Skip to content

Fake Amazon ad ranks top on Google search results

March 20, 2018

Dang! Don’t you just hate it when you search for Amazon on Google, you click on the top link (which of course must be legit, right? – it’s from Google!) and then you somehow wind up infected with “Malicious Pornographic Spyware” with a dab of “riskware” on top?

Yep, not for the first time, Google’s been snookered into serving a scam tech support ad posing as an Amazon ad.

This is déjà vu.
Thirteen unlucky months ago, scammers slipped a fake Amazon ad under Google’s nose.
Anybody who clicked on it was whisked to a Windows support scam.

ZDNet reported on that one in February 2017, and it brings us news of the bad ad rebirth once again.
On Friday, ZDNet’s Zack Whittaker reported that for hours on Thursday, the top Google search result for “Amazon” was pointing to a scam site.

Top, as in, it outranked even the legitimate search result for
Users who clicked on the bad ad were whisked to a page that tried to terrify them with reports of malware infection so they’d call a number for “help.”
The ad masqueraded as an official Apple or Windows support page, depending on the type of computer in use.

Then, just as fake tech support ads tend to do, and just as the fake Amazon ad did last February, the bad ad shrugged off users’ attempts to dismiss a popup box that warned them about malicious pornographic spyware and riskware etc.
(What IS “pornographic spyware?” Spyware accompanied by heavy breathing?).

According to ZDNet’s analysis of the code, trying to close the popup would have likely triggered the browser to expand and fill up the entire screen, making it look like a system had been grabbed by ransomware.

ZDNet says it appeared through a proxy script on a malicious domain to make it look as though the link fully resolved to an page, “likely in an effort to circumvent Google’s systems from flagging the ad.”

The malicious domain was registered by GoDaddy, and the apparent domain owner didn’t respond to ZDNet’s inquiries.
A spokesperson for Google told ZDNet that the company doesn’t tolerate advertising of illegal activity and takes “immediate action to disable the offending sources” when it finds ads that violate its policies.

GoDaddy pulled the site offline within an hour of being contacted by ZDNet.
A GoDaddy spokesperson said that its security team found that the ad violated its terms of services, so they removed it.

Google’s swimming in these bad ads.

Last week, it announced that in 2017, it took down more than 3.2 billion that violated advertising policies.

That’s an average of 100 per second, Google said, and it’s up from 1.7 billion removals of bad ads in the prior year.
Google also booted 320,000 online publishers off for violations like showing Google-supplied ads alongside inappropriate or controversial content, according to Scott Spencer, Google’s director of sustainable ads.

What to do?

Google’s working hard to kill bad ads, but they’re obviously still getting through, including those that contain malware.
So to help you stay vigilant, here are some suggestions on what to do if you get hit with one of these fake tech support scams, be it on the phone or as “Riskware! Spyware!” taking over your browser:

  • If you receive a cold call about accepting support, just hang up.
  • If you receive a web popup or ad urging you to call for support, ignore it.
  • If you need help with your computer, ask someone whom you know and trust.
  • When searching for Amazon, remember that you don’t need to use Google. Simply go straight to
  • Source:
    Fake Amazon ad ranks top on Google search results


    Facebook loses control of 50 million users’ data, suspends analytics firm

    March 19, 2018

    Cambridge Analytica – the data-crunching firm with tools so muscular that founder Christopher Wylie has described it as “Steve Bannon’s psychological warfare mindf**k tool” – has been collecting Facebook user data without permission through “a scam and a fraud,” Facebook said on Friday.

    That statement to the New York Times came from Paul Grewal, a Facebook vice president and deputy general counsel.
    It preceded a day of chaos inspired by big data use and abuse that has raged all weekend and promises to keep playing out as lawmakers pledge to launch investigations.

    On Friday, after a week of questions from investigative reporters, Facebook suspended Cambridge Analytica and parent company Strategic Communication Laboratories (SCL) from its platform.
    The suspensions came late in the game, news outlets are charging, given that Facebook has known about this for three years.
    Facebook, for its part, claims that the parties involved lied about having deleted harvested data years ago.
    At least one of the parties involved has shown evidence that points to Facebook having done very little to make sure the data was deleted.

    The banishment was unveiled a day before the publishing of two investigatory reports – one from the New York Times, another from The Observer.
    The reports both detailed how Cambridge used personal information taken without authorization from more than 50 million Facebook users in early 2014 to build a system that could profile individual US voters in order to target them with personalized political ads.

    Cambridge is owned by conservative Republican hedge fund billionaire Robert Mercer.
    It’s a voter-profiling company that was used by conservative investors during both the Trump and Brexit campaigns.

    The NYT/Observer reports relied on interviews with six former employees and contractors plus a review of the firm’s emails and documents.
    One such source was whistleblower Christopher Wylie, who worked with Cambridge University professor Aleksandr Kogan to obtain the data.
    The Observer quoted Wylie:

    We exploited Facebook to harvest millions of people’s profiles.
    And built models to exploit what we knew about them and target their inner demons.
    That was the basis the entire company was built on.

    Cambridge did so, the newspapers reported, because it had a $15 million investment from Mercer burning a hole in its pocket.
    Cambridge wanted to woo Steve Bannon with a tool to identify American voters’ personalities and to influence behavior, but it first needed data to flesh out that tool.
    So it took Facebook users’ data without their permission, according to the newspapers.

    They called it “one of the largest data leaks in the social network’s history” – one that allowed Cambridge to “exploit the private social media activity of a huge swath of the American electorate, developing techniques that underpinned its work on President Trump’s campaign in 2016.”

    Not surprisingly, Facebook immediately pushed back against the characterization of a massive data leak in an update to its initial announcement of the suspensions.
    It said that the data got out not through a leak but because some 270,000 Facebook users willingly signed up for a Facebook personality test called thisisyourdigitallife that billed itself as “a research app used by psychologists.”

    The claim that this is a data breach is completely false.
    Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent.
    People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.

    Source and more info:
    Facebook loses control of 50 million users’ data, suspends analytics firm

    Windows 7 Monthly Rollup Update KB4088875 Causes Network Adapter Issues

    March 16, 2018

    Ghost NIC might be created after installing the update

    This month’s Patch Tuesday rollout is slowly proving to be quite a fiasco, as more reports seem to be pointing to issues with the updates Microsoft published for Windows devices.

    After Windows 10 cumulative updates KB4088787 and KB4088776 showed signs of failed installs, it’s now the turn of the Windows 7 monthly rollup to cause problems, this time in a pretty different way.

    There are reports that installing KB4088875,and the security-only update KB4088878 remove or break down virtual Network Interface Cards (NICs), and in some cases, they delete the static IP address configuration.
    The update also creates a ghost NIC on some systems, according to this reddit discussion.

    KB4088875 is available for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, and the issues mentioned above are said to be experienced on both OS versions.

    One reddit user says that removing the ghost NICs returns systems to full functionality and adding new ones without first deleting these greyed-out entries would only cause conflicting IPs.

    Meltdown and Spectre fixes

    Delaying KB4088875 and the security-only update doesn’t really seem to be an option since they bring quite critical patches for Windows 7 systems.
    They include new Meltdown and Spectre protections, as well as security updates for Internet Explorer, the Windows Shell, Windows Installer, and the Windows Kernel.

    Microsoft is aware of four different issues with this monthly rollup for Windows 7, including a BSOD occurred when the update is installed on a 32-bit system with the Physical Address Extension (PAE) mode disabled.

    Microsoft is working on fixing this issue, and this update is, therefore, currently made available to machines with the Physical Address Extension (PAE) mode enabled,” the firm says.

    We’re seeing reports that KB4088787 is no longer being offered via Windows Update, but we can’t confirm this just yet. If this is the case, Microsoft could be aware of the problem and the company temporarily halted the update until a fix is released.


    13 flaws found in AMD processors, AMD given little warning

    March 15, 2018

    CTS-Labs of Israel claims it found 13 critical vulnerabilities in AMD processors, and gave AMD only 24 hours notice before disclosing them.

    It’s probably a good thing AMD didn’t rub Intel’s nose in the Meltdown and Spectre flaws too much because boy, would it have a doosy of a payback coming to it.

    A security firm in Israel has found 13 critical vulnerabilities spread across four separate classes that affect AMD’s hot new Ryzen desktop and Epyc server processors.

    However, the handling of the disclosure is getting a lot of attention, and none of it good.
    The company, CTS-Labs of Israel, gave AMD just 24 hours notice of its plans to disclose the vulnerabilities.
    Typically companies get 90 days to get their arms around a problem, and Google, which unearthed Meltdown, gave Intel six months.

    Yet CTS-Labs went through the trouble of setting up a dedicated website,, to host its findings and white papers.
    Mind you, there isn’t much for supporting evidence, just claims, and no independent verification.
    Its white paper is replete with disclaimers, like this:

    The report and all statements contained herein are opinions of CTS and are not statements of fact.
    To the best of our ability and belief, all information contained herein is accurate and reliable, and has been obtained from public sources we believe to be accurate and reliable.
    Our opinions are held in good faith, and we have based them upon publicly available facts and evidence collected and analyzed, which we set out in our research report to support our opinions.
    We conducted research and analysis based on public information in a manner that any person could have done if they had been interested in doing so.
    You can publicly access any piece of evidence cited in this report or that we relied on to write this report.
    Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports.
    Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.

    The result is CTS-Labs is getting roasted on Twitter, and rightfully so.
    The veracity of its claims will be proven in the coming days.
    Most everyone agrees, though, that CTS-Labs’ handling of the matter was awful.

    4 categories of vulnerabilities in AMD processors

    CTS-Labs classifies the four categories of the vulnerabilities as as Ryzenfall, Masterkey, Fallout, and Chimera.
    The company claims it discovered the vulnerabilities while studying what it called known backdoors in ASMedia chipsets, AMD’s third-party chipsets for Ryzen and Epyc.

    It should be noted that the Epyc chip hasn’t really come to market yet. It takes longer to launch a server than a desktop.
    Ryzen, though, has been selling very well, so desktop users are primarily at risk if these vulnerabilities all check out.

    The company claims these backdoors have existed for six years and would allow hackers to inject malicious code directly into the Platform Secure Processor (PSP), which is a separate and secure processor that provides global management functions.
    PSP is similar to Intel’s Management Engine (ME), which has also had security issues.

    Each of the four classes of vulnerabilities has several individual vulnerabilities of its own.
    Masterkey has three, including persistent malware running inside PSP, bypassing firmware security, and even doing physical damage to hardware through flash wear.

    The first three — Ryzenfall, Masterkey, and Fallout — overlap with a slew of vulnerabilities, such as accessing Windows Isolated User Mode and Isolated Kernel Mode (VTL1), direct tampering with trusted code running on AMD Secure Processor, network credential theft, bypassing Microsoft virtualization-based security (VBS), and memory-resilient malware.

    A fourth Ryzenfall error slows for arbitrary code execution on an AMD Secure Processor by bypassing firmware-based security, network credential theft and hardware damage.

    The two Chimera vulnerabilities are manufacturer backdoors, one implemented in firmware, the other in hardware.
    They allow malware to be injected into the chipset’s internal 8051 architecture processor, which links the CPU to USB, SATA, and PCI Express devices.


    Yahoo users can sue over data breaches, judge rules

    March 13, 2018

    Verizon, which now owns the web giant, sought to dismiss the case.

    Yahoo customers affected by three massive data breaches that resulted in the theft of more than three billion users’ data are allowed to sue the company, a judge has ruled.

    California judge Lucy Koh rejected a bid by Verizon, which bought the internet giant last year, to dismiss a large portion of the claims, including breach of contract, deceit and concealment, and negligence.

    At the heart of the case, Yahoo was accused of taking too long to notify users of the breaches, which put customers at risk of identity theft and fraud.
    The filing, dated Friday, cited several customers whose data was stolen by criminals and used for filing fraudulent tax returns or credit card charges.
    Other customers had to pay out to credit bureaus to freeze their accounts.

    Koh said that customers may have “taken measures to protect themselves” had they known about the breaches sooner.

    The case began in 2016 after the company admitted it was hacked in 2014, in which 500 million user accounts were stolen.

    Later in the year, the company revealed that it was hacked again — a year earlier in 2013 — in which one billion accounts were stolen.
    Yahoo later said that all its three billion users were affected by that breach.

    A separate attack on the company’s systems allowed hackers to steal portions of the company’s source code.
    Attackers used that code to generate cookies, allowing access to accounts without requiring a user’s password.


    Microsoft Admits Some Windows 10 PCs Were Accidentally Upgraded to Version 1709

    March 13, 2018

    These systems were offered the upgrade to Windows 10 Fall Creators Update despite Windows Update set to off

    Microsoft now says that it’s aware some PCs were indeed offered the upgrade to the Fall Creators Update, and adds that it all happened because of an “issue” that has already been corrected.

    Microsoft is aware that this notification was incorrectly delivered to some Windows 10 Version 1703 devices that had a user-defined feature update deferral period configured. Microsoft mitigated this issue on March 8, 2018,” the company explains.

    Users who were affected by this issue and who upgraded to Windows 10 Version 1709 can revert to an earlier version within 10 days of the upgrade.
    To do this, open Settings >> Update & Security >> Recovery, and then select Get started under Go back to the previous version of windows 10

    Upgrade pushed for security reasons

    Earlier this month, Microsoft started showing upgrade notifications on systems running the original Windows 10 version released in July 2015, Windows 10 November Update, Anniversary Update, and Creators Update.

    The company says this behavior was introduced to keep systems up to date and “ensure protection from the latest security threats,” but as I explained in the original March 9 report, some people were complaining that the upgrade was performed even though it was supposed to be blocked.

    With Microsoft getting ready to launch the Redstone 4 update, possibly called Spring Creators Update, the company has been under fire for this rather aggressive approach, especially because it was considered to be a “desperate” attempt to bring users to the latest Windows 10 version.


    Microsoft Reportedly Forcing Upgrade to Windows 10 Version 1709 on Some PCs

    March 9, 2018

    Report indicates this happens even with Windows Update turned off, without users being asked for authorization

    Back in 2015 when it rolled out Windows 10, Microsoft turned to a rather aggressive strategy to boost adoption of the operating system, including what were described as forced upgrades that deployed the new software on a number of PCs without users giving their consent.

    This reportedly happens once again, only that systems running older versions of Windows 10 are upgraded to version 1709 (Fall Creators Update), in some cases even if Windows Update is turned off.

    A story from CW citing a number of user reports indicates that the upgrade is started with “no advanced warning,” adding that the alleged forced upgrade took place on computers running Windows 10 Anniversary Update (version 1607) and Windows 10 Creators Update (version 1703).

    If Windows Update is turned off, which means that updates are automatically blocked on a specific computer, the upgrade is said to be performed with the Update Assistant.

    Upgrade notifications

    Oddly enough, Microsoft has published an advisory on March 5 which indicates that computers running Windows 10 versions older than Creators Update might see a notification stating that the latest security updates are not installed.

    While an upgrade to Fall Creators Update shouldn’t be linked to security updates, Microsoft does state that “Windows Update will then try to update the device,” but guarantees that when you receive the update notification, nothing starts until the user clicks the “Update now” button to update the device.

    Windows 10 Anniversary Update and Creators Update are still supported, which means that Microsoft is still shipping security updates to systems running any of these two versions.
    The original version of the OS and version 1511, however, have already reached end of service, and Microsoft emphasizes that it’s critical for these computers to upgrade to the latest Windows 10 release.

    Upgrading these systems without users’ consent, however, is a strategy that has already backfired for Microsoft, as the company has been sued in the past by customers whose computers installed Windows 10 without authorization.