David H. Lipman

Experts
  • Content count

    10,682
  • Joined

  • Last visited

About David H. Lipman

  • Rank
    Dave

Contact Methods

  • Website URL
    http://multi-av.thespykiller.co.uk

Profile Information

  • Location
    Jersey Shore USA
  • Interests
    Malware Research, dSLR Photography, Numismatics & Surf Fishing

Recent Profile Visitors

93,962 profile views
  1. Malware is NOT the only reason a web site may be blocked.
  2. Since I do not know all the qualifications on the reason(s) for the web blockage, I side with Malwarebytes. Especially if one can not make a case that ALL the pharma sales sites are blocked. Individuals are able to make an exception on any site they wish which negates the IP/Domain from being blocked.
  3. Yes, I read your original posts which did not conform to Important: Please Read Before Reporting A False Positive, Post ID #2
  4. I have made no particular dispersion nor validation on any particular 3rd party reputation site, I am looking at in a holistic and overarching POV.
  5. While Pharmaceuticals are expensive and a particular "medicine" may have an extremely broad price-range, they are a Human ingested or applied quantity. One must steer away from these online sites until they are fully vetted. 3rd party reputation web sites and companies may or may not have a disclosed or undisclosed association with the pharmaceutical sales site. One must also be aware of an influx of; South American, Chinese and Indian "knock-off" pharmaceuticals and these 3rd party pharmaceuticals sale web sites, who strive for "cheap pricing", fall victim to these pharmaceutical "knock-offs" at a higher rate then traditional pharmacies. I know exactly how it is. Below are samples pharma products which are highly available and whose generics are equal to their name brands. However price gouging is prevalent. I have seen Diphenhydramine HCL 25mg sold as high as high as $0.25 USD per unit and as low as $0.018 USD per unit. It all depends on whether you buy volume or if you buy portable "blister packs". The brick & mortar pharmacies even take advantage of this very inexpensive pharmaceutical and put their name on the package but still artificially inflate the price to that just below the name brand. The name brand is Benadryl. I have seen Povidone Iodine sell for $4.75 USD for 16 fl. oz and as much as $20.00 USD for 8 fl. oz.. The name brand is Betadine This requires being a savvy consumer. It does not mean that you should go willy-nilly looking for pharma web sites that can very well put your health at-risk.
  6. You have a broken link in the Certificate chain. The site Certificate is verified through the Thawte Root Certificate Authority ( CA ) and its intermediate SSL CA
  7. thawte DV SSL CA - G2 ==> www.planetdrugsdirect.com The Certificate chain is Verified I don't see a Fake Certificate.
  8. It means very little. You are anonymously submitting a file for an anti malware scan to see what the participating vendors may or may not detect. The service is not a music sharing service. It is ONLY there to check the sample against participating vendor's anti malware products. IFF the file is malicious, then the participating vendors have access to the file for further analysis and/or validation.
  9. No problem. I will request a moderator move this thread there.
  10. If you are applying Group Policy Objects ( GPO ) then you are most likely running MBAM in a business. This is the retail product support sub-forum where GPO settings is very uncommon. Support for MBAM in a corporate environment is in; Malwarebytes Anti-Malware for Business I that the case here ?
  11. Follow pondus suggestion. Submit it to a service such as Virus Total. If it is malicious, it will have detections and you can discard it. If it is a really large file, question its source. If it is not a reputable source for MP3 files, discard it.
  12. You asked a similar question in; Can MP3 files contain a virus? Which I responded to. Please go back to that thread for discussion.
  13. The first thing to realize is that "viruses" are a small minority of malware. Viruses are malicious code that has the ability to self replicate. That is the malicious code is able to autonomously spread from file to computer, computer to computer or computer to file ( and other means as well ). All viruses are malware but not all malware are viruses. Malware is short for MALicious softWARE. There are three major types of malware: Viruses, Trojans and Exploits. There are many sub-types to them that make up malware taxonomy. So the question is, "Can MP3 files contain malware ?" The answer is not simple. There are many qualifications of malware and "media" files. The simple, but incomplete, answer is yes. But not in a format that readily "infects" a computer unless there are certain underlying criteria that are met. MP3, WMV, MOV, etc are all media files. They can be created with Exploit Code. Thus the files are malicious. For example, let's say there is a Vulnerability in Windows Media Player with MP3 files. A MP3 file could be created with the intent of exploiting that vulnerability and if it is successful, attempt to infect the host with some payload. Another case may be to exploit the Windows Digital Rights Management ( DRM ). In that case the explit is not a software vulnerability, it is a Human Exploit. Exploiting the frailties of Humans is called Social Engineering. A MP3 or WMV or some other media file can be created to use Social Engineering and DRM to get you, the person who plays the media file to download something. That which is downloaded could be malicious. These are most called Wimad trojans. When it comes to MP3 files, The Wimad is most common. It works on the need to obtain music for free. So that desire to pirate music is the Social Engineering ploy used. In fact I ran into an employee who allowed the pirating of AutoDesk software. He was giving the software, and its keycode, to many people. That same person decided to connect a USB External Hard Disk his employer owned computer which was running Kaspersky anti virus software. His computer was subsequently flagged with 44 Wimad trojans o that hard disk. Example: Trojan-Downloader.WMA.FakeDRM.bj - E:\Music 1\cymande(unreleasedliverecord).mp3 There is another concept called steganography. That is where the data file is manipulated is such a way that malware can be embedded within the media file. However, one needs an external utility to extract the malware that was embedded. While this is possible, it is so impracticable it just isn't used. Steganography is used more often in trade-craft in the exfiltration of data where stolen information is embedded in a media file. That media file hides in plain site and the malicious actor can then extract the stolen data thus making the data exfiltration less detectable. That too has limitations when trying to exfiltrate large quantities of data. So the answer is yes, media files can be malicious. However they can not infect a system by themselves. They need to exploit a vulnerability or an external extraction utility is needed. References: https://en.wikipedia.org/wiki/Digital_rights_management https://en.wikipedia.org/wiki/Steganography https://en.wikipedia.org/wiki/Social_engineering_(security) https://www.symantec.com/security_response/writeup.jsp?docid=2005-011213-2709-99 http://malware.wikia.com/wiki/TrojanDownloader:ASX/Wimad.BD https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=TrojanDownloader:ASX/Wimad
  14. Discussions and reporting for MBARW is performed in; Malwarebytes Anti-Ransomware Beta ** I will request a moderator move your topic there. Reference: How to report a MBARW False Positive