4n6strider

Your Data Zen starts here.

Please check this for me

In case you think you are infected with malware or hacked by any other way, I might be able to help.

But I need from you some information first:
– What has happened, when did it started, what were you doing?
Disclose this information to the message as well as as much possible indicators like URL, filename, website or even whole email messages.

Optionally, try to run diagnostic tool.
(I am vendor agnostic, recommendations are based my own Incident response experience.)

Two examples:
Eset online scan – trustworthy for most cases.
If you think its more serious, use ATTK tool from Trend Micro.
In both cases, not the outcome and provide me this information as well.
Maybe you are already skilled user. In that case, go for the Mandiant/Fireeye Redline and collect the full image.

This will explain how to threat the malicious URLs and SPAM email is a safe way, so you could submit it to me using the mail contact: spam<at>4n6strider.it

1/2 Malicious URLs:

How does it look like?
Keep in mind, that context matters. Where have you found it? Who has sent it to you, when and how?
Say, you got spam message on Instagram, looking like this:

So, what to do next? First of all, if possible take the screenshot immediately. Make it in a way that sender name/ nick and also the time is there, if possible.
Then “disarm” the URL, so nobody can click on that by accident:
URL from the picture would be turned into this:

“http://Rebeca13[.]inst-sx[.]com/Alexandra”

Sometimes, you might get whole bunch of URLs and processing one by one is off. You can just copy them to MS Word or similar and make this in bulk. Just use feature “find/replace with” and replace “.” with “[.]“.

Now the link would not be considered malicious and it is safe to share if with me over Facebook/ mail contact or even using my contact form here.

2/2 How to save SPAM/ Phishing email/ suspicious email:
Good thing to know is, that you should act immediately upon suspicion.
Information useful for hunting the bad guys gets old very quickly, the traces gets cold and disappears.

It does not usually work in a way that you can simply forward suspicious email message, as it gets blocked somewhere on the way. Also, precious data in so called “MX header” will be altered and this makes the hunting of the hacker more difficult.

You need to save the suspicious message as a file, then send over the file as an attachment.
Here is a video tutorial on how to do that in Outlook.
In general – in menu for the relevant suspicious message, seek an option like “save message”,”download message” or similar.
Then threat the saved message like any other file and attach it to the mail. Also, explain why you think its dangerous.

How to know which mail to submit and which one is just “regular” garbage?

There is full load of spam. What kind is worth further investigation?

– All kinds of spam related to Facebook, Instagram, iCloud/ iTunes Gmail, LinkedIn..
These are high profile services and stealing accounts here leads to serious consequences. Attacks are usually deployed in bigger scale so its important to report these issues early.

– If you think the SPAM is a little bit too personal for you, suggesting the attacker might actually know something about you. Might be targeted attack and its better to spot these as soon as possible.
Might be related to your work, hobbies, latest experience.

– If the SPAM seems to be acting upon your recent online/ offline activities. Attacks like this might suggest that you have serious privacy leak.

– If you remember getting weird email message and since that, something bad has happen to your computer/ cellphone/ other devices.

What does not make sense to report to me?
E.G Nigerian scams, enlargement pills, sudden price winnings on weird lotteries, Badoo scams, surprisingly great deals, great business opportunities, getting caught by doing naughty stuff by your hacked web cam.. all of this kind is being already investigated both by human and machines. Just don’t click on links and attachments there and you will be fine.




© 2019 4n6strider

Theme by Anders Norén