Tag: adware

AI, Programming, Security, Tech

How to View through Keynotes

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

It’s the first day on the job and there’s a new script! This is going to be the best day ever!
Photo by SHVETS production, please support by following @pexel.com

It’s your first day on the job. You walk in and sit down to mentally prepare yourself for the laundry list of tasks ahead. While seated at your keyboard, you notice there is a camera installed in the corner of the room pointing at you.

Feeling a little unsettled you look back at your computer keyboard and before you begin to type. You get this eerie feeling of something or someone watching you from all devices.

The camera, the webcam, and even the keyboard feels like they’re watching, and you are not too sure if what you are feeling is real. Let me script for you how this may be your reality.

Timmy: Z-Daddy says we’re being watched by the big boss.
Tom: We’re not interesting enough to spy on. He’s just trying to wig us out.
Photo by Fox, please support by following @pexel.com

Local Private Eyes

You understand how the camera and webcam could be the ones watching your every move. At some point or another, it’s been reported in the news, but to spout that your keyboard can be watching as well, now that might be a thing of nonsense.

You could say one is being unreasonably paranoid. Let me introduce you to a device called a “keylogger”. You may have heard it go by other names such as keystroke logger or keygrabber.

Keyloggers are tools used to capture all your interactions with the keyboard. This means everything you type is recorded and stored for later evaluation. This includes all the questionable websites you visited during the duration of your shift. We’re all looking at you nudemidgetcowgirlsfromouterspace.com.

Henry: See, I told you they were visiting Scriptingthewhy during working hours.
Shaw: well, it is a semi-informative site with some humor but you’re right they’re supposed to be working.
Photo by AlphaTradeZone, please support by following @pexel.com

For Good, Bad, and the Dark-net

The use of keyloggers has been used for both good intentions and malicious ones. For good intentions, this involves things like parents installing a keylogger to monitor their child’s screen time. Although I don’t know of any parents doing that nowadays since we’re just happy to not hear them crying about anything. A silent and preoccupied child makes a happy parent.

Another good intention, though questionable, is companies have been known to use keyloggers to monitor employee productivity, as you would have imagined, yes, the overlords may watch you to ensure that you are in fact working. And finally, IT (Information Technology) departments can use keyloggers for troubleshooting problems with a device.

So, with all of these “good intentions” (minus the company part depending on how you look at it), you may be wondering what the bad or malicious ones are. Unauthorized personnel will use keyloggers to, not only be like Sting from the Police watching every move you make but later sell your information on the dark web or hijack your life if they want.

Again, you’re a somebody and that means every person on the dark net doesn’t mind being you. Whether you choose to believe it or not your information has value.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Eric: You read the latest script? Nice, big boss wants to see you by the way. Don’t worry bro, your computer is safe with me.
Bob: I don’t think I should just leave it with you like that.
Eric: Nah bro, you can trust me.
Photo by Helena Lopes, please support by following @pexel.com

Connection via Co-worker

So how would something like this work? This is usually done by social engineering but you’re going to be highly disappointed to know that the installation of such a device is as simple as inserting a USB (Universal Serial Bus) thumb drive.

An example of this might be you’re in your office and Eric from accounting comes in to let you know that the big boss wants a word with you, so you head out to the big boss. If for some reason or other, you leave Eric in the office he can then go to your computer, hook up a device to the plugin slot for your keyboard, and connect your keyboard plugin to the keylogger device.

Photo of keygrabber device.
Photo by keelog,@https://www.keelog.com/usb-keylogger/

From there, all the information is ready to be recorded. There are other means outside of using this tactic. The use of web page scripts provides you with an infected link leading you to a malicious website where the software will download to your computer for the keylogger.

Phishing offers the same tactic, but it is delivered to your email instead, this could be where you see an email featuring the classic “click on the link if you want to marry your Russian princess” or prince. Just so you know, Z-Daddy doesn’t judge, love is love.

And finally, unidentified software is downloaded, this may also be known as “drive-by downloading”, again it’s not what you think, computer nerds aren’t driving around firing malicious code from the side of the car as they go by. This occurs when you visit a website like nudemidgetcowgirlsfromouterspace.com and a file is downloaded without your consent.

Sean: Watching out for people is tough.
Amber: Watching over people is tougher, it’s a good thing we have Z-Daddy.
Photo by KoolShooters, please support by following @pexel.com

Watching Overall

Now while keylogging has some good and bad use cases, let’s be honest, no one likes to be watched without their consent. There may be a niche few who don’t mind because they feel as though they have nothing to hide. However, having this knowledge is important in protecting or simply figuring out if “Big Brother” or another interested party is viewing what you do.

A few ways of confirming are; if your browser is operating sluggishly or slower than normal, if there is a lag in keystrokes or cursor movements, or if your cursor disappears randomly during movement.

Physically, you could inspect your plugins by unplugging them and checking if a questionable device is seated in any of the USB slots. For digital or online protection, avoid visiting or downloading software from unknown trusted sources, if you receive an email from Eric with an attachment saying, “Good times are to be had here, click and download for more,” keep a close eye for grammatical or spelling errors and crosscheck with Eric as that may not have been him.

Always keep an understanding that your personal information is extremely valuable to an attacker. If you have massive debt, it’s not a problem, they’ll get you more and if you have no debt, that’s also not a problem, they’ll find you some.

Julia: Ben, since we subscribed and stayed informed, look at how much we’ve avoided.
Photo by Mikhail Nilov, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed with keyloggers? Script a comment below.

Programming, Security, Tech

Ducktails vs. Duck Tales

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Bye-bye Mr. Duck, Scriptingthewhy told my dad all about you.
Photo by Abdel Rahman Abu Baker, please support by following @pexel.com

Ducktails is not going to have a good spin after you read about this one. So you may have looked at the title and thought that you are going to read a nice story about Ducktails and have those memories of being a child sitting in front of the TV on weekday afternoons and Saturday mornings come rushing back to you.

Remembering the time sat through your watch list of favorite cartoons until you got to the main event. However, sadly, you’re not going to have that moment. We have come across some information that will have your head spinning including your tail.

So, as usual, we’ll be covering what the attack is, who is using it, the functionality, and effects upon release, and what are some ways to protect yourself from this being the last Saturday morning for your peace of mind.

We found a duck in your computer, it was ducking.
Photo by Ekaterina Belinskaya, please support by following @pexel.com

The Attack

What has you spinning around like a record from the 80s? Great that you asked, the intruder in question is called “Ducktail”, and no, it’s not “Duck Tales”. As mentioned earlier, your sweet childhood is here to be exploited, not rewarded.

Ducktail is what is known as “adware”, adware for those who may not know is malware software that secretly installs itself on the victim’s device and pops up unwanted advertisements.

No, your YouTube account doesn’t have adware, that’s just YouTube being god-awful. Speaking of god-awful, did you know that ducktail was a hairstyle? I’ll take the adware, please.

Ed: You know they could give us more information as to who the scammers are.
Z-daddy: It’s not that simple, and most of the time it’s untraceable.
Photo by Athena, please support by following @pexel.com

Who Can It Be Now

As far as who has been making use of ducktails to make other people’s lives interesting, there have been no names. However, it is believed that its origins trace back to Vietnam a few years back.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Sue: Ed, I thought you landed a job interview and was looking to get out of here.
Ed: It was a scam.
Sue: Oh, well, Scriptingthewhy could’ve told you about that.
Photo by olia danilevich, please support by following @pexel.com

That Sinking Feeling

Are you confused about how something like this works? Don’t worry, I have you on that front. The Ducktails adware pairs with NodeStealer and targets Meta business and Facebook (also called Meta) accounts and for lack of better a term, hi-jack the accounts.

Once access is gained, social engineering can begin, where multiple victims can be approached through various platforms like Facebook, LinkedIn, and WhatsApp, even including freelancer platforms like Upwork.

So, yeah, once in, everyone is getting a spicy meatball, and no one is off the menu. Ducktail also has another way in due to performing what is called “search engine poisoning”, this is the dark art of tricking a search engine like Google into ranking webpages to appear number one so they can further distribute their malware.

The overall is you’re being lured into giving your information. These lures involve bogus posting on Upwork, Freelancer, Facebook ads, LinkedIn mailing, and even those “Disney is hiring for Data Analytics 100% remote position” ads you see on YouTube. Disney, like any other job, wants your butt in a seat on-site. Don’t fall for this.

Back on track, so once the adware gets onto your computer and begins to steal information, this includes items like saved session cookies from the browser to then tailor ads more personal to the victim. So basically, you have in your search history lawn mowers, it finds that and crafts you “lawn mowers for cheap or even free”, you click, and pop goes the weasel.

The good news is the rest of your collected information doesn’t go to waste however, it has been known to be sold on the dark web for about $15 USD to about $340 USD depending on who you are. You’re still worth something, whether you believe it or not.

You make one move on my owner’s computer and you’re gone with Tweetie. You got me?
Photo by Turong Chopper, please support by following @pexel.com

The Prevention

So it’s clear, you don’t want your tail like your life spinning out of control. Well, don’t worry, I have you on that one. Everyone thinks that cybersecurity is using cutting-edge technology to stop the bad guys when in reality, it’s just practicing some good fundamental habits.

A simple way of thinking about a form of protecting yourself is when contacted by anyone you don’t know and they request you visit a link, uh treat it like the front door of your house, and don’t open it. I hope you wouldn’t open the door all the way for a complete stranger so the same applies here.

Always keep a lookout when visiting websites as if you look in your browser search bar and to the left, if the little lock symbol is not locked then that means the site is not secure. This means everyone else can see your transactions and you don’t want that.

When downloading software, it is always best to download from the official site and not a third party as downloading from a third party may contain malware and other nasty software.

Having your operating system and anti-virus up to date is a must because patches for vulnerabilities are released often and further help protect your computer. Always remember, your tail is meant to twerk for a paycheck, not twerking because you lost one.

Whoa there lil duckie, we’re not saying all ducks are bad.
Photo by Pixabay, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Ducktail? Script a comment below.