Stay Safe Out There

[C87]

Apparently scammers have infiltrated Google’s security to place fake adverts for Notepad++ in its search results. Malwarebytes the scam adverts have been online for months. It is thought by clicking them leads to your PC being infected by ransomware.

The adverts all appear under Google’s sponsored heading and have several different long titles designed to make you click. These include “Notepad++ for Windows – Notebook text editor Download” and “Download Notepad Text file editor”. The scammers hope the length of each title will distract people from the fact that the URLs above don’t mention Notepad++.

Clicking the URL takes you to Notepadxtreme which accurately impersonates the real Notepad++ site.
Apparently fake adverts are rife on Google. So be advised to typing the program’s URL correctly.

If you don’t know the URL. Search for the software on a service that doesn’t show adverts. Try BRAVE Search (https://search.brave.com) within BRAVE’s browser, or duckduckgo.com after turning off “Advertisements” in settings.

From Microsoft
As a free and special treat from Tuesday at a PC near you, Windows 11 is to receive the supadupa, or notsupadupa, depending upon your opinion. The Moment4 update. If you want it earlier it apparently is on KB5031455, or www.snipca.com/48094
The Patch Tuesday update is compulsory, unless you have updates set off presumably.

Enjoy, or not as the case may be.


// Moved from "Windows" to "Off Topic" (Kiffi)

[jacdelad]

While this is useful information, it should be moved to offtopic.
Also I'll didn't know about that and will forward this to IT in my company. We have some security problems lately and don't need another one.

[idle]

I don't see any google ads nor does my PC leak telemetry like a sieve.

[Olli]

I do not understand perfectly C87. But sure an ad from Google (especially the first suggestions said "sponsored") can be infected. I met such a way, two years ago, on a computer of friends.

It is not restricted to false text editors : it is perfectly adapted to the keyword you entered on the google search field. And the simple click locks the computers. No ransom : a pure lock.

I think it is not limited to Windows. The first fault consists in adding a third system between the user and the server, whatever the server (Google or not). As Google is a famous search engine, we could think this is the problem. But not : it is already too late. It is just easy to imagine what a user does with Google Search : enter any keyword, and click on one item in a list of item.

The "third system" is installed from an infected server. During one or two weeks, the flows are slower, the requests have latency.

It is a period of clandestine espionage.

And, finally, to remove all the evidences of espionage, the computer is destroyed, by using a specific and usual detail. A detail, lots of body, can explain easily, what it bypasses the real object of the infection.

The best way to choose, after a computer destruction, is phone to his network provider and demand the historic of the flows in a period of 6 months.

As the "third system" uses javaScript (good bye the anti-virus...), the traces of the espionage are visible in the graphics through a significant change of traffic use (between 2x and 3x = espionage of your computer. between 2x and 10x = espionage of others devices).

It is unable to get more than the traffic change. But it often let a start date. And it allows you to know which of your own professional researches have been hacked, and forcome your clients, and/or your hierarchy.

[NicTheQuick]

I basically forgot that there are ads in the Google results. I am using ad blockers since 20 years or so.

[jacdelad]

My dad downloaded vlc mediaPlayer Pro...he used it for months...

[Piero]

I dunno how to define the experience, but I swear I witnessed a teenage bedroom with the pc viruses literally "screaming" (audio, voice) to install fake antiviruses……………………