PayPal Overpayment Scams That Target Craigslist Sellers

“My hope is that when people become familiar with the tactics employed by scammers, they will be less likely to get ripped off. With this in mind, I’d like to describe my recent interactions with miscreants who target sellers on Craigslist. Perhaps the details I’ve gathered about the scammers operation will help curtail such activities. This encounter, which involved SMS messages, emails and a click, is a variation of a PayPal-themed over-payment scam that has been quite prolific in the recent years.”

Find more detail here.

notification-of-instant-payment2

Notification of instant payment

Chrome To Begin Pausing Flash Ads By Default, Starting 10/1

http://techcrunch.com/2015/08/28/chrome-will-begin-pausing-flash-ads-by-default-starting-in-september/

Google: New setting to save power by pausing plugin content

With the Beta release of Chrome 42, we’ve launched a new setting that automatically pauses plugin content that’s peripheral to the main page. This can help you save precious battery power and CPU cycles. But don’t worry, the primary plugin content on pages (games, videos, etc.) should still run just fine.

To adjust these settings, in the Chrome Browser Address bar type,

chrome://settings/content

  • Scroll to Plugins; here is what each option does:
    • Run all plugin content (used to be recommended)
    • Detect and run important plugin content
      • Chrome will automatically run the main plug-in content on websites, but not run peripheral plug-in content.
    • Let me choose when to run plugin content
      • Chrome will prevent any plug-ins from running automatically, but you can run specific plug-ins by right-clicking on them and choosing “Run this plug-in.”
  • Use the “Manage Exceptions” button to for individual options

Amazon Bans FLASH starting Sep. 1

http://advertising.amazon.com/ad-specs/en/policy/technical-guidelines

  • (Blocked by uBlock Origin due to: “/advertising.” in EasyList • Fanboy+Easylist-Merged Ultimate List)
  • Easily allowed by clicking on “Allow Temporarily”

Beginning September 1, 2015, Amazon no longer accepts Flash ads on Amazon.com, AAP, and various IAB standard placements across owned and operated domains. This is driven by recent browser setting updates from Google Chrome, and existing browser settings from Mozilla Firefox and Apple Safari, that limits Flash content displayed on web pages. This change ensures customers continue to have a positive, consistent experience across Amazon and its affiliates, and that ads displayed across the site function properly for optimal performance.

uBlock Origin; A Must Have Browser Plugin

Latest and Greatest Ad/Malware blocking available for Chrome, Firefox, and Safari (you’re not still using Internet Explorer, I hope).

uBlock

Why do I need this plug-in, you ask? See the above image. Malvertising is a fast growing business that’s job is to infect you with malware through adds on common sites that you visit. See this story from August 27th

Angler Exploit Kit Strikes on MSN.com via Malvertising Campaign; read more here or see summary here:

“The same ad network – AdSpirit.de – which was recently abused in malicious advertising attacks against a slew of top media sites was caught serving malvertising on MSN.com. This is the work of the same threat actors that were behind the Yahoo! [and Huntington Post] malvertising.

The incident occurred when people who where simply browsing MSN’s news, lifestyle or other portals were served with a malicious advertisement that silently loaded the Angler exploit kit and attempted to infect their computers.

The ad request came from AppNexus, which loaded the booby-trapped advert from AdSpirit and the subsequent malvertising chain.

This time, rogue actors are leveraging RedHat’s cloud platform, rhcloud.com to perform multiple redirections to the Angler exploit kit (in the previous attack they were using Microsoft’s Azure).

While we did not collect the malware payload associated with this campaign, we believe it is either Ad fraud or ransomware, Angler’s trademark.”

  • Infection Chain:
    • com => lax1.ib.adnxs.com => pub.adspirit.de
  • uBlock Origin:
    • com – Found in
      • Malvertising filter list by Disconnect
      • Peter Lowe’s Ad server list
      • Dan Pollock’s hosts file
    • de: Found in:
      • Malvertising filter list by Disconnect
      • Peter Lowe’s Ad server list
      • hpHosts’ Ad and tracking servers

uBlock Origin is available for Chrome, Firefox, and Safari, install it today!

Stay secure folks!

Carl

Windows 7&8 Quietly receive user-tracking

Okay. So anyone who was smugly resisting the move to Windows 10 in the belief that 7 and 8 were going to keep them happy has been disabused of that this week. PCWorld writes: “Microsoft slips user-tracking tools into Windows 7 and 8 amidst Windows 10 privacy storm.” Ars Technica, their headline: “Microsoft accused of adding spy features to Windows 7 and 8.” ExtremeTech: “Microsoft backports privacy-invading Windows 10 features to Windows 7 and 8.”

And ExtremeTech was great. They said: “Every time Microsoft releases a new version of an operating system, there’s always a few users bitterly unhappy at the company’s decision not to support new features on older products. Microsoft has finally listened to these diehard devotees of older operating systems. If you felt like Windows 7 and Windows 8 offered you a little too much privacy, rejoice: Microsoft is updating those operating systems with the same telemetry-gathering software it deployed on Windows 10. What? You wanted DirectX 12?”

The good news, you can turn “most” of it off in Windows 10. However, in Windows 7&8, you’ll need to avoid installing these updates:

  • KB3068708 – “This update introduces the Diagnostics and Telemetry tracking service to existing devices. By applying this service, you can add benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights.” This update replaced KB3022345.
  • KB3075249 – “This update adds telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels.”
  • KB3080149 – “This package updates the Diagnostics and Telemetry tracking service to existing devices. This service provides benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights.”

The latter two updates are flagged as Optional, but KB3068708 holds Recommended status, which means it would be downloaded and installed if you have Windows Updates set to automatic. It’s only functional in PCs that participate in Microsoft’s Customer Experience Improvement Program, which already sends Microsoft information on how you use your computer.

Opting out of the CEIP isn’t a single straightforward flip to switch. You have to disable it in all the software you’ve agreed to use it with. From Microsoft’s CEIP website:

“Most programs make CEIP options available from the Help menu, although for some products, you might need to check settings, options, or preferences menus. Some pre-release products that are under development might require participation in CEIP to help ensure the final release of the product improves frequently used features and solves common problems that exist in the pre-release software.”

If you use Office’s default settings, it signs you up for Microsoft’s CEIP. How-to Geek has a tutorial explaining how to disable it, though if sending information to Microsoft before didn’t bother you, this new update probably won’t either.

Disabling the tracking tools in the Recommended KB3068708 update isn’t simple, either. It connects to vortex-win.data.microsoft.com and settings-win.data.microsoft.com, which are hard-coded to bypass the Windows HOSTS file. In other words, it’s tricky to block unless you have a firewall that can block HTTPS connections as well as be configured manually, ExtremeTech explains. There are options in GPEdit.msc that allow you to disable application telemetry and CEIP participation, but it’s unknown if they behave correctly after the new patches are installed.

If you don’t want these new tracking tools on your PC, the best thing to do seems to be simply uninstalling the offending updates, then blocking them from being reinstalled.

To do so, head to Control Panel > Programs > Uninstall or change a program. Here, click View installed updates in the left-hand navigation pane. In the search box in the upper-right corner, search for the KB3068708, KB3022345, KB3075249, and KB3080149 updates by name. If they’re installed, they’ll pop right up. If you find one, right-click on it and select Uninstall to wipe it from your system.

Updates

To block the updates from being downloaded again, dive back into the Control Panel and head to System and Security > Windows Update > Check for updates. The system will look for updates, then say you have a certain number of updates available, separated by status (Optional, Recommended, Critical). Simply click the recommended updates link, find the KB3068708 and KB3022345 updates, then right-click them and select Hide update. Boom! Done.

Don’t forget to look into the optional updates and hide KB3075249 and KB3080149 as well.