Announcement

Collapse
No announcement yet.

Malwarebytes warning on Fab forum

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    StreamFab for Windows Malwarebytes warning on Fab forum

    Whoa, man, I didn't sign up for this.

    Attached Files
    Programmer in Python, Java, JavaScript, Swift, PHP, SQL, C#, C++, Go, R

    #2
    Originally posted by Chameleon View Post
    Whoa, man, I didn't sign up for this.
    ...
    Click image for larger version

Name:	xIzcMM9.jpg
Views:	407
Size:	73.8 KB
ID:	442141

    Comment


      #3
      Originally posted by Chameleon View Post
      Whoa, man, I didn't sign up for this.
      ...
      Click image for larger version

Name:	0944c6923369614c26a18b10c7a51454.png
Views:	388
Size:	108.7 KB
ID:	442143

      Comment


        #4
        Malware is serious shit people. I would guess Fab is collecting information and selling it to whoever pays the highest price, this is some serious shit.
        Programmer in Python, Java, JavaScript, Swift, PHP, SQL, C#, C++, Go, R

        Comment


          #5
          It won't be long before Wilson gets called before a US Congressional hearing, just like TikTok. I knew that move to Beijing wasn't for anything good. Are they just another pawn of the CCP just like TikTok?

          Comment


            #6
            It's a link in this thread to security-explorations-DOT-com. So far it's only been that link in that thread.

            https://www.heise.de/news/Forscher-extrahiert-DRM-Schluessel-von-Microsoft-und-laedt-Netflix-Filme-runter-9696020.html (german language) https://security-explorations.com/microsoft-warbird-pmp.html (english language) There is a claim that FullHD download of Netfl*x movies is possible.



            Click image for larger version

Name:	mb_warning.jpg
Views:	374
Size:	26.9 KB
ID:	442148
            Win11 Pro 22H2, no bloatware, no spyware, no crapware, no TPM, no Secure Boot, no MS account. And yes, you can dual boot 7 and 11.

            Comment


              #7
              Originally posted by NewMelle View Post
              It's a link in this thread to security-explorations-DOT-com. So far it's only been that link in that thread.

              https://www.heise.de/news/Forscher-extrahiert-DRM-Schluessel-von-Microsoft-und-laedt-Netflix-Filme-runter-9696020.html (german language) https://security-explorations.com/microsoft-warbird-pmp.html (english language) There is a claim that FullHD download of Netfl*x movies is possible.



              Click image for larger version

Name:	mb_warning.jpg
Views:	374
Size:	26.9 KB
ID:	442148
              I was just about to say that.

              This site gives ACTUAL tools (proof of concept tools) that exploit security vulnerabilities. So it makes sense that it is flagged.

              Let's not forget that a lot of malware scanners have false positives on files that are compiled or compressed a certain way because most keygens are coded that way. They also pander to Microsoft and other big dogs when it hurts their bottom line.

              If you know anything about batch scripts or PowerShell, you can see in the source code there is nothing nefarious in a tool like OfficeRTool and yet it is flagged as dangerous because it will activate an Office license. Same for KMS_VL_ALL_AIO.

              Comment


                #8
                This is not a false positive I just put it through a high-priced virus and malware scanner from a company called OKTA.
                Programmer in Python, Java, JavaScript, Swift, PHP, SQL, C#, C++, Go, R

                Comment


                  #9
                  This does not cast a good light on MalwareBytes Browser Guard. A scary warning of "potentiallly malicious activity" because of a clickable link (and one where the URL matches the displayed text) in a forum post. This time at least DVDFab is not to blame.

                  Comment


                    #10
                    No, DVDFab is not to blame. Neither is the poster. It also has no bearing on MB Browser Guard either. More times than I can count it has caught something that by visiting a site I would have never noticed. A number of sites had been exploited and were running malicious scripting in the background. The fact it caught the link reassures me. If it were truly malicious and MB had not caught it how many fools would have clicked that link and been sorry they did? I'd rather be safe than sorry any day.
                    Win11 Pro 22H2, no bloatware, no spyware, no crapware, no TPM, no Secure Boot, no MS account. And yes, you can dual boot 7 and 11.

                    Comment


                      #11
                      Originally posted by NewMelle View Post
                      No, DVDFab is not to blame. Neither is the poster. It also has no bearing on MB Browser Guard either. More times than I can count it has caught something that by visiting a site I would have never noticed. A number of sites had been exploited and were running malicious scripting in the background. The fact it caught the link reassures me. If it were truly malicious and MB had not caught it how many fools would have clicked that link and been sorry they did? I'd rather be safe than sorry any day.
                      You took the words out of my mouth NewMelle, thank you.
                      Programmer in Python, Java, JavaScript, Swift, PHP, SQL, C#, C++, Go, R

                      Comment


                        #12


                        From Wikipedia article on OKTA:
                        Security incidents

                        On March 9, 2021, hacking collective "Advanced Persistent Threat 69420" breached an Okta office network through a security failure in the company's Verkada camera setup. They were able to download security footage from the cameras. One member of the group, Maia Arson Crimew, also revealed that the group had gained root shell access to the network. In a blog post the next-day, Okta Chief Security Officer David Bradbury minimized the root shell as an "internal support tool" of the camera manufacturer Verkada. However, the shell would have given the hackers full access to execute any commands on the network, and Cloudflare admitted that a similiar hack by the group on that company's network provided them with the same level of access. Bradbury also said that the threat was contained to an isolated network.

                        On March 22, 2022, the hacking group LAPSUS$ posted screenshots claiming to be from Okta internal systems. The next day, Okta concluded that a maximum of 366 of their customers data may potentially have been impacted, further stating that the breach originated with a computer used by one of Okta's third-party customer support engineers to which the hackers had access.

                        In December 2022, Okta's source code was stolen when a hacker gained access to their GitHub repository.

                        In early October 2023, Okta was notified of a breach resulting in hackers stealing HTTP access tokens from Okta's support platform by BeyondTrust. Okta denied the incident for a number of weeks, but later recognized that a breach had occurred. Customers impacted by the Okta breach included Caesars Entertainment, MGM Resorts International, 1Password and Cloudflare. On November 29th, 2023, it was known that the security incident affected all Okta customers.​

                        Comment


                          #13
                          I use NoScript and uBlock Origin add-ons with Firefox. My reasoning is that malware is often embedded in ads, so I use uBlock Origin as an ad blocker. I've used AdBlocker Plus in the past. NoScript blocks java scripts by domain of origin. It's a bit of a pain, since every time I go to a new web site, I have to figure out which scripts need to be enabled for the site to function. But malware can be loaded by scripts that are called by ads or thrid party web sites that the web site I'm on has links to (or scripts calling other scripts on other web sites). It's not perfect, and I'm relying on Firefox and the add-ons themselves not being compromised, but I think it helps limit the risk inherent in web browsing.

                          Comment


                            #14
                            Originally posted by Chameleon View Post
                            This is not a false positive I just put it through a high-priced virus and malware scanner from a company called OKTA.
                            I didn't say it was a false positive. I gave false positives as an example. I was saying this site has scripts you can download to exploit vulnerabilities. I downloaded that tool that sniffs PlayReady keys to see and it is extremely well documented.

                            Just as an example, here is a link that Microsoft Edge will go bonkers on: MS-EDGE-Alarmist-BA0kHLP9.jpg

                            This is a file locker. I am linking to an image. It's a regular .jpg and there is no steganography in it. Yet you get a huge red screen in edge telling you not to go to that link simply because one time someone uploaded something malicious there. This file locker is known for ignoring DMCA takedown requests so it's kinda convenient that it is being flagged as dangerous.

                            Comment


                              #15
                              Originally posted by jpp72 View Post

                              I didn't say it was a false positive. I gave false positives as an example. I was saying this site has scripts you can download to exploit vulnerabilities. I downloaded that tool that sniffs PlayReady keys to see and it is extremely well documented.

                              Just as an example, here is a link that Microsoft Edge will go bonkers on: MS-EDGE-Alarmist-BA0kHLP9.jpg

                              This is a file locker. I am linking to an image. It's a regular .jpg and there is no steganography in it. Yet you get a huge red screen in edge telling you not to go to that link simply because one time someone uploaded something malicious there. This file locker is known for ignoring DMCA takedown requests so it's kinda convenient that it is being flagged as dangerous.
                              Thank you jpp72, it was a misunderstanding on my part.
                              Programmer in Python, Java, JavaScript, Swift, PHP, SQL, C#, C++, Go, R

                              Comment

                              Working...
                              X