Thanks a ton. I have seen many videos like these but this one helped me up my knowledge by large also I was glued for the entire 13mins. It has all a user needs to know. More important complicated things explained in an easy way. I liked the crowd sec mention
🔥مرشحه الرئاسه التونسيه ترد على المتطاولين على المصريين من الدول الناشئه ⭕️يا مصـــــــــرى.. لما حد يقولك انت منين ⭕️رد عليه قوله انا من البلد اللي فيها الفلسطيني والعراقي والسوري والليبي واليمني والسوداني عايشين فيها و مفيهاش مخيمات ⭕️قوله انا من البلد اللي ياما كست و علفت و لبست حافيين من غير مقابل ⭕️قوله انا من البلد اللي مفتوحه لكل اللي بيسعي ع شغل و اكل عيش مهماكانت جنسيته و من غير كفيل ⭕️قوله انا من البلد اللي حررت ارضها بدم ولادها مطلبتش من حد يموت عشان يحررها ⭕️قوله انا من البلد اللي استقبلتكم كلكم لاجئين و لما اتحرقت ف العدوان الثلاثي محدش من اهلها لجأ لحد بره حدودها ⭕️قوله انا من البلد اللي جدودها بالدهب مدفونين ..... ⭕️قوله انا من البلداللي مفيهاش عيل قفل حمام ع ابوه و خد منه الكرسي ⭕️ولا فيها ولاد منها في الصحرا "بدون" جنسية مرميين .... ⭕️قوله انا من البلد اللي آوت المسيح و امه و نصفت يوسف بعد ما اخواته فالجب رموه ⭕️قوله انا م البلد اللي شعبها كله جيش وجيشها خير جنود الارض ... ⭕️قوله انا من البلد اللي قامت فيها ثورتين ولسه اللي يلمس طرف مجدي يعقوب فيها بسنانهم ياكلوه قوله انا من مصـــــــــر ام الدنيا 🇪🇬🔥🇪🇬 ⭕️لو لم أكن تونسية لطلبت من الله أن أكون مصـــــــــريه حفظ الله مصـــــــــر 🇪🇬❤️🇪🇬Omar Hashish
@@DragoNate ThioJoe made a video about it. Basically some languages write from right-to-left instead of left-to-right as in English. To achieve right-to-left, a special character is used. This can be exploited to show fake extension of file in the display name Edit: In "properties" it will correctly show "executable" but in display name it will show different Edit: Like this text:"fdp.file.exe", an executable it will display as this(this contains the special character, you can copy it and try): ""fdp.file.exe
Actually that website was a legit Korean website, and the kakao email adress domain is like a South Korean gmail, it's the standard there. When a regular person has that it's nothing to worry about, but when a company uses that in their official email instead of a company domain it's definitely something that should set off some alarm bells.
Meanwhile in some countries, we have legit businesses, larges institution, academic orgs, and even countless government agencies proudly sporting Gmail address as their official mail.
@@jonathaningram8157 yup, almost fell for a scam involving a translation job from english to spanish, there was no malware involved but the "company" that wanted me to work at had this somewhat impressive webpage, or at least on the front-end cause most links were broken and the address was on some non-existant place in Canada.
Lots of small businesses use Gmail as their official address. Large businesses have the option to have Google host the e-mail for their domain, either on the GMail platform or just in the cloud.@@NopWorks
@@kingofstrike1234 windows isn't showing it as those files, that's what the scammer has told the system it looks like. you can also make "windows show it as" another file type by putting .pdf before the .scr - if file extensions are hidden, you'll think it's a pdf. but that isn't windows' fault. and believe me, i'll criticize windows and complain about it for every little tiny thing.
I wonder what the thinking was behind letting SCR files have all the privileges, reminds me of Visual Basic scripts in Word and font preview pane in Explorer. What was the developers thinking; wouldn't it be nice if you could install a screen saver from Word and then let that screen saver create an admin account. Some of the weaknesses in Windows stems from Windows 1.0, and I'm guessing most of the code. That's a joke but I'm also kinda serious. It makes sense because the developers lived through the hippie era, peace & love (maaan).
As many people pointed out already, that's Korean not Japanese. Here's a quick way to tell CJK (Chinese, Japanese, Korean) characters apart for all English speaker out there. A) If it has lots of circle, it's Korean. B) If it has lots of line and square and the character looks "blocky" and "complicate", that's Chinese. C) If it's not of the first two and it has lots of curvy character mixed in with some square and line, that's Japanese. The Chinese and Japanese is a bit tricky because Japanese do mix character from Chinese (Kanji) in their language. However, the Japanese character will standout from the Chinese one, they will look less "blocky" and "less complicated" and has lots of curve line. Hope you learn something new!
Chinese characters have lot of corners and less curves, japanese characters have frequent curves. Japanese looks like it is in Comic Sans by default Edit: About japanese, there are 3 systems(?), Hiragana(like あ) has frequent curves, Katakana has less curves. But both look like Comic Sans to me. These two are most popular.
@@abhisheksinghsolanki3750I absolutely do not understand why Chinese insist on writing their characters in sharp angled & outdated looking font when Japanese already moved on to a tidier font that's easier on the eyes, even though they share lots of the characters.
Japanese have actually three character sets. They derive more complex Concepts with Chinese characters and they use syllabaries to phonetically spell out words. One syllabary for Japanese words is hiragana. For foreign words they use katakana. Katakana is much more sharp and angular looking whereas hiragana has much more rounded curves to the letter forms.
I've been having the exact same email myself (amongst many similar others) , I swiftly block and delete.. another great informative video. keep these up )
I was already aware of this information partially in thanks to your channel, but it is always good to be reminded in order to stay sharp of real and ominous threats that are just a single click and slip of the mind away.
So let me get this straight. The hackers decided to try and scam a youtube channel by the name "The PC Security Channel" and thought you were an easy target. I'd be offended!!
they were hoping he'd be caught off guard. Jim Browning, the guy most famous for scambaiting and shutting down entire scam operations, fell victim to one last year I think having his youtube channel removed. the important thing to remember is that ANYONE can be scammed. even the people who are extremely extremely careful about security, even the best of the best who have so far never been scammed. once you think you're invulnerable, you become _more_ vulnerable.
Thank you for the video. I already knew about all this but still stuck because you go straight to the point and don't waste the viewer's time, unlike those videos where there's a 4-minute intro asking you in 15 different ways whether you were hacked before.
These are some awesome tips for someone that hasn't seen a piece of malware that mimics a pdf. I did an incident response scenario for the first time and kept seeing that MZ on the malicious files and sad to say I didn't know that about pexe files but I knew it was malicious.
Bottom line - 1. enable “show file extension” in explorer. 2. Don’t run files with extensions such as exe com scr bat files unless you known what they actually are.
We will be doing a live discord event tomorrow associated with this video, feel free to join in here: discord.com/invite/MgBm5sy9?event=1136673606273871983
Hey is there a video or link with all of the tools you use? If not, would you do a video showing us all the tools you use and links where to download them?
From the privacy perspective it's nice to see that Google has problems with scanning big files. Also using a pdf icon as an icon for an executable is very smart I never thought about how easy that could be done (probably because I never made actual maleware, If I would would have to think about the icon at some point).
It's not that it has problems is that they won't place the resources on scanning random files that are too big because that costs money, they still archive and store copies of your data anyway.
With regard to the 600 megabytes of all zeros. It seems to me that if you zip the 650 mb, file it would compress down to about the actual code size. This extreme compression could give a big clue about what the heck it is.
Yeah. But antimalware solutions don't do this because you still have to read the entire file and count up all those zeroes in order to compress it down, and it would take a long time and CPU horsepower the user might actually want. And even if you did, malware makers could just replace the filler pattern with anything else that happens to compress well. Now, if an AV could check inside already compressed files and perform the analysis without resorting to decompression, eg, by applying the compression to its own malware database and checking compressed patterns against compressed patterns, maybe you could get somewhere. Encrypted files would throw all of that work out the window, though. But when the user types in the password to decrypt the file, that gives the AV the opportunity to intercept the file's password in memory and analyze the file before the user has the chance to decompress, let alone execute it. This is in no way trivial, as you would need specialized versions of all the heuristics, reengineered to work with compressed data directly. And you would need to do this for every major compression format out there. Fortunately as all lossless compression formats are wholly deterministic, it is at least theoretically possible to do this. I doubt any AVs would, though. It'd be pretty costly and difficult to do this, let alone maintain and support.
@@3lH4ck3rC0mf0r7 you said ' by applying the compression to its own malware database and checking compressed patterns', that's not how signatures work, signatures are a set of rules
Nope, not for log files! I've seen gigabytes of system log get crushed into a 12 meg ball, since 99.9% of the text is identical, it can get pretty small by only keeping one copy of the recurring lines, and just counting the number of times it repeats!
@@3lH4ck3rC0mf0r7 7zip only takes up 5MB (~4 compressed), and while there are probably (commonish) formats it doesn't know what to do with, it also has 1 MB of translations, and likely other code it doesn't need to decompress files. Computers are also ridiculously fast now, so the overhead should be readily available without the user noticing.
This is helpful. I've always wanted to touch into analyzing files to check if they're malicious. Having this in the back of my head will probably be helpfull if employees call in with suspicious files
Hi Leo, as far as I know on a lot of the antiviruses you can tweak the setting of the size of files you're scanning. This way the scanner can look at what's inside zip file at any size.
@@seinodernichtsein8710sadly, no, since Defender is designed to be a product for all users, even those who know almost nothing about computers, and don't even know they need and should want protection - which is why you can't really customize anything. It's basically a set and forget program, but without the "set" part.
Great video as always. As to the people who says you go to in depth and would never do some of the things you show doing your videos, well then they shouldn't watch these videos! Leo you are here to educate and impart some of your knowledge and experience to help "The lay people" (i.e. me) understand a little more about cybersecurity. Secondly, to impart some experience and provide examples of real life threats to students of Cybersecurity and Network Administrators. I am treating this as a hobby while learning to strengthen my own families' Cybersecurity posture. So Thanks for all you do Leo. Also with regards to ChatGPT, yeah thanks! Seems like the unintended (or maybe intentional) consequence of its creation is to help cyber criminals. :(
Dealing with the aftermath is hard, I wish this video was watched earlier. The one thing that will be with me constantly is the daily hacking attempts each and every day forcing me to reset password every day. 2fa, Ubikey and Linux OS is a start
Would be nice with a antivirus comparison of the 658MB file. E.g. how does kapersky, eset etc handle the file when it’s downloaded and also when it is executed.
sir, everyone is vulnerable, even yourself as an expert in this field. please do not get cocky. you are extremely knowledgeable in this field, you know your $h!t and you are much much less susceptible to basic attempts, absolutely. but every time i hear someone say "this doesn't work on me" or something similar, it ends up happening to them shortly after.
@@keepanopenmindlookatallthe2540 setup some script that automatically copies them somewhere or sends them idk but that might also do nothing, waste resources, be unreliable. never tried it.
@mcdazz2011 And whether it really wants to prompt the administrator dialog (suspicious) instead of just phishing your MetaMask credentials while staying sneakily in userspace.
to make it obvious since it was not clearly stated. do not doubbleclick to run files / scripts from unkown sources. since this is what they want. always when you recieve files like this think first about what it truly is. the default application is what "they" want their script to run with.
Does it? Because I see this and am thankful that it's still so obvious. If you spend 30 seconds looking for the common red flags, scams like this aren't all that clever. Hell, just the fact an agreement form is 600+ MB should make anyone with basic computer knowledge pause. Then of course it's titled "Kappa" which is a very common meme these days indicating a troll or sarcasm. I wouldn't expect everyone to know that but a quick Google search would point this out immediately. The acceptable email formatting is really the only significant improvement I see. Everything else isn't much better than it was a decade ago.
@@JJFX- For boring, irrelevant geezers such as I, for my email, it's "Select All" and then "Delete." Not really an issue. Being irrelevant, it's safe for me to assume that all my emails are irrelevant. The phones sit in a drawer somewhere, their SIM cards removed and discarded from disuse. Keeps the phones at bay yet out of landfills. Can't legally chuck a phone out, so mine are good for watching UA-cam and listening to music. I do not envy the people for whom their phones are their lives...
@@jimcabezola3051 I hear you, honestly that's a good way to do it if you have reason to believe most email isn't relevant. I'm not the freshest fruit on the vine either, I'm simply saying that it's not as cunning as this video may make it seem. Even if you get an email from an old friend you recognize, just don't download anything without looking for obvious indicators. Picture and videos are typically safe to at least view in a browser but approach anything requiring a download with skepticism. What you're doing with old phones is great. I wish more people wouldn't use their primary devices for everything. Just make sure the browsers aren't horribly outdated and avoid clicking anything requesting access like notifications. Just never login to critical accounts on a device with questionable security but it sounds like you're already more careful than most people. Believe it or not, computers these days aren't as dangerous as they seem. Most exploits require some participation on your part beyond just visiting sites or even downloading something. Simply avoiding as much of it as possible is actually more secure than installing a bunch of anti-virus programs.
If I received an unsolicited email from an unknown sender, I'd immediately delete it. On top of that, if the attachment was any bigger than a 1 or 2 Mb and didn't have an ext that I would expect like in this case a pdf - I'd be even more suspicious. Even then, sending a contract without even contacting you directly to discuss the matter is very odd, setting off even more red flags and alarms! The danger is if you are busy and wading through tons of email. The best first line of defense and safeguard would be to use a mail filtering gateway like mimecast. They would pick up and flag 99.9% of all questionable incoming mail and hold all email from unknown sources - prior to release.
Well even for a layman, rule of thumb is if an agreement document is 600+ mb while it should be 20 megs tops (and that's generous) - somethings up. Simple rule to follow
@@pch_mechanika Have you ever worked in IT support or provided tech support to people? You would be surprised at the amount of stuff regular computer users don't understand about technology.
i wish i saw this video around a week ago when i stupidly downloaded and ran malware... my instagram acc was completely stolen, discord sent malicious link and DC disabled my account permanently without giving me a chance to copy down some of my friends i don't have any other way of contacting, money taken from my account, someone buying gift cards from amazon from my account, constant attempts to login to my microsoft account, facebook account, multiple places i had subscriptions with blocked my accounts due to suspicious/ unusual activities :') All this happening not too long after i lost my job so... yeah. This video would have saved me big time. But it's too late now.
@Patience-mj8hl So I had no choice and had to just clean my PC entirely. Then I just changed all my passwords and so far I think it's fine although I need to cancel my current bank card...
My mom's channel got hacked one time. They posted a bunch of crypto scam videos (not the Elon Musk ones,) but I was able to save her channel and delete the videos posted by the hackers.
Thanks my friend, unfortunately this has NOTHiNG to be new. It is a very old and basic method that exist for more than 10years already. I have being doing this since and way more analyzing since 2012. Still..its a good video to show the only first very easy steps into the process of analyzing completely a file execution stages.
Heavily obfuscated / self written malware usually not getting detected in one drive or any other drive / cloud services... All in all still a good example!
Probably bulk-sent to a bunch of UA-camr's email. Doesn't take too long for a less tech-savvy channel to fail for it. Thankfully, they sent it to the wrong channel here, once a a malware analyst make a video about it, more channel are going to be aware of it.
This shows one of the fundamental weaknesses of the Windows operating system, which misses the most basic tools people have been using for 40+ years. macOS for example is based upon BSD and BSD, like Linux, like any UNIX like operating system ships with a tool named "file" and if you are unsure about the type of a file, you open a terminal window and type "file " and then drag a file into that window and hit return and the file tool is going to tell you exactly what kind of file that is. It's not using the file extension, the name, or the icon for that, it just looks into the file to figure that out. And trust me, it can tell an executable program apart from a PDF file and it will tell you that.
Why don't these anti-virus's see if the file is full of empty space? If we can manually check to see where the tail end is, I'm sure an AV could as well. Then It could truncate it and scan it as needed.
8:20 "I recommend having a good real-time antivirus that's analyzing your processes because it's actually running on your system for real checking the actual code that's being executed" so what are some good real-time antivirus that you would suggest which work like this instead?
~4:10 The file description read as SketchUp installer? Afaik isn't that Google's CAD software? Unless there's a specific installer suite called that, it's confusing me
By the way, I have been using this method for two decades. Actually, from 1997 until today. I still use the same method. Signature was important thing.
Tech channels have been hit with this... what they need to do is have a big disclaimer when SCR files are used... "Warning, this is trying to run a screensaver program, do you want to proceed?" Should be enough to get most people... but sadly there are many people who don't bother reading a message on the screen.
The domain is THE MOST important red flag. I don't care if you are from a real PR firm. If your employer/client does not provide you with a legitimate e-mail address within his native domain, your e-mails are going straight to SPAM folder, without even reading them. What is more scary is that sometimes real/serious companies send marketing e-mails that are either badly written as if they were actually spam/phishing or embed links that point to some doggy looking domains, or both. Those e-mails make it somewhat hard to judge if the e-mails are real or somehow fake. Of course any attachment with a fake extension is an immediate red-flag, no matter what the e-mail domain is but a word/excel/pdf file could be a real dilemma and a threat that is hard to asses on the spot.
I think you should have had a bit at the end showing where to get those tools and how to know if they are the legit versions. And mention at the start that you’ll give those instructions at the end.
Changing a single value, Microsoft could greatly reduce the success rate of these attacks, but file extensions are just too unsightly to be visible by default.
lol, a 700mb scr file, also she signed the email, PR Manager Sarah. Most people would put their title after and most likely under their name in a corporate email. Nice video
The easiest way is to check that when ure downloading, usually site will show u the file extension. Just be careful if anything is not .pdf. If download site only shows .pdf and when downloaded to PC if u see a visible .pdf on the file and u never touch any show extension setting before then u have to be careful, open property and see the actual extension.
I am not trying to mock or criticize a person for not recognizing a Korean company or Korean characters. I just want to provide additional information and correct the information 😂
If the virus is sending the info to a server somewhere would it be possible to find the endpoint and spam it with real looking but completely fake data?
I never use windows for email and I’ve never read a spam or scam get me - it never formsts or looks right on iPhones mail app and makes it easy to spot.
That email sounds like ai generated, because I use gpt to generate email templates to modify, the use of “high sprit” in that first sentence is really common in gpt generated email. Which also explains why the format was so good too.
Likely upload speed. It would have to send 600+ mb to defender's servers before it can even start scanning. Assuming a 3 MB/s upload speed, it would take about 5 seconds to upload realistically, a 600mb file would take over 3 minutes which by then they would have probably clicked it already.
we need to reestructure the way we interact with file execution / command execution. We need a persistent shield watching the onmouse over and onmouseclick events, not allowing user to "execute" a command, before the destination of that "click" to be scanned. I was trying to implement a python-based resident shield that disables all execution commands at startup and only allows the click, after checking its after events. Tried to manage the virustotal api to do the hard work. Im still developing it, hard, but on the go
I download movies online, and there is a lot of invasive adds, I'm afraid some of those may be virus. Can I get hacked that way? Could you make a video about it?
1:07 dude, even if don't know hangul, the translation pop up literally said "Korean". Also no, kakao is not some weird Korean website. It's a big website in Korea.
When you opened the file with Process Explorer, it didn't show up, so it means that there might be viruses on a PC and even with Process Explorer it's difficult to detect them? I am new to this so sorry for this "nooby" question. Yesterday I did a full scan on my PC with Windows Defender and tried to look for malicious files in Process Explorer and found nothing. Now I ain't sure if my computer is clean because of this...
Well, the simplest way to avoid getting hacked is this: do not open ANY files received from ANYONE (blanket rule), unless you have confirmed via other In Real Life methods (phone-call, live meeting, etc) that those files are sent by trusted people and they MUST be opened for some mysterious reasons. Free advice, enjoy!
Thanks a ton. I have seen many videos like these but this one helped me up my knowledge by large also I was glued for the entire 13mins. It has all a user needs to know. More important complicated things explained in an easy way. I liked the crowd sec mention
...And he still made money from the sponsorship :)
@@abrendtrosmart man
🔥مرشحه الرئاسه التونسيه ترد على المتطاولين على المصريين من الدول الناشئه
⭕️يا مصـــــــــرى.. لما حد يقولك انت منين
⭕️رد عليه قوله انا من البلد اللي فيها
الفلسطيني والعراقي والسوري والليبي واليمني والسوداني عايشين فيها و مفيهاش مخيمات
⭕️قوله انا من البلد اللي ياما كست و علفت
و لبست حافيين من غير مقابل
⭕️قوله انا من البلد اللي مفتوحه لكل اللي بيسعي ع شغل و اكل عيش مهماكانت جنسيته و من غير كفيل
⭕️قوله انا من البلد اللي حررت ارضها بدم ولادها مطلبتش من حد يموت عشان يحررها
⭕️قوله انا من البلد اللي استقبلتكم كلكم لاجئين و لما اتحرقت ف العدوان الثلاثي محدش من اهلها لجأ لحد بره حدودها
⭕️قوله انا من البلد اللي جدودها بالدهب مدفونين .....
⭕️قوله انا من البلداللي مفيهاش عيل قفل حمام ع ابوه و خد منه الكرسي
⭕️ولا فيها ولاد منها في الصحرا "بدون" جنسية مرميين ....
⭕️قوله انا من البلد اللي آوت المسيح و امه
و نصفت يوسف بعد ما اخواته فالجب رموه
⭕️قوله انا م البلد اللي شعبها كله جيش وجيشها خير جنود الارض ...
⭕️قوله انا من البلد اللي قامت فيها ثورتين ولسه اللي يلمس طرف مجدي يعقوب فيها بسنانهم ياكلوه
قوله انا من مصـــــــــر ام الدنيا 🇪🇬🔥🇪🇬
⭕️لو لم أكن تونسية لطلبت من الله أن أكون مصـــــــــريه
حفظ الله مصـــــــــر 🇪🇬❤️🇪🇬Omar Hashish
"Japanese website"
All that geekiness and still can't differentiate languages. Lmao
@@chrisdawson1776 Its like he only knows the things he knows, i know, unfathomable.
And this is why Windows shouldn't hide file extensions by default.
Even this can bypassed(kinda) by using text-inverter characters
and this is why you should avoid windows altogether
@@abhisheksinghsolanki3750 how so?
@@DragoNate ThioJoe made a video about it. Basically some languages write from right-to-left instead of left-to-right as in English. To achieve right-to-left, a special character is used. This can be exploited to show fake extension of file in the display name
Edit: In "properties" it will correctly show "executable" but in display name it will show different
Edit: Like this
text:"fdp.file.exe", an executable
it will display as this(this contains the special character, you can copy it and try): ""fdp.file.exe
makes me mad that windows is moving to be like macos w none of its benefits and all of its downsides
Actually that website was a legit Korean website, and the kakao email adress domain is like a South Korean gmail, it's the standard there. When a regular person has that it's nothing to worry about, but when a company uses that in their official email instead of a company domain it's definitely something that should set off some alarm bells.
Meanwhile in some countries, we have legit businesses, larges institution, academic orgs, and even countless government agencies proudly sporting Gmail address as their official mail.
But now with chat gpt it would be quite easy to create a fake website filled with company infos etc.
@@jonathaningram8157 yup, almost fell for a scam involving a translation job from english to spanish, there was no malware involved but the "company" that wanted me to work at had this somewhat impressive webpage, or at least on the front-end cause most links were broken and the address was on some non-existant place in Canada.
Probably the email has been spoofed
Lots of small businesses use Gmail as their official address. Large businesses have the option to have Google host the e-mail for their domain, either on the GMail platform or just in the cloud.@@NopWorks
In case anyone's curious why Screensaver files are executables: they're not videos, they're programs that run in real time on your pc
just think it as a script, but even so the windows name / icon formatting is kinda bad by showing as pdf, xls, etc
@@kingofstrike1234 windows isn't showing it as those files, that's what the scammer has told the system it looks like.
you can also make "windows show it as" another file type by putting .pdf before the .scr - if file extensions are hidden, you'll think it's a pdf.
but that isn't windows' fault. and believe me, i'll criticize windows and complain about it for every little tiny thing.
I wonder what the thinking was behind letting SCR files have all the privileges, reminds me of Visual Basic scripts in Word and font preview pane in Explorer. What was the developers thinking; wouldn't it be nice if you could install a screen saver from Word and then let that screen saver create an admin account.
Some of the weaknesses in Windows stems from Windows 1.0, and I'm guessing most of the code. That's a joke but I'm also kinda serious. It makes sense because the developers lived through the hippie era, peace & love (maaan).
Oh wow, this one actually makes me feel old. 😢
@@uniktbrukernavnexactly. why did the devs decide to let a screensaver file's code have basically the same power as a normal programming language?
As many people pointed out already, that's Korean not Japanese. Here's a quick way to tell CJK (Chinese, Japanese, Korean) characters apart for all English speaker out there. A) If it has lots of circle, it's Korean. B) If it has lots of line and square and the character looks "blocky" and "complicate", that's Chinese. C) If it's not of the first two and it has lots of curvy character mixed in with some square and line, that's Japanese. The Chinese and Japanese is a bit tricky because Japanese do mix character from Chinese (Kanji) in their language. However, the Japanese character will standout from the Chinese one, they will look less "blocky" and "less complicated" and has lots of curve line. Hope you learn something new!
Bookmark comment later
Chinese characters have lot of corners and less curves, japanese characters have frequent curves. Japanese looks like it is in Comic Sans by default
Edit: About japanese, there are 3 systems(?), Hiragana(like あ) has frequent curves, Katakana has less curves. But both look like Comic Sans to me. These two are most popular.
@@abhisheksinghsolanki3750"Japanese looks like comic sans by default" is a great way to put it!
@@abhisheksinghsolanki3750I absolutely do not understand why Chinese insist on writing their characters in sharp angled & outdated looking font when Japanese already moved on to a tidier font that's easier on the eyes, even though they share lots of the characters.
Japanese have actually three character sets. They derive more complex Concepts with Chinese characters and they use syllabaries to phonetically spell out words. One syllabary for Japanese words is hiragana. For foreign words they use katakana. Katakana is much more sharp and angular looking whereas hiragana has much more rounded curves to the letter forms.
I've made some pretty suboptimal PDFs in my time, but 600+ mb for a PDF would be a huge warning bell for me.
I've been having the exact same email myself (amongst many similar others) , I swiftly block and delete.. another great informative video. keep these up )
I was already aware of this information partially in thanks to your channel, but it is always good to be reminded in order to stay sharp of real and ominous threats that are just a single click and slip of the mind away.
So let me get this straight. The hackers decided to try and scam a youtube channel by the name "The PC Security Channel" and thought you were an easy target. I'd be offended!!
they were hoping he'd be caught off guard.
Jim Browning, the guy most famous for scambaiting and shutting down entire scam operations, fell victim to one last year I think having his youtube channel removed.
the important thing to remember is that ANYONE can be scammed. even the people who are extremely extremely careful about security, even the best of the best who have so far never been scammed.
once you think you're invulnerable, you become _more_ vulnerable.
"You only have to lose once."
I mean... it would be very ironic wouldn't it?
Like Linus Tech Tips?
@@randompost78154 theres a video about that on this channel
Thank you for the video. I already knew about all this but still stuck because you go straight to the point and don't waste the viewer's time, unlike those videos where there's a 4-minute intro asking you in 15 different ways whether you were hacked before.
I love this channel. As someone starting my bachelors in cybersecurity I love learning about this.
Exactly the Same over here bro!
I love your videos, TPSC! Keep them up!
Kakao is Korean. Its like Whatsapp.
Kakao - when roasted, makes tasty chocolate 🤭🙄I'll see myself out...😋
Thank a million 👍🏻. As someone currently studying cyber security. This video is actually helpful.
These are some awesome tips for someone that hasn't seen a piece of malware that mimics a pdf. I did an incident response scenario for the first time and kept seeing that MZ on the malicious files and sad to say I didn't know that about pexe files but I knew it was malicious.
Great Tips! For someone who isnt into Tech, these are good Tips and examples. I really appreciate this Video!!!
Ah yes.. I love opening screensaver files.
Me omw: to open a .scr file thats about 500mb
@@Freegame4.Don't worry guys it's just a really cool screensaver!
So you have chosen death.
instructions unclear, i hacked the hacker instead
Your voice is so calming I fell asleep to it and missed a day in my Duolingo streak
Bottom line -
1. enable “show file extension” in explorer.
2. Don’t run files with extensions such as exe com scr bat files unless you known what they actually are.
We will be doing a live discord event tomorrow associated with this video, feel free to join in here: discord.com/invite/MgBm5sy9?event=1136673606273871983
Hey is there a video or link with all of the tools you use? If not, would you do a video showing us all the tools you use and links where to download them?
they tried to hack the wrong man
The sudo command didn't work, but I just asked ChatGPT to give me instructions on how to install the sudo command and WSL
Bruh, I can’t be there 😫😩 - By Juls
Can we get hacked by a pdf file?
From the privacy perspective it's nice to see that Google has problems with scanning big files. Also using a pdf icon as an icon for an executable is very smart I never thought about how easy that could be done (probably because I never made actual maleware, If I would would have to think about the icon at some point).
It's not that it has problems is that they won't place the resources on scanning random files that are too big because that costs money, they still archive and store copies of your data anyway.
pdf icon is the oldest trick in the book
@@ieatthighsfr imagine pdf icon doc.exe no one falling for that
Why is it nice that google has problems with scanning big files?
@@SqualidsargeStudios they won't gather info about your files
This channel is basically a public utility for youtubers specially
With regard to the 600 megabytes of all zeros.
It seems to me that if you zip the 650 mb, file it would compress down to about the actual code size.
This extreme compression could give a big clue about what the heck it is.
Yes, it would encode the number of zeros it was removing, you are correct
Yeah. But antimalware solutions don't do this because you still have to read the entire file and count up all those zeroes in order to compress it down, and it would take a long time and CPU horsepower the user might actually want.
And even if you did, malware makers could just replace the filler pattern with anything else that happens to compress well. Now, if an AV could check inside already compressed files and perform the analysis without resorting to decompression, eg, by applying the compression to its own malware database and checking compressed patterns against compressed patterns, maybe you could get somewhere. Encrypted files would throw all of that work out the window, though. But when the user types in the password to decrypt the file, that gives the AV the opportunity to intercept the file's password in memory and analyze the file before the user has the chance to decompress, let alone execute it.
This is in no way trivial, as you would need specialized versions of all the heuristics, reengineered to work with compressed data directly. And you would need to do this for every major compression format out there. Fortunately as all lossless compression formats are wholly deterministic, it is at least theoretically possible to do this. I doubt any AVs would, though. It'd be pretty costly and difficult to do this, let alone maintain and support.
@@3lH4ck3rC0mf0r7 you said ' by applying the compression to its own malware database and checking compressed patterns', that's not how signatures work, signatures are a set of rules
Nope, not for log files!
I've seen gigabytes of system log get crushed into a 12 meg ball, since 99.9% of the text is identical, it can get pretty small by only keeping one copy of the recurring lines, and just counting the number of times it repeats!
@@3lH4ck3rC0mf0r7 7zip only takes up 5MB (~4 compressed), and while there are probably (commonish) formats it doesn't know what to do with, it also has 1 MB of translations, and likely other code it doesn't need to decompress files.
Computers are also ridiculously fast now, so the overhead should be readily available without the user noticing.
This is helpful. I've always wanted to touch into analyzing files to check if they're malicious. Having this in the back of my head will probably be helpfull if employees call in with suspicious files
I had an AI generate a couple videos for me on that exact topic.
Love the channel, thank you for all the knowledge
Hi Leo, as far as I know on a lot of the antiviruses you can tweak the setting of the size of files you're scanning. This way the scanner can look at what's inside zip file at any size.
That’s neat. Do you know if this works on windows defender?
@@seinodernichtsein8710sadly, no, since Defender is designed to be a product for all users, even those who know almost nothing about computers, and don't even know they need and should want protection - which is why you can't really customize anything. It's basically a set and forget program, but without the "set" part.
Hmmm. This comment shows 5 replies. But when I open it up there's only one. Plus mine if it shows up.
@@henryD9363 you should see comments by @seinodernichtsein8710 and me ( @the-Gammaron )
@@henryD9363 tell me if you see my other 2 comments (you can type random letters if you wanna)
Great video as always. As to the people who says you go to in depth and would never do some of the things you show doing your videos, well then they shouldn't watch these videos! Leo you are here to educate and impart some of your knowledge and experience to help "The lay people" (i.e. me) understand a little more about cybersecurity. Secondly, to impart some experience and provide examples of real life threats to students of Cybersecurity and Network Administrators. I am treating this as a hobby while learning to strengthen my own families' Cybersecurity posture. So Thanks for all you do Leo.
Also with regards to ChatGPT, yeah thanks! Seems like the unintended (or maybe intentional) consequence of its creation is to help cyber criminals. :(
Shoutout to Japanese, my favorite Korean language of all time
Dealing with the aftermath is hard, I wish this video was watched earlier. The one thing that will be with me constantly is the daily hacking attempts each and every day forcing me to reset password every day. 2fa, Ubikey and Linux OS is a start
Would be nice with a antivirus comparison of the 658MB file. E.g. how does kapersky, eset etc handle the file when it’s downloaded and also when it is executed.
YES. this is what I was thinking while watching the video. How would Kaspersky deal with this?
anyone?
got answered ?
@@defnotatrollit force deletes it 😉
Found your channel today, Really enjoying it!
sir, everyone is vulnerable, even yourself as an expert in this field. please do not get cocky. you are extremely knowledgeable in this field, you know your $h!t and you are much much less susceptible to basic attempts, absolutely. but every time i hear someone say "this doesn't work on me" or something similar, it ends up happening to them shortly after.
Exactly, people are not everytime the same, sometimes unconcentrated, tired etc.
@@Bigmike83007 depression or too frustrated to think clearly as well - many many things
One of the best smartest guys around. Thanks even aged techs guys like me can still learn something new
Also that’s why you enable all the eventlogs audit logging. If you parse those logs you’ll get a very detailed idea about what happened.
Ransomware deletes event logs after the dirty deed is done.
@@keepanopenmindlookatallthe2540 setup some script that automatically copies them somewhere or sends them idk
but that might also do nothing, waste resources, be unreliable. never tried it.
@mcdazz2011 And whether it really wants to prompt the administrator dialog (suspicious) instead of just phishing your MetaMask credentials while staying sneakily in userspace.
to make it obvious since it was not clearly stated. do not doubbleclick to run files / scripts from unkown sources. since this is what they want. always when you recieve files like this think first about what it truly is. the default application is what "they" want their script to run with.
Thanks for sharing. A very helpful and clear explanation of what the scammers are up to.
This makes me want to get rid of all my email accounts and throw out my phones... Mahalo for bringing all this to our attention.
Does it? Because I see this and am thankful that it's still so obvious. If you spend 30 seconds looking for the common red flags, scams like this aren't all that clever. Hell, just the fact an agreement form is 600+ MB should make anyone with basic computer knowledge pause. Then of course it's titled "Kappa" which is a very common meme these days indicating a troll or sarcasm. I wouldn't expect everyone to know that but a quick Google search would point this out immediately.
The acceptable email formatting is really the only significant improvement I see. Everything else isn't much better than it was a decade ago.
@@JJFX- For boring, irrelevant geezers such as I, for my email, it's "Select All" and then "Delete." Not really an issue. Being irrelevant, it's safe for me to assume that all my emails are irrelevant. The phones sit in a drawer somewhere, their SIM cards removed and discarded from disuse. Keeps the phones at bay yet out of landfills. Can't legally chuck a phone out, so mine are good for watching UA-cam and listening to music. I do not envy the people for whom their phones are their lives...
@@jimcabezola3051 I hear you, honestly that's a good way to do it if you have reason to believe most email isn't relevant. I'm not the freshest fruit on the vine either, I'm simply saying that it's not as cunning as this video may make it seem. Even if you get an email from an old friend you recognize, just don't download anything without looking for obvious indicators. Picture and videos are typically safe to at least view in a browser but approach anything requiring a download with skepticism.
What you're doing with old phones is great. I wish more people wouldn't use their primary devices for everything. Just make sure the browsers aren't horribly outdated and avoid clicking anything requesting access like notifications. Just never login to critical accounts on a device with questionable security but it sounds like you're already more careful than most people.
Believe it or not, computers these days aren't as dangerous as they seem. Most exploits require some participation on your part beyond just visiting sites or even downloading something. Simply avoiding as much of it as possible is actually more secure than installing a bunch of anti-virus programs.
@@jimcabezola3051
You're not irrelevant, love yourself NOW!
If I received an unsolicited email from an unknown sender, I'd immediately delete it. On top of that, if the attachment was any bigger than a 1 or 2 Mb and didn't have an ext that I would expect like in this case a pdf - I'd be even more suspicious. Even then, sending a contract without even contacting you directly to discuss the matter is very odd, setting off even more red flags and alarms!
The danger is if you are busy and wading through tons of email. The best first line of defense and safeguard would be to use a mail filtering gateway like mimecast. They would pick up and flag 99.9% of all questionable incoming mail and hold all email from unknown sources - prior to release.
Well even for a layman, rule of thumb is if an agreement document is 600+ mb while it should be 20 megs tops (and that's generous) - somethings up.
Simple rule to follow
I agree, but you're assuming a layman understands file sizes. A lot of people don't understand it and don't care to do so.
@@JJFlores197 srsly???... i guess my definition of a layman was to generous ;-/
@@pch_mechanika Have you ever worked in IT support or provided tech support to people? You would be surprised at the amount of stuff regular computer users don't understand about technology.
From this video. How to exact without downloading?
i wish i saw this video around a week ago when i stupidly downloaded and ran malware... my instagram acc was completely stolen, discord sent malicious link and DC disabled my account permanently without giving me a chance to copy down some of my friends i don't have any other way of contacting, money taken from my account, someone buying gift cards from amazon from my account, constant attempts to login to my microsoft account, facebook account, multiple places i had subscriptions with blocked my accounts due to suspicious/ unusual activities :') All this happening not too long after i lost my job so... yeah. This video would have saved me big time. But it's too late now.
@Patience-mj8hl So I had no choice and had to just clean my PC entirely. Then I just changed all my passwords and so far I think it's fine although I need to cancel my current bank card...
My mom's channel got hacked one time. They posted a bunch of crypto scam videos (not the Elon Musk ones,) but I was able to save her channel and delete the videos posted by the hackers.
Thanks!
Thanks my friend, unfortunately this has NOTHiNG to be new. It is a very old and basic method that exist for more than 10years already.
I have being doing this since and way more analyzing since 2012.
Still..its a good video to show the only first very easy steps into the process of analyzing completely a file execution stages.
Thank you. This was quite useful when just dipping your toes into security.
Heavily obfuscated / self written malware usually not getting detected in one drive or any other drive / cloud services... All in all still a good example!
Funny, Atomic Shrimp uploaded a video today that also had this scam briefly mentioned. Thanks for sharing!
Probably bulk-sent to a bunch of UA-camr's email. Doesn't take too long for a less tech-savvy channel to fail for it.
Thankfully, they sent it to the wrong channel here, once a a malware analyst make a video about it, more channel are going to be aware of it.
This shows one of the fundamental weaknesses of the Windows operating system, which misses the most basic tools people have been using for 40+ years. macOS for example is based upon BSD and BSD, like Linux, like any UNIX like operating system ships with a tool named "file" and if you are unsure about the type of a file, you open a terminal window and type "file " and then drag a file into that window and hit return and the file tool is going to tell you exactly what kind of file that is. It's not using the file extension, the name, or the icon for that, it just looks into the file to figure that out. And trust me, it can tell an executable program apart from a PDF file and it will tell you that.
7:00 im soooo proud of myself for understanding what you talking about
Why don't these anti-virus's see if the file is full of empty space? If we can manually check to see where the tail end is, I'm sure an AV could as well. Then It could truncate it and scan it as needed.
8:00 why does antivirus programs have size limit?
What does it take to create a solution for that so that AV's can actually scan past the 650MB limit?
that kids yay noises scared me fr in the intro section
Right off the bat, that opening line is a Chinese greeting
Likely AI used
as I put on screen, thanks Chat-GPT!
In any case, we, or at least I, don't speak like that though.
"High spirits." isn't something I'd say in an email. (Maybe that's just me.)
Amazing tutorial my friend.
8:53 How is that Google says Detected? Google drive didn't detected zip file 💀
thank you for all this info.
What a fabulous explanation.
8:20 "I recommend having a good real-time antivirus that's analyzing your processes because it's actually running on your system for real checking the actual code that's being executed" so what are some good real-time antivirus that you would suggest which work like this instead?
I can't believe you said being a cooking UA-camr is worse than being a gaming UA-camr
~4:10 The file description read as SketchUp installer? Afaik isn't that Google's CAD software? Unless there's a specific installer suite called that, it's confusing me
Very helpful video, thank you
What makes this analysis scary to do is the fact my mouse have tendency to double click on accident..
Same lol i need a new mouse
By the way, I have been using this method for two decades. Actually, from 1997 until today. I still use the same method. Signature was important thing.
Tech channels have been hit with this... what they need to do is have a big disclaimer when SCR files are used... "Warning, this is trying to run a screensaver program, do you want to proceed?" Should be enough to get most people... but sadly there are many people who don't bother reading a message on the screen.
The domain is THE MOST important red flag. I don't care if you are from a real PR firm. If your employer/client does not provide you with a legitimate e-mail address within his native domain, your e-mails are going straight to SPAM folder, without even reading them.
What is more scary is that sometimes real/serious companies send marketing e-mails that are either badly written as if they were actually spam/phishing or embed links that point to some doggy looking domains, or both. Those e-mails make it somewhat hard to judge if the e-mails are real or somehow fake.
Of course any attachment with a fake extension is an immediate red-flag, no matter what the e-mail domain is but a word/excel/pdf file could be a real dilemma and a threat that is hard to asses on the spot.
Excellent video and tutorial, thanks.
moral of the story. *Have a Hex editor*
I think you should have had a bit at the end showing where to get those tools and how to know if they are the legit versions.
And mention at the start that you’ll give those instructions at the end.
Changing a single value, Microsoft could greatly reduce the success rate of these attacks, but file extensions are just too unsightly to be visible by default.
lol, a 700mb scr file, also she signed the email, PR Manager Sarah. Most people would put their title after and most likely under their name in a corporate email. Nice video
Thank you for sharing this, super insightful and helpful. Can you please let me know what material you studied to become a malware analyst?
7:40 but shouldnt my bitdefender block i anyways?
Great informative video. Thanks
Great stuff keep up the good work
4:35 I mean, there's also polyglots and document viewer exploits, but those are too sophisticated for your average attacker, apparently.
might be dumb question and obvious one but what if i download the scr file and change its type to lets say txt and run it? would it still run?
awesome video, i learn a lot with you!! Greetings from BRAZIL!
At 1:06, FYI, that's Korean, not Japanese. Loved the video thoough.
An agreement as large as 658Mb is a big red flag for me.
The easiest way is to check that when ure downloading, usually site will show u the file extension. Just be careful if anything is not .pdf. If download site only shows .pdf and when downloaded to PC if u see a visible .pdf on the file and u never touch any show extension setting before then u have to be careful, open property and see the actual extension.
2:21 "Shakespeare's plays well thankfully they're not going to be encrypted by ransomware in this video"
I am dying 😂😂😂😂😂😂
1:06 Actually Kakao is a South Korean internet company lol
So is the text he showed which he called "Japanese" 🙂!!!
Just proof that people can be intelligent in one way but dumb in many others 😂
I am not trying to mock or criticize a person for not recognizing a Korean company or Korean characters. I just want to provide additional information and correct the information 😂
love this channel keep it up
If the virus is sending the info to a server somewhere would it be possible to find the endpoint and spam it with real looking but completely fake data?
yes
Wow, I learned a lot from this video.
I never use windows for email and I’ve never read a spam or scam get me - it never formsts or looks right on iPhones mail app and makes it easy to spot.
Just for clarification kakao is a korean based site, great insightful video though.
Thats why I disable opening remote images setting in my email setting.
That email sounds like ai generated, because I use gpt to generate email templates to modify, the use of “high sprit” in that first sentence is really common in gpt generated email. Which also explains why the format was so good too.
when you reduced the file to 15mb and put it on your desktop, why didn't Windows Defender flag it down? Or do you not have an AV on your VM?
Likely upload speed. It would have to send 600+ mb to defender's servers before it can even start scanning. Assuming a 3 MB/s upload speed, it would take about 5 seconds to upload realistically, a 600mb file would take over 3 minutes which by then they would have probably clicked it already.
we need to reestructure the way we interact with file execution / command execution. We need a persistent shield watching the onmouse over and onmouseclick events, not allowing user to "execute" a command, before the destination of that "click" to be scanned. I was trying to implement a python-based resident shield that disables all execution commands at startup and only allows the click, after checking its after events. Tried to manage the virustotal api to do the hard work. Im still developing it, hard, but on the go
I download movies online, and there is a lot of invasive adds, I'm afraid some of those may be virus. Can I get hacked that way? Could you make a video about it?
Why don't you use adblock and pop-up blocker
@@keylanoslokj1806 The page detects that you have adblock and asks you to disable it to continue
@@keylanoslokj1806 The page detects that you have adblock and asks you to disable it to continue
@@keylanoslokj1806 The site asks you to disable it if you want to continue
I do, but the page detects that you have adblock and asks you to disable it to continue
You called korean japanese..
uh crap, there was another japanese one and I thought this was similar, my bad.
Thanks a lot bro, very useful.
1:07 dude, even if don't know hangul, the translation pop up literally said "Korean". Also no, kakao is not some weird Korean website. It's a big website in Korea.
Great and informative video! What Windows theme are you using?
When you opened the file with Process Explorer, it didn't show up, so it means that there might be viruses on a PC and even with Process Explorer it's difficult to detect them? I am new to this so sorry for this "nooby" question. Yesterday I did a full scan on my PC with Windows Defender and tried to look for malicious files in Process Explorer and found nothing. Now I ain't sure if my computer is clean because of this...
1:11
It's actually a Korean site.
The best way to not get hacked is to have common sense
Well, the simplest way to avoid getting hacked is this: do not open ANY files received from ANYONE (blanket rule), unless you have confirmed via other In Real Life methods (phone-call, live meeting, etc) that those files are sent by trusted people and they MUST be opened for some mysterious reasons. Free advice, enjoy!