Just Say NO to Facebook Messenger Malware

I know this seems to have little to do with Second Life as it states in the title, but if you want to run efficiently in SL you must keep up to date on ALL the causes to your computers demise. Yes you can get this same scam sent to you in world and YES you can pass it along to your friends, and because most of us run a second life Facebook page this will pertain to you on every level.

 

“Fly fishermen are always tying new flies, refining the tricks they play on trout and other piscean species. Likewise,Phisher-men in the digital waters constantly try new ways to get you to bite on their hook, which is baited with malware. Recently, researchers at Kaspersky Lab reported a fancy new “fly” involving Facebook’s Messenger, the bigger, better messaging app that Facebook is pushing to replace that awful, tiny, temperamental chat box. Read on to see how Messenger has been used to deceive users into clicking links that lead to loss”…

How Does the Messenger Scam Work?

Before we begin, let me underscore that Facebook Messenger is not malware (at least not in the commonly-accepted definition of the word). It’s a tool that clever hackers have found a way to exploit for evil. The same thing can be said of your favorite messaging app, email program, web browser, or word processor. But today, we’re focusing on a nasty trick played on Messenger users. Here’s what you need to know:

Lulled by your friend’s face, you obligingly click on the link right underneath the message, which is short and to the point: “ Video.” What happens next depends on what browser you are using. Click on that “video” link while using Chrome and you will be whisked away to Google Drive. There you will see something like a YouTube video page complete with a control panel, a “Play” button, and in the background the comforting photo of your pal. What could go wrong?

First, no YouTube page will ever ask your permission to install a browser extension, as this fake does. If you fall for that trick by agreeing to the “extension’s” installation you are, in fact as well as effect, telling Windows’ security to “go ahead and run this unknown program from an unknown source.” What happens next?

The unleashed malware instantly sends Messenger messages to all of your friends; they are exactly the same as the phish that you received only with your profile photo instead of your friend’s. The vicious cycle of infection and re-infection continues. Users of other browsers are told they need to update Adobe Flash Player instead of a browser extension. That malware turns out to be adware designed to generate profits for the hackers. But that’s not all the damage this one little “video” link does!

 

A Bit of Background Geekery

For Chrome users, the fake extension begins to monitor all of the sites they visit. When a victim visits Facebook and logs in, the extension steals those credentials and Facebook’s “access token” that gives apps temporary access to Facebook’s API (Application Programming Interface). These precious bits of data are sent back to the hackers. Let’s see how they are used.

The stolen user credentials get the malware logged into Facebook, perhaps as you! The malware then uses the access token to send JavaScript commands to Facebook’s back-end via the API. But the malware is also impersonating one of several mainstream Facebook apps that still use the obsolete Facebook Query Language (FQL) to search for, compile into SQL databases, and download all sorts of data about Facebook users.

Have you ever seen a warning that an app wants permission to “access your contacts?” That’s what this malware is after with its FQL queries. It then quickly chooses 50 of your contacts at random from among those presently online, and sends that one-word bait, “video,” plus the link that starts the unholy chain of events all over again.

Eternal Vigilance, Blah, Blah, Blah

Several teams of security researchers from all over the world joined together to stop this threat. But another like it will arise – many others, now that the modus operandi has been published. The next one may use bait more sophisticated than the word “video…” which, unless you have very taciturn friends, is a telltale sign that something is amiss.

The moral: Be careful on Messenger, in your email inbox, and any other place where you are tempted to click a link before engaging your brain. No anti-virus software can protect from all known threats, especially the rapidly-evolving types of malware more common today. As I’ve said before, a simple phone call (or text message) to the alleged sender of a questionable link can confirm if it’s bogus or benign.

I’d like to thank our friend Mr. Bob Rankin for this post, and be sure to check out his informative advice on his page https://askbobrankin.com/

I wish you all a great week ahead.

ZI Staff

Virtual World Developer’s Visit To Linden Lab Hints At Big Updates To Sansar And Second Life Coming Soon

Credit: New World Notes

Will Burns, Vice-Chair for IEEE’s Virtual Worlds Standard Group, recently stopped by Linden Lab’s headquarters in San Francisco for a visit, had a good long chat with CEO Ebbe Altberg (pictured here with mandatory hoodie, next to Will with bonus Deadpool T-shirt) and got a tour of upcoming Sansar content. What exactly Will saw in Sansar he cannot say, since he signed an NDA at the door, but reading between the lines of what he reported afterward, it looks like Sansar and Second Life will see some pretty big updates soon (or soon-ish).

“I’m not telling anyone what they’re doing exactly,” as he puts it to me, “but rest assured they didn’t drop the ball with Ready Player One. It’s really mind-blowing. I think people will be in awe and pleasantly surprised.”

Will is a longtime Second Life user and content creator, where he’s known as “Aeonix Aeon”. And having gotten this first-hand, full-blow demo of upcoming Sansar content at Linden Lab, sees the two this way:

“When I want high-end mind blowing, I’d dip into Sansar with a headset for a half hour. Then come back to Second Life for the rest of the evening. Best way I can find an analogy for SL users is this: Imagine Sansar is Disneyland. Second Life is the everyday after that. You pop off with the family and friends to Disney for a fun afternoon or vacation, then come home. In the same manner, Sansar is Second Life’s Disneyland. It’s fun, impressive with the right hardware, and mind blowing. Then you come home and while home isn’t as exciting or high end packed with thrills and wow factor, it’s home and you spend most of your time there. Each has a legit purpose.
“Now, could I see everyone running out to get a headset for this? Of course not. It’s still niche audience at best. But I definitely recommend a proper engagement with it if you get a chance.
Long as you keep in mind it’s Disneyland to SL, it’ll make sense.”

Other dedicated SLers have made the theme park/home analogy for Sansar. Speaking of which, here’s the notes Will posted to a private Facebook group after his visit to Linden Lab which hint at updates for both:

Sansar Spielberg Cline Ready Player One Linden Lab Ebbe

  1. Unlimited groups. Prolly not likely. I imagine the load on servers would kill it.
  2. Reducing Lag: We actually discussed a way that could help do this substantially and bring other benefits as a side effect. Can’t say what, but it’s on their mind (and whiteboard) now. If they actually run with it or not is a totally different story.
  3. Flexi Bento: No summoning C’thulu
  4. Land costs: Sounds like it will be addressed. How, I’m not at liberty to disclose. Be patient.
  5. Inventory mess: Can’t help ya there.
  6. From Wagner James Au’s post concerning Ready Player One: Prepare to be amazed.

Ebbe showed me around, we hung out, then he strapped me into an Oculus Rift for a private demo of Sansar. Some was user-generated scenes, others were scenes made by Linden Lab.  Of the latter, I have this to say: Sansar is actually incredibly impressive so far. Still couldn’t deal with the headset longer than twenty minutes. Still has a ways to go for desktop users. For short term experiences, treat it like a theme park. Second Life is still my choice for longer term engagement. When I want to be blown away for half hour, Sansar is where it’s at.

Wildly speculating from those notes, I would not at all be surprised if Second Life users see say, a playable version of the OASIS from Ready Player Onedeployed in Sansar. (Spielberg and author Ernest Cline wouldn’t do an in-person visit just to see an Intel cross-promotion demo., would they?) But we shall see!

Spectre and Meltdown

You may have heard of Spectre and Meltdown, two security vulnerabilities that exist in virtually every CPU ever made by the chip giants Intel, AMD, and ARM. Either vulnerability can expose your system to “arbitrary code execution,” the geeky way to say, “A hacker could take complete control of your computer” and run any malware he wants on it. Read on to find out more, and if your computer is vulnerable to these attacks…

The Specter of a Meltdown?

Hacker in a hood on dark blue digital background

The Spectre flaw enables one compromised program, such as a web browser, to compromise another program running on the same machine, such as Microsoft Word. If a hacker can penetrate your browser via the Internet, he can leapfrog from there across every program running on the system.

The Meltdown flaw allows hackers to gain access to a portion of a computer’s memory that should be off-limits to all software except the operating system. And Meltdown doesn’t care if you run Windows, Linux, or Mac OS X. Any of those systems may be vulnerable.

As Meltdown’s name suggests, truly bad things can happen when a rogue program gains access to that portions of memory that should only be accessible by the operating system.. You may have seen the dreaded Blue Screen Of Death (BSOD) where Windows displays the cryptic “fatal memory fault at address…” Boom! Crash! But what’s the point of crashing some stranger’s computer? “Some people’s children” just do it for the “lols,” that is, for laughs. Global superpowers may do it in the name of “national security,” their intelligence agencies spending unlimited money to develop nuclear-grade malware… which, as we now know, “spook shops” like the NSA have allowed to escape into the hands of the “children.”

Worse, Meltdown enables an attacker to access all memory, including areas where your personal information is stored while you are working with it. There lies the profit motive that drives the most widespread attacks. The mercenary “adults” can use Meltdown to make millions.

The titans of tech including chip makers, Microsoft, Apple, and the Linux community, have scrambled to issue hardware and software patches for Spectre and Meltdown. All hands on deck, as they say!

But there is still lingering uncertainty about whether the patches work, or if they do more harm than good.

Ah, fun with words. The software flaw known as “Spectre” is a homophone for “specter.” The former refers to a ghost, phantom, or apparition, and the latter is defined as “a source of terror or dread.” Both can be scary, but only one of them is likely to attack your computer.

As of January 23, Wired! magazine reported that firmware patches issued hastily by Intel, AMD, and ARM to close Meltdown vulnerabilities in their chips “can inadvertently cause serious problems beyond processing slowdowns, including random restarts, and even the blue screen of death.”https://www.wired.com/story/meltdown-spectre-patching-total-train-wreck/ Microsoft went so far as to release a patch that disabled the Intel patch.

On January 22, father-of-Linux Linux Torvalds said, in one of his more diplomatic comments, “the patches are COMPLETE AND UTTER GARBAGE.” Speaking of Intel’s patch crisis managers, he asked rhetorically, “Has anybody talked to them and told them they are f***ing insane?” At least he used an asterisk. (I added two more.)

Since then, there has been thunderous silence from the tech press corps. Does that mean the coast is clear? Is it safe to install firmware updates to your CPU and BIOS, as Intel, AMD, and ARM urge you to do? And how is that done, exactly?

We Need a Gadget Inspector

Before tinkering with the most delicate parts of your system’s delicate “brain,” I recommend that you run the InSpectre (“inspector,” get it?) utility developed by Steve Gibson of Gibson Research Corp. InSpectre “was designed to clarify every system’s current situation so that appropriate measures can be taken to update the system’s hardware and software for maximum security and performance,” according to no less an authority than itself. (Sorry, I couldn’t let that one pass by!)

InSpectre is freeware, less than 200 KB of code, and perfectly safe to run. It will analyze your Windows PC no matter who made its CPU and BIOS, detecting and reporting its vulnerabilities, if any, to Spectre or Meltdown. InSpectre reports its findings in clear, simple terms that even non-geeks can readily understand. (I don’t know of a similar utility for Linux or Mac OS X systems.)

Best of all, its user interface includes two big buttons allowing you to Enable or Disable protection for Meltdown and/or Spectre. If either is greyed out, your system lacks that type of protection. Gibson goes into detail on why you might want to disable either of the protection options, to avoid the performance penalty they may impose. But unless you are noticing a marked decline in speed, I would not recommend doing so.

If InSpectre reports that your PC will remain vulnerable to Spectre or Meltdown until its firmware is updated, then it will be necessary to contact the maker of your PC to download a firmware patch specific to that make/model of PC. A Microsoft Support Page bears a “List of OEM /Server device manufacturers,” including links to their respective Spectre/Meltdown firmware and BIOS update help pages. https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown

The only annoying things about InSpectre are the goofy sound effects, and the display of the results. Looking at InSpectre report is a bit clunky, because the window cannot be resized, and the small font can be hard to read. Position your pointer anywhere within InSpectre’s text window, press Ctrl-A to “select all,” then Ctrl-C to copy the selection, and then Ctrl-V to paste the report into a word processor or text editor. Then you can make the text as big as you like, save the report, or print it.

The best protection against Spectre on the operating system side, as opposed to firmware and BIOS, is Microsoft Windows 10, Fall Creator’s Update, version 1709. Automatic updates are on by default in Windows 10, so you should have v 1709 unless you have deliberately delayed its installation. If you have, go to Windows Update Settings and allow v 1709 to be installed.

Windows 7 users should have auto-updates enabled, too. Run Windows Update and let it install all critical and important updates to protect your system as much as possible via Windows.

It is shocking to learn that nearly everything digital, from desktop PCs to phones and tablets to Internet of Things things, contains a chip that is vulnerable to Spectre or Meltdown. But bear in mind that the world is still not on fire; these vulnerabilities can and are being fixed, if they are not already fixed in your device(s). For now my best advice is “Keep calm and carry on,” auto-updating all of your software.

Have a great week.

Zi Staff

Discord Resources For Virtual World Users (Second Life and Sansar Links)

Discord Resources For Virtual World Users (Second Life, Sansar, Sinespace)

So I’ve been using Discord for quite some time for online communication – gaming etc.  I’ve found it much more reliable than Teamspeak and 100% more reliable than Skype, without being a tremendous resource hog on my PC.  It allows users to connect via text and voice channels, I’ve been on the lookout for SL content and user based servers – so I’ll add and update this list as I find more!  There are sub servers for photography, mesh creation, bloggers, vloggers, event organizers etc…get connected!

I’m loving New World Notes’ new Discord server, which has already become one of my go-to places for post ideas and fun random chat.

Here’s some more Discord resources for fans of Second Life and other virtual worlds:

 

Extra Servers for VR:

If you’re a Sansar user, here’s details for connecting your account to the official Sansar discord server.

Bonus: Here’s the link for joining the official Discord to new kid on the block, VRChat.

 

Microsoft Takes on the Scammers

Starting March 1, 2018, programs that attempt to coerce users into paying for dubious protection or PC performance “optimization” will be removed automatically by Microsoft Windows Defender Antivirus and other Microsoft security products. I can think of several rogues that will be hopefully out of business soon. Here’s what you need to know…

Bringing Down the Hammer on Scammers

Microsoft has announced they are taking aim against programs like TotalAV, ScanGuard, PC Protect, and other “free security/performance checkup” scams.. Hallelujah! These programs are legion on the Internet, and like the three named above, many are often owned by the same devious company.

They dominate the top spots in search results by paying the most to place their ads there. (I wish Google would do more to police this.) Every day, thousands of people who are trying to find free help for real PC problems instead get sucked into vortexes of FUD – “Fear, Uncertainty, and Doubt” – and jerked around in expensive circles by con artists who follow a time-tested formula:
  1. Offer a free “checkup” of a PC to find malware or causes of sluggish PC performance.
  2. Display a spinning circle or “Please wait, finding problems that could cause disaster” messages
  3. Show the victim screen after screen of alarming “warnings” about “infections” and “vulnerabilities” that actually don’t exist; the step above is just drama.
  4. Pressure the victim to pay for the “premium” version of the useless software, which does not exist.
  5. If the victim buys, tell him the problem that doesn’t exist is “fixed” but more problems remain.
  6. Pressure the victim again for even more money for a bogus “fix” to problems that don’t exist.
  7. Repeat steps 5 & 6 as long as they work.

    Optimizing The Anti-Optimizer Strategy

    Microsoft first set some mild standards for “cleaner and optimizer” programs in February, 2016. All such programs had to do was tell a user specifically what problems it proposed to fix, and the program got a pass from Microsoft security products. Look how well that “honor system” approach worked for everyone! But now, Microsoft is getting serious, and dropping the hammer on these scam programs.

    Microsoft’s evaluation criteria is a document specifying unacceptable characteristics of programs scanned by Windows Defender and other Microsoft security programs. A new section spells out “Unwanted behaviors: coercive messaging” that will cause a program that exhibits it to be removed automatically from the user’s machine.

    Even when victims say, “No, I won’t pay,” a fake cleaner/optimizer can still try to wring some money out of them by persuading or scaring them into answering a “short survey.” Ostensibly, the victim’s answers will only be used to help improve the “free” program.

    But the deeper a victim goes into such surveys, the more personal and sensitive the questions become. You can easily be suckered into giving up bits of personal data that enable identity thieves to figure out the answers to your “secret” password recovery questions, or the actual passwords that you use, or the name of your bank, and other tools of ID theft.

    Microsoft’s new “unwanted behaviors” include this sort of con, too. Programs that use such slimy tricks will be removed from PCs defended by Windows Defender beginning March 1.

    Also on the “unwanted behaviors” list are programs that suggest they are the only way to fix a problem; programs that set a deadline for the user to take action; programs that require the victim to download a file (which is probably a Trojan or virus); or sign up for a newsletter (so your email address can be sold to spammers). Such programs will be deleted automatically starting March 1.

    Have You Encountered Rogue Software?

    You can help in this fight against the scammers. If you encounter what you think may be rogue software, report the problem to Microsoft. You can anonymously submit a program to Microsoft for analysis, and security researchers will analyze the file(s) to determine if they should be classified as malware. (Hmmm, this alone might be a good reason to download TotalAV.)

    If you are running Windows 10, Windows Defender is included and enabled, unless you’ve installed a third-party security tool. I’ve been critical of Defender in the past, but it seems to have improved greatly, and has some compelling new features. (See UPDATE: Is Windows Defender Enough Security?)

    Microsoft’s announcement says that the “rogue removal” feature will be included in “Windows Defender and other Microsoft security products,” but they didn’t go into any detail about what those other products are, or if this protection will be extended beyond Windows 10. As more information becomes available, I’ll update you.

    I applaud Microsoft for taking direct action to protect Windows users from one of the most widespread threats online. I just wish they’d done it back in February, 2016, instead of setting easily circumvented, toothless rules.

    Have A Great Week!

SL Tutorial: How To Cut Land Impact & Memory Load Of Second Life Buildings By 40%+ With Modding