Feed aggregator
Apple-Branded TV Rumors Resurface Amid Smart Home Push
Best Debit Cards for Kids and Teens in November 2024: Greenlight, BusyKid and More
A joke in approximating numbers raised to irrational powers
Article URL: https://www.andreinc.net/2024/07/25/a-function-to-approximate-raising-small-numbers-to-small-irrational-powers
Comments URL: https://news.ycombinator.com/item?id=42173709
Points: 1
# Comments: 0
Hall of shame: Fake LosslessCut clones
Article URL: https://github.com/mifi/lossless-cut/issues/550
Comments URL: https://news.ycombinator.com/item?id=42173690
Points: 1
# Comments: 0
Advancing Cloud and HPC Convergence with Lawrence Livermore National Laboratory
Article URL: https://oxide.computer/blog/oxide-computer-company-and-lawrence-livermore-national-laboratory
Comments URL: https://news.ycombinator.com/item?id=42173673
Points: 1
# Comments: 0
Why luxury cheese is being targeted by black market criminals
Article URL: https://www.bbc.com/news/articles/crmz42pjpnjo
Comments URL: https://news.ycombinator.com/item?id=42173656
Points: 1
# Comments: 0
QuickBooks popup scam still being delivered via Google ads
Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams.
We’ve seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires victims to download and install a program that will generate a popup, also showing a phone number. In both instances, that number is fraudulent.
The fake QuickBooks popup was previously described in detail by eSentire and reveals how scammers are able to hijack the software functionality by generating bogus alert messages.
We ran into an active malvertising campaign recently, indicating that this scheme is still very much alive and well. In this blog post, we review how QuickBooks users that downloaded the program from a malicious ad will be plagued with a popup generated at certain intervals, instilling fear that their data may be corrupt so that they call for assistance.
Fake QuickBooks downloadWhen searching for ‘quickbooks download‘ on Google, we see a sponsored result appear at the top. This ad promotes a website where users can supposedly download the latest version of QuickBooks.
Here is the website, showing the official logo and even a “Solution Provider” seal of approval:
One thing that may alert users is that the download is hosted on Dropbox:
https://www.dropbox.com/scl/fi/ybket868cp7nx5dhj11cu/QuickBooks_Installer.msi?rlkey=gp1t0siqr2j089vhgysn4nm33&st=4ajnlxze&dl=1 The form (zeform)This installer serves two purposes: one is to download the real QuickBooks program from Intuit’s website, and the other is to surreptitiously install a sort of backdoor “zeform.exe“. This simple binary was designed to integrate with QuickBooks in such a way that it can generate a fake error message, as seen below:
This type of error may be alarming to people who have spent hours loading data into QuickBooks and aren’t aware that this popup, although appearing to come from QuickBooks itself, is in fact totally made up.
The application that creates it is a program written in Microsoft .NET, which contains two important methods that control when and how the popup appears:
- MonitorAndShowForm(), which calls CalculateNextDisplayDate and is incremented on week days
- CheckTimeWindow() to make sure it is a weekday and within a certain time window
The text content (fake instructions) can also be seen here, encoded in Base64 presumably to avoid detection from antivirus software:
ConclusionThis clever scheme has been going for some time now and every now and again we see some people reporting it online, seemingly always via Google ads.
Scammers will usually ask their victims to download a program to remotely access their computer so that they can take a look at the issue and fix it. This is always dangerous and you should be extremely cautious if you’ve already let someone access your computer.
In addition to demanding to be paid to fix inexistent problems, scammers may also put malware that will give them continued access or even the ability to steal users’ passwords.
AcknowledgmentsWe would like to thank Joe Desimone from Elastic Security for taking a look at the malicious executable and Squiblydoo for checking on the Microsoft certificate used to sign the fraudulent popup executable.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
Indicators of Compromise bizzgrowthinc[.]com QuickBooks_Installer.msi9e0b46194dc1c034422700b02c6aca01290d144735e48c4a83eea34773be5f52 zeform.exe
0c3f5f7bed8efbb6b1de3e804d22397a8bdf442b83962444970855fc9606c9f5
We love bugs (and you should, too)
Article URL: https://www.aha.io/engineering/articles/we-love-bugs
Comments URL: https://news.ycombinator.com/item?id=42173628
Points: 3
# Comments: 0
Zelle Limits at Top Banks: How Much You Can Transfer
I'm Skipping Black Friday This Year. Here Why
Importing a front end JavaScript library without a build system
Article URL: https://jvns.ca/blog/2024/11/18/how-to-import-a-javascript-library/
Comments URL: https://news.ycombinator.com/item?id=42173623
Points: 1
# Comments: 0
Scaling Document Data Extraction with LLMs and Vector Databases
Article URL: https://www.timescale.com/blog/scaling-document-data-extraction-with-llms-vector-databases/
Comments URL: https://news.ycombinator.com/item?id=42173604
Points: 1
# Comments: 0
Caltech Researchers Find Evidence of a Real Ninth Planet
Article URL: https://astrobiology.nasa.gov/news/caltech-researchers-find-evidence-of-a-real-ninth-planet/
Comments URL: https://news.ycombinator.com/item?id=42173603
Points: 2
# Comments: 1
In a Post Developer Relations World: Fix or Fire?
Article URL: https://caseysoftware.com/blog/in-a-post-developer-relations-world-fix-or-fire
Comments URL: https://news.ycombinator.com/item?id=42173596
Points: 1
# Comments: 0
AI Can 'Hear' When a Lithium Battery Is About to Catch Fire
Article URL: https://www.nist.gov/news-events/news/2024/11/ai-can-hear-when-lithium-battery-about-catch-fire
Comments URL: https://news.ycombinator.com/item?id=42173594
Points: 2
# Comments: 0
Show HN: Betron Markets – Shape the future with your predictions
Article URL: https://app.betron.io
Comments URL: https://news.ycombinator.com/item?id=42173591
Points: 10
# Comments: 0
Third Places and Neighborhood Entrepreneurship: Evidence from Starbucks Cafés
Article URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4874248
Comments URL: https://news.ycombinator.com/item?id=42173588
Points: 1
# Comments: 1
Communicating Software Estimates
Article URL: https://www.apsis.io/blog/2016/04/18/communicating-estimates/
Comments URL: https://news.ycombinator.com/item?id=42173575
Points: 1
# Comments: 0
Lightrag.ai Is for Sale
Article URL: http://www.lightrag.ai/
Comments URL: https://news.ycombinator.com/item?id=42173574
Points: 7
# Comments: 0