer is clean because of this...

  • @jeoffer
    @jeoffer ปีที่แล้ว

    Thanks for sharing. A very helpful and clear explanation of what the scammers are up to.

  • @teddym2808
    @teddym2808 ปีที่แล้ว +1

    I really miss your AV test videos, I keep waiting for one but they don't seem to happen anymore. Am I the only one who wants to see tests of 2023 AV vs malwares?

  • @lukli425
    @lukli425 10 หลายเดือนก่อน

    7:40 but shouldnt my bitdefender block i anyways?

  • @gothixxx12
    @gothixxx12 8 หลายเดือนก่อน +1

    Whenever they say, "I hope this message reaches you in blah blah blah" then you know.

  • @TympoleFace
    @TympoleFace ปีที่แล้ว +10

    1:06 Actually Kakao is a South Korean internet company lol

    • @regwatson2017
      @regwatson2017 ปีที่แล้ว

      So is the text he showed which he called "Japanese" 🙂!!!

    • @cwingelord
      @cwingelord ปีที่แล้ว +2

      Just proof that people can be intelligent in one way but dumb in many others 😂

    • @TympoleFace
      @TympoleFace ปีที่แล้ว

      I am not trying to mock or criticize a person for not recognizing a Korean company or Korean characters. I just want to provide additional information and correct the information 😂

  • @THUNDER52
    @THUNDER52 ปีที่แล้ว

    I never use windows for email and I’ve never read a spam or scam get me - it never formsts or looks right on iPhones mail app and makes it easy to spot.

  • @CoasterMan13Official
    @CoasterMan13Official ปีที่แล้ว +1

    My mom's channel got hacked one time. They posted a bunch of crypto scam videos (not the Elon Musk ones,) but I was able to save her channel and delete the videos posted by the hackers.

  • @pauldeacon6123
    @pauldeacon6123 ปีที่แล้ว +1

    Great stuff keep up the good work

  • @liameyles1450
    @liameyles1450 ปีที่แล้ว +1

    love this channel keep it up

  • @Potew
    @Potew ปีที่แล้ว +1

    Just receiving a very large “document” file would be enough for me to spot it as a virus lol

  • @seansingh4421
    @seansingh4421 ปีที่แล้ว +1

    Thats why I disable opening remote images setting in my email setting.

  • @rumble_bird
    @rumble_bird ปีที่แล้ว

    I wonder why neither microsoft nor google still are not able to incorporate at least the trimming algorithm for zeroes, that on its own will solve file size issue.

  • @gmichael264
    @gmichael264 ปีที่แล้ว

    Great and informative video! What Windows theme are you using?

  • @imoutodaisuki
    @imoutodaisuki 7 หลายเดือนก่อน

    1:07 dude, even if don't know hangul, the translation pop up literally said "Korean". Also no, kakao is not some weird Korean website. It's a big website in Korea.

  • @lordzuzu6437
    @lordzuzu6437 ปีที่แล้ว

    props to the guy that sent a malicious e-mail to a channel named "The PC Security Channel".

  • @Wanderer3639
    @Wanderer3639 ปีที่แล้ว +1

    I feel like even my dad will be confused and suspicious when a file takes over 600MB... like even above 100mb is weird for a pdf the only way I know will be for someone to scan images and make then as if it was a pdf.

  • @Ehviiate
    @Ehviiate ปีที่แล้ว

    i wish i saw this video around a week ago when i stupidly downloaded and ran malware... my instagram acc was completely stolen, discord sent malicious link and DC disabled my account permanently without giving me a chance to copy down some of my friends i don't have any other way of contacting, money taken from my account, someone buying gift cards from amazon from my account, constant attempts to login to my microsoft account, facebook account, multiple places i had subscriptions with blocked my accounts due to suspicious/ unusual activities :') All this happening not too long after i lost my job so... yeah. This video would have saved me big time. But it's too late now.

    • @Ehviiate
      @Ehviiate ปีที่แล้ว

      @Patience-mj8hl So I had no choice and had to just clean my PC entirely. Then I just changed all my passwords and so far I think it's fine although I need to cancel my current bank card...

  • @arete_
    @arete_ ปีที่แล้ว

    Would love if you could take a look at the Adobe GenP method that is becoming increasingly popular.

  • @henryijeoma
    @henryijeoma ปีที่แล้ว +1

    when you reduced the file to 15mb and put it on your desktop, why didn't Windows Defender flag it down? Or do you not have an AV on your VM?

    • @SmilerRyanYT
      @SmilerRyanYT ปีที่แล้ว

      Likely upload speed. It would have to send 600+ mb to defender's servers before it can even start scanning. Assuming a 3 MB/s upload speed, it would take about 5 seconds to upload realistically, a 600mb file would take over 3 minutes which by then they would have probably clicked it already.

  • @PatrickBRHu3
    @PatrickBRHu3 ปีที่แล้ว +2

    awesome video, i learn a lot with you!! Greetings from BRAZIL!

  • @SweetNightHealing
    @SweetNightHealing ปีที่แล้ว

    They did the same thing with me, offering the collab to advertise a little bit on my video and they sent the agreement and the video but I click on it and my system told me it was password stealer malware or virus but it was too late. So I don't know what to do, they hide it in the winzar or something. So I tried to do the whole fresh window install.

  • @xypha85
    @xypha85 8 วันที่ผ่านมา

    why do the scanners no scan the first header area only at least?

  • @pete1996
    @pete1996 ปีที่แล้ว +1

    Great informative video. Thanks

  • @DELvEK
    @DELvEK ปีที่แล้ว +2

    Thanks my friend, unfortunately this has NOTHiNG to be new. It is a very old and basic method that exist for more than 10years already.
    I have being doing this since and way more analyzing since 2012.
    Still..its a good video to show the only first very easy steps into the process of analyzing completely a file execution stages.

  • @acousticboy9029
    @acousticboy9029 ปีที่แล้ว

    Why would they try to scam a pc protection channel though

  • @AlexiAnna2006
    @AlexiAnna2006 ปีที่แล้ว

    By the way, I have been using this method for two decades. Actually, from 1997 until today. I still use the same method. Signature was important thing.

  • @jerryhuang2258
    @jerryhuang2258 ปีที่แล้ว

    That email sounds like ai generated, because I use gpt to generate email templates to modify, the use of “high sprit” in that first sentence is really common in gpt generated email. Which also explains why the format was so good too.