False sense of security from AVs and hoodwinked into running .exe's because there is an open source Github page for it.

[JonnyTC]

Now to confirm my common sense on this, How can you be sure that executable files from github are safe : r/github (reddit.com), yes the .exe can differ from their Github page's code.

 

I really think, this is becoming a popular trick by hackers behind tools offered for game related stuff or anything; "Oh look, I have an open source githhub page, just run the .exe and off you go.".

 

And regarding AV's:

 

Antivirus Industry's Dirty Little Secret KnowBe4

 

Quote

"The Antivirus industry has a dirty little secret that they really don’t want anyone to know. Despite their claims, their products are not all that effective.  Many of them are only protecting against at best 80% or 90% of the threats out there in the wild at any time. "
...

"One well known, major antivirus industry player is routinely scoring no better than 75% reactive combined with a 70% proactive.  And people wonder how come PCs still get infected by malware. "

 

I know from the hackforums that fully undetectable (FUD as they call it) malware is a norm. Bypassing the virustotal website with all green lights, is just a done thing for them. Then you've got self-polymorphing viruses:

Quote

Polymorphic viruses are complex file infectors that modify themselves in order avoid detection while retaining the same basic routines after every infection. 

So this FUD malware, could just remain FUD. And of course, the attack can wait until the victim can't remember what he downloaded, or until he could blame it on other things.

 

I think this combination of "oh it's open source, download my .exe" and FUD malware being very much a common thing, but 'don't worry your AV will warn you!' or 'look at the clean virustotal.com results'  is a recipe for disaster for casual people. They'll be told, "don't worry mate, it's open source, you can read the code that's in the .exe if you want!", victim: "oh ok :D". Victim: "I guess my AV will warn me anyway.", victim again: "Oh virustotal.com says all those AVs see no problems! blimey OK THEN LETS GO."

 

I think a video needs awareness on this, for casual people. People's AVs give a false sense of security, virustotal.com can be a total useless indicator of safety and these open source programmes does not render the (compiled .exe) download links as safe. 

[OddOod]

Meh, FUDs mostly rely on zerodays and blowing that on a consumer is rarely profitable.

[JonnyTC]

2 minutes ago, OddOod said:

Meh, FUDs mostly rely on zerodays and blowing that on a consumer is rarely profitable.

I do remember seeing 4-6 remote access tools (RATs) for sale, all were FUD by virustotal.com. How that is like today I don't know. That was in like 2010.

[Agall]

1 hour ago, JonnyTC said:

Now to confirm my common sense on this, How can you be sure that executable files from github are safe : r/github (reddit.com), yes the .exe can differ from their Github page's code.

 

I really think, this is becoming a popular trick by hackers behind tools offered for game related stuff or anything; "Oh look, I have an open source githhub page, just run the .exe and off you go.".

 

And regarding AV's:

 

Antivirus Industry's Dirty Little Secret KnowBe4

 

 

I know from the hackforums that fully undetectable (FUD as they call it) malware is a norm. Bypassing the virustotal website with all green lights, is just a done thing for them. Then you've got self-polymorphing viruses:

So this FUD malware, could just remain FUD. And of course, the attack can wait until the victim can't remember what he downloaded, or until he could blame it on other things.

 

I think this combination of "oh it's open source, download my .exe" and FUD malware being very much a common thing, but 'don't worry your AV will warn you!' or 'look at the clean virustotal.com results'  is a recipe for disaster for casual people. They'll be told, "don't worry mate, it's open source, you can read the code that's in the .exe if you want!", victim: "oh ok :D". Victim: "I guess my AV will warn me anyway.", victim again: "Oh virustotal.com says all those AVs see no problems! blimey OK THEN LETS GO."

 

I think a video needs awareness on this, for casual people. People's AVs give a false sense of security, virustotal.com can be a total useless indicator of safety and these open source programmes does not render the (compiled .exe) download links as safe. 

AV is a lot like the gate guard who can't tell the person approaching them isn't Ethan Hunt with a full head mask impersonating an employee, or a person at your door impersonating a police officer. Just don't trust any of it unless you're absolutely certain its safe, something I would still tell anyone looking to get AV.

 

There's other colorful analogies I've used over the years, like how there's people who think using c*ndoms protects you from all STDs. 

 

Unless I see the code myself, I personally wouldn't trust anything except from authoritative sources. If a company like Microsoft gets heavily compromised to where they're spreading malicious programs, we're all doomed anyways.

[JonnyTC]

1 hour ago, Agall said:

AV is a lot like the gate guard who can't tell the person approaching them isn't Ethan Hunt with a full head mask impersonating an employee, or a person at your door impersonating a police officer. Just don't trust any of it unless you're absolutely certain its safe, something I would still tell anyone looking to get AV.

 

There's other colorful analogies I've used over the years, like how there's people who think using c*ndoms protects you from all STDs. 

 

Unless I see the code myself, I personally wouldn't trust anything except from authoritative sources. If a company like Microsoft gets heavily compromised to where they're spreading malicious programs, we're all doomed anyways.

Exactly how I feel now and you're right. Thanks.

 

But yeah, there's certainly a number of useful and true analogies for this situation. 

 

I was going to go down the route of downgrading my GTA IV game to run with the old radio music that was removed by licencing not being renewed by the game's company Rockstar, and to bypass the need for two separate launchers to run at the same time! But... this required a couple of .exes to be run from non-authoritative sources, made by some guys who no one really knows their intention or code in their compiled .exes. Meh, there goes that game. 

 

So yeah, I only ever want to download executables from authoritative sources. I've been hacked in the far past thinking these communities had cool guys who looked out for others with their bypasses and fixes... well, you just never know what their intentions are. Social engineering is just as important to a hacker's craft as hacking is. 

 

 

 

 

[Agall]

38 minutes ago, JonnyTC said:

Exactly how I feel now and you're right. Thanks.

 

But yeah, there's certainly a number of useful and true analogies for this situation. 

 

I was going to go down the route of downgrading my GTA IV game to run with the old radio music that was removed by licencing not being renewed by the game's company Rockstar, and to bypass the need for two separate launchers to run at the same time! But... this required a couple of .exes to be run from non-authoritative sources, made by some guys who no one really knows their intention or code in their compiled .exes. Meh, there goes that game. 

 

So yeah, I only ever want to download executables from authoritative sources. I've been hacked in the far past thinking these communities had cool guys who looked out for others with their bypasses and fixes... well, you just never know what their intentions are. Social engineering is just as important to a hacker's craft as hacking is. 

 

 

 

 

The unfortunate reality of that world is that there's a lot of easy money in it for places in the world where scamming someone of a few dollars is worth it. A few dollars goes a lot further in most of the world compared to the west. Now a days, that's using code designed to clear people's crypto wallets out or steal cookies or credentials to access various accounts.

[JonnyTC]

On 2/14/2024 at 7:31 PM, Agall said:

The unfortunate reality of that world is that there's a lot of easy money in it for places in the world where scamming someone of a few dollars is worth it. A few dollars goes a lot further in most of the world compared to the west. Now a days, that's using code designed to clear people's crypto wallets out or steal cookies or credentials to access various accounts.

Exactly.

 

There are people who have no emotion to being deceitful for money, as you may of seen in person. People can easily forget that, when the internet can only present them with text.