Windows Movie Maker scam spreads due to high ranking 0 1003

Microsoft’s free video editing software, Windows Movie Maker, was discontinued in January 2017, however, scammers have been using the demand for this product to trick users into downloading a fake version in an attempt to collect money.

This fake download link has succeeded in reaching a global audience due to it’s high ranking on both Google and Bing search engines. The good news for ESET users, however, is that ESET security products detect the scam and block the website distributing it.

On the 5th of November 2017, Win32/Hoax.MovieMaker was the third most detected threat worldwide.

The scam operates by getting the user to install the software resembling Windows Movie Maker which then prompts the user to upgrade to the full version requiring a payment of $29,95. The user is prompted to do this upon installation and again upon attempting to save a new document.

How to stay safe

If you have already installed the fake Movie Maker from windows-movie-maker.org, uninstall it and run a scan using a reputable antimalware solution. To see the ESET product offering for East Africa please click here.

To avoid falling victim to scams such as this one, be sure to stick to official sources when downloading software. Find downloads on official websites and do not click on download links directly from search engines. If you really need to use a piece of software that’s no longer distributed by its original maker, make sure you:

  • Use a reliable security solution to detect and block malicious content.
  • Consider using the official replacement for the discontinued software – in this case, Windows Story Remix.
  • Don’t pay for software that is or was officially offered for free. Information on software pricing should be available online.

For more information on how ESET products can protect you from these scams go to our ESET East Africa website.

 

Previous ArticleNext Article

Flaws in email encryption revealed 0 479

email encryption

A team of 8 academics have discovered weaknesses in OpenPGP and S/MIME encryption protocols which could lead to the plain text of encrypted emails being exposed to attackers. The academics have named these flaws “EFAIL”.

Insights from cryptography expert Bruce Schneier explained that “[t]he vulnerability isn’t with PGP or S/MIME itself, but in the way they interact with modern e-mail programs.”

To be able exploit the weaknesses, you would first need to access the end-to-end-encrypted email message. This could be by way of stealing it from a compromised account or by intercepting its path. Following this, the attacker would need to alter the email, adding a custom HTML code and then sending this new version onto the victim. The victim’s email client decrypts the email and is tricked by the malicious code into sending the full plaintext of the emails to the attackers. Even messages sent years ago are vulnerable.

The team said that their proof-of-concept exploit has been shown to be successful against 25 out of 35 tested S/MIME email clients and 10 out of 28 OpenPGP clients. The flaws affect email applications such as Apple Mail with the GPGTools encryption plug-in, Mozilla Thunderbird with the Enigmail plug-in, and Outlook with the Gpg4win encryption package. The academics said that, in keeping with the principles of responsible disclosure, they have reported their findings to all email providers concerned.

Time to change your Twitter password 0 623

Twitter Password

An internal bug exposed the passwords of an undisclosed number of the more than 330 million Twitter users.

Twitter CTO Parag Agrawal announced that it was a “bug that stored passwords unmasked in an internal log”. He went on to state “we have fixed the bug and our investigation shows no indication of breach or misuse”.

The Social Media platform are insisting that there is no sign of danger and that there is no reason to believe that the passwords were exposed outside of the organisation. However, they are still advising users to change their Twitter passwords and those of any other online service using the same password.

Some additional password tips from Twitter include enabling two-factor authentication and also using a password manager to create a strong and unique password for every individual online service.