More from: Scams

Online databases dropping like flies, with over10k falling to ransomware groups

From ARS

More than 10,000 website databases have been taken hostage in recent days by attackers who are demanding hefty ransoms for the data to be restored, a security researcher said Friday.

The affected data is created and stored by the open source MongoDB database application, according to researchers who have been tracking the ongoing attacks all week. On Monday, Victor Gevers, co-founder of the GDI Foundation, reported finding 200 such databases that had been deleted. By Tuesday, John Matherly, founder of the Shodan search engine increased the estimate to 2,000 databases, and by Friday, fellow researcher Niall Merrigan updated the count to 10,500.

Misconfigured MongoDB databases have long exposed user password data and other sensitive information, with the 2015 breach of scareware provider MacKeeper that exposed data for 13 million users being just one example. With the surge in ransomware-style attacks—which threaten to permanently delete or encrypt data unless owners pay a fee—hacks targeting MongoDB are seeing a resurgence. Many poorly secured MongoDB databases can be pinpointed using Shodan, which currently shows 99,000 vulnerable instances.When the ransom-style attacks targeting MongoDB databases first came to light, they were mostly carried out by someone using the online handle Harak1r1. The individual or group was deleting vulnerable databases and promising to restore them if owners paid around $200 in Bitcoin. Over time, other attackers have taken part in similar attacks, in some cases replacing a rival’s ransom demand with one of their own. A list of the best-known attackers is here. In all, the attackers have compromised about 10,500 databases. Promises to restore the databases in return for a ransom payment are dubious, since there’s no evidence the attackers copied the data before deleting it.

MongoDB maintainers have responded to the reports with a blog post explaining how to detect and respond to attacks. People who administer websites that use MongoDB should ensure they’re avoiding common pitfalls by, among other things, blocking access to port 27017 or binding local IP addresses to limit access to servers.

The Myth of the $200 Computer


It happens a few times a year.  A customer is faced with either a computer that cannot be repaired or a one that is so old that it’s not worth repairing.

They will ask what their options are and I will explain to them for $350-$500 they can get a custom built PC from me that will be the best computer they have ever owned and last them a decade.

They scoff at this idea and proudly proclaim that they can just head on over to Staples and get one for $200.

I will not deny that yes there are times of the year where you can get some great deals; Back to School, and Christmas being good examples. Times of year when stores will stock up on somewhat outdated inventory and sell it as loss leaders to get parents into the stores.   However these deals are actually rare and becoming more hard to find.

Anyway let’s set that aside and look at what you get when you buy a bottom of the line PC at big box retailer.

Just this weekend I was faced with a client who did the “I don’t need anything fancy I can’t get something for $200” eye roll. He ended up at Walmart where to his surprise there are no $200, in fact you can’t even find a computer that does not include a monitor, his only option was a $250 Acer AXC-704G-UW61.

The bare minimum to manufacture a PC is over $200.  So how can they sell you a PC for such a low price.  Either you are getting very old outdated and barely usable parts.  This computer had really cheap slow parts in it. So cheap, slow, and built to a price point that they were designed to be cheap, and as we discovered the hard way not even fully functional.

The other way they bring the price down which is the case more and more you are getting a computer that has been subsidized by installing tons of Spyware.  This PC was riddled with Spyware, in fact the first program they installed on it before they even installed the drivers was Spyware.

XYO6ZbP - Imgur

This miracle of modern technology was then dropped off here so I could begin the process of transferring and installing all the software and files he needs for his business onto the this wonderful new PC.  Set it up on the desk and problem #1, this computer has no VGA or DVI ports only HDMI.  So now we either need a HDMI monitor, a video card, or a some sort of converter.   So now it’s a $270 PC, and we wasted a days labor. Nowhere on the box was it mentioned that this computer had only HDMI ports. It has two USB 3.0 ports but since it’s only two those will be taken up by your keyboard and mouse.  So if you want to actually use those ports you need a hub now it’s a $290 computer.


Okay we get it hooked up to a monitor.  I know have to spend half a day removing all the SpyWare that is preinstalled onto the PC.

Finish that, install al the business software we need, and star transferring his files onto the new PC.  The transfer is going to take 6 hours so I leave and come back.  In that time the PC has put the monitor to sleep and the only way to get the monitor back on is to unplug the power from it.  So now we have to leave the monitor on displaying a screen saver 24 hours a day otherwise the PC turns the monitor off and then will not turn it back on.

Finish everything, leave the computer alone over night come back  and now it for some reason has shut down and will not restart.  Pull the power and it will turn back on.  At this point it is finally decided this $200 PC is going back.

Now we have wasted 3 days,  the client owes me well over $100 in labor and we have accomplished nothing.

You get what you pay for.

No you are not on the phone with Microsoft

Going to repost this article I wrote over a year ago since in the past month I have an increase in the number of calls about anonymous calls telling my clients their is something wrong with their computer.

Increasingly I have to fix computers that have been ruined because people are falling for the various Technical Support scams. Let me get this out of the way first no matter what you think, no matter what you find searching for phone numbers you are not on the phone with Microsoft or likely any other company.

This scam works in two ways. The first is simple you get a random phone call from someone telling you that there is some problem with your computer. This is nearly always a scam (there are some RARE cases when your ISP might contact you, if they claim they are your ISP hang up and call the number on your bill.) Odds are no one is ever going to legitimately call you and tell you there is something wrong with your computer. The number of steps they would have to go through to even get your phone number makes this basically impossible for any company to do.

The second way they do this is by buying ads on search engines. Do a search for basically anything and the word support and you will tons of scam links. Only two of these links are actual links to Norton tech support.

tech numbers
You end up on the phone with someone from various companies like iYogi. These companies charge insanely high rates for repairs and will often leave the computer non-functional or at best worse than it was before you called them.

They will in nearly every case ask you to open up the event viewer where they will show tons of scary looking error messages. These are perfectly normal and will be present in the event viewer of every Windows PC on the planet. Here is what my event logs look like.

event viwer

They will then prompt you to install their software. If you are very lucky they might fix your computer for a very hefty price (I’ve found quotes of $299 for routine maintenance issues left on computers), they will often damage the computer.

Now here is the horrible part. Something new I discovered just a few days ago. Even if they fix your computer, even if you refuse to pay, even after you uninstall their software, the software STAYS INSTALLED. I have discovered hidden monitoring software running as hidden processes that are left behind after you have uninstalled the software. At best this software is causing a huge performance hit on the computer, at worst who knows what this software is doing, it could easily be logging all your passwords, banking info, and credit card numbers. This software could be doing anything.

This is yet another reason you should find a local qualified repair person. We charge less. We are local. You can find us if you have a problem. Never let some stranger on the phone into your computer.

I look forward to the iYogi astroturfing team telling me off in the comments.


Once Again No Mater Who You Think It Is From Never Trust E-mails

I was actually contacted by a new client who was hit by this last week and lost a 5 figure sum.


From Ars

Researchers said they’ve uncovered an active campaign that has already stolen more than $1 million using a combination of malware and social engineering.

The Dyre Wolf campaign, as it has been dubbed by IBM Security researchers, targets businesses that use wire transfers to move large sums of money, even when the transactions are protected with two-factor authentication. The heist starts with mass e-mailings that attempt to trick people into installing Dyre, a strain of malware that came to light last year. The Dyre versions observed by IBM researchers remained undetected by the majority of antivirus products.

Infected machines then send out mass e-mails to other people in the victim’s address book. Then the malware lies in wait. A blog post published Thursday by IBM Security Intelligence researchers John Kuhn and Lance Mueller explains the rest:

Change Your Uber Password Right Now

Uber passwords and partial credit card info are showing up for sale on the darkweb.  This passwords ahve been confirmed to be valid.


From ars:

According to the listing (Tor, AlphaMarket login required), he or she has sold 131 such logins since March 18.

Ars attempted to contact the two vendors but they did not immediately respond.

In an interview with Motherboard, one vendor claimed to have “thousands” for sale, and even provided a sample of them. As the site reported Friday:

Motherboard reached out to one of the users whose email address and password was put up for sale: James Allan, sales director for OISG, a technology solutions company.

Allan confirmed that the username and password Motherboard had seen were correct, as well as the expiry date on his personal credit card. He doesn’t actually use Uber anymore, and the last trip he booked was in December 2013.

“Bloody hell,” Allan said over the phone, when he was told what his password was.

He was “extremely surprised” by the revelation, he said. Allan also said that he doesn’t use the internet much for financial transactions, preferring cash “for this very reason.”

In a statement e-mailed to Ars on Saturday morning, Uber spokeswoman Trina Smith said that the company did not find evidence of a breach.