Researchers at DomainTools have issued an alert about a malicious Android app that pretends to warn users about those infected with the COVID-19 Coronavirus in their vicinity.
In truth, the app locks users out of their devices and demands that $100 worth of Bitcoin ransom payment is made within 48 hours. If payment is not made, the ransomware claims, the phone will be completely erased and pictures, videos, and social media accounts shared online:
YOUR PHONE IS ENCRYPTED: YOU HAVE 48 HOURS TO PAY 100$ in BITCOIN OR EVERYTHING WILL BE ERASED
1. What will be deleted? your contacts, your pictures and videos, all social media accounts will be leaked publicly and the phone memory will be completely erased
2. How to save it? you need a decryption code that will disarm the app and unlock your data back as it was before
3. How to get the decryption code? you need to send the 100$ in bitcoin to the adress below, click the button below to see the code
NOTE: YOU GPS IS WATCHED AND YOUR LOCATION IS KNOWN, IF YOU TRY ANYTHING STUPID YOUR PHONE WILL BE AUTOMATICALLY ERASED
The researchers at DomainTools discovered the malware – which they have named CovidLock – after investigating the increased number of domain registered in the past few weeks related to Coronvavirus and COVID-19, many of which have been used to spread scams or false information.
In this particular case, the researchers discovered the malicious Android app was being distributed from a site called coronavirusapp[.]site (I don’t recommend visiting it), rather than via the official Google Play marketplace.
The fact that the app is only available from a third-party source does limit its ability to infect Android devices, as only users who visit the site, ignore the many warnings issued in the past about “side-loading” apps from unknown sources, and grant the app permissions to access the device’s accessibility settings and lock screen will be at risk.
Activate lock screen to get instant alert when a coronavirus patient is near you
DomainTools says that CovidLock’s screen-lock attack will not work on devices running Android Nougat or higher (Android 7.0 or later) if an unlock password has already been set by the user.
Fortunately, CovidLock does not appear to be the most accomplished ransomware ever written – and so even if you are unlucky enough to have had your phone infected it may be possible to recover access to your data without paying a ransom. Reddit users report that they have successfully analysed the app and determined the decryption password.
As ever, despite its shortcomings, Google’s official Play Store is a safer source for apps than third-party unofficial sites. Furthermore, if you’re an Android user always be very careful about what permissions you grant an app. One careless choice could lead to your data and privacy being put at risk.
For more discussion of this topic, listen to the “Smashing Security” podcast:
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
But I think that if I wanted to make money fast, this is a good scam. I mean, it's fast and make some money.
Listeners, please don't take Ran Levy's advice. The hosts of Smashing Security do not necessarily agree with the opinions or support in any way with use of the guest. Smashing Security, Episode 170, Pornhub, Coronavirus Apps and Remote Working, with Carole Theriault and Graham Cluley. Hello, hello and welcome to Smashing Security, Episode 170. My name's Graham Cluley. And I'm Carole Theriault. And Carole, we are joined this week. We are very lucky to be joined this week. Well, it's not like he had anything else to do because he's been isolated in his Tel Aviv apartment, Ran Levy from the Malicious Life podcast. Hello, Ran. Hello, hello. It's great to be back.
Ran, how are you handling doing your own podcast being locked in in your flat with your family?
Oh, man, it's difficult. Actually, in the last week and a half, I'm just releasing reruns because recording in my attic, the sound quality is not too bad, but it's different than the usual sound quality. Different environment. So I'm leaving the quarantine in two, three days, and then I'll return to normal scheduling.
But tell us what happened. How have you ended up in self-isolated quarantine? What occurred to you?
Yeah, such bad luck. I commute by train every day. And there are, I don't know how many tens of trains every day to and from my house to Tel Aviv, but apparently a corona patient, one of the very first corona patients in Israel, boarded my train at exactly the same time. And you know who it is, I mean it's a long train, probably a thousand plus people on the train, all right? And they just said, you know what, all of you quarantine now. And actually it was my wife who kicked me up to the attic.
She said what? Is that something she's done before? Have you actually banished you to the attic in the past? Have you been up there for 10 days?
Yes, I am. Oh, really? Seriously? Yeah. It's not too bad because this is basically my home office day to day. But if you don't leave the same room for 10 days, at some point I kept forgetting what day it was because every day seemed like the last one. So is it Sunday or is it Monday? I don't remember.
Does it even matter? I remember this podcast about this guy who went and lived on his own in a cave to see how long it would take him to go mad. No light, nothing. Just on his own sensory deprivation, effectively. It was in France somewhere in a cave. And he went apeshit, I think, after a few weeks.
I can relate. Don't worry, we've got you. You know what's worse than the isolation? Because, you know, I've got internet and computer and everything. You have no bog. You have no toilet.
It's going out the window.
I've got toilet paper. Thank God. I can handle that.
Thank goodness the drain pipes.
It's the lack of contact, personal contact. I haven't touched a human being for almost two weeks. And I mean, I can feel it. I can, I mean, I want to touch my kids.
And you want to hold something. Ran, you know, sometimes you can sleep on your arm and you get a dead arm. Have you? I mean, if you're desperate.
I do have my cat who's not afraid of me. Poor cat.
Poor cat. I think we should move on. Carole, what have we got coming up on the show this week? First, thanks to this week's sponsors, LastPass and Domain Tools. Their support helps us give you this show for free.
Now, chums, chums, we live in rather scary times.
Yeah, I've been saying it for a month. Yeah, it's Cassandra, you've been warning us, Carole, and now it's happened. They are walking amongst us. Some of them have the sniffles, some have sore throats, some aren't showing any signs of infection at all. They might be a bus driver, a cleaning lady, neighbours, partners. It's a zombie apocalypse. It is. Even the hosts of rival security podcasts banished to their attics. But didn't you just score a stash there, Mr. Cluley? My wife has ordered some loo paper online. It hasn't arrived yet. Oh, certainly he got scammed. But I don't know. It's called virus testing kits, which, you know, our government didn't think it was important to have them.
They're a little bit difficult to come by at the moment.
Is it hard in Israel to get them, Ran?
Yeah, and we don't have them. Only the government has them. Because they're the important people. What would we do without them being in charge? So
Can I just, so if you say you suspected that you had contracted the illness, right? You got a fever, whatever. What is your Israeli national advice?
You don't go to the hospital because then you infect everybody around you. You call an ambulance. They come and they test you at home. And you don't leave your home unless real life danger.
Is there a little bit of you though, Ran? Because I have met Israeli people before and I know what they can be like. They're beautiful people. They are beautiful people, but they're also rather tough. You don't want to get on the wrong side of an Israeli... Is there a bit of a macho bit of you which kind of thinks, oh, we can just sort of rough this out?
I mean, I can rough it out. I don't need to go to the hospital. I mean, it's only the flu for most people. So yeah, I can rough it out. Yeah,
Exactly. If you don't have a magic wand or a Geiger counter to be able to tell if someone's infected. Maybe these days an app would be the solution, right? And turns out there are apps which claim to do that. They actually exist.
What, you mean an app that tells me whether I have the virus or not?
No, they tell you if there's someone near you who has it.
Oh, confirmed cases. This is how close you are.
It's Tinder. It's cross the road,
Cross the road. It's the opposite of Tinder. It's the anti-Tinder.
So it tells you there's a guy called Ran. He's got brown eyes. He's six foot two. He likes to live in the attic. You know, he's been virulent for this long. He's been shitting in a bucket. Now, there is a website called . Do not go to it. Do not go to it. People do not type in that name of that website because that website, which is, by the way, they're also run by a group of people who also run a website called Dating for Sex, which feels tautology.
I'm sure I've gone to that site before. I'm sure. But anyway, don't visit it.
If you go there, you will be greeted by a world map of coronavirus infections, which you can zoom in on.
Oh, I'm totally addicted to those. I've been looking at the Johns Hopkins one daily.
Okay, well, the Johns Hopkins one is legitimate. That's fair enough. But at the top of this particular one, it has a banner which pops up, which invites Android users to get a real-time number of coronavirus cases based upon your GPS location. Sneaky, sneaky.
That is so preying on people's... Yeah, social engineering at its best.
And it says for the best experience, if you download the app, you should enable accurate reporting. So you basically turn on all the features. And of course, this is something people want right now, right? I would love to know if I should go down the bottom of the hill or not, or whether I should stay up here at the top of it, right? Where's it going to be safer? Now, this isn't a Google Play app. This is an app which you get from a third-party site. So it's a side-loaded app. And as we all know, although Google Play isn't perfect, and there are malicious apps which get in it sometimes, it's a heck lot safer than downloading apps to your Android phone from any Thom, Dick or Harry site.
Sorry, I'm really ignorant here, right? So I don't have an Android phone. I rarely download apps because I'm paranoid. So how does that work? So I would just assume if it's not in the Play Store, don't get it. So how do people download that? How does that happen?
Well, there is an option in the Android operating system, which if you just click the button or uncheck it, then it allows you to download apps from anywhere.
So basically, I could borrow, you know, you could borrow your mom's phone, right? And go, hey, this is cool. Do you want to have a map to know? And then mom would be wicked. Yeah, as long as it's free. Okay, got you.
All you have to have is an APK file and it's a regular application.
I mean, you remember Steve Jobs, you know, was a complete control freak, right? So when he built the iPhone and the iOS operating system, it was all about incredible levels of control.
Just because he wore a turtleneck does not make him a control freak.
Anyway, if you run this particular app, if you install it onto your Android, you are greeted by a message which has a sort of anonymous logo on it. And it says, your phone is encrypted. You have 48 hours to pay $100 in Bitcoin or everything will be erased. And it claims to have grabbed your contacts, your pictures, your videos, all your social media accounts. And it says it will leak them publicly, and the entire phone will be completely erased and it locks your phone. You can't use your phone anymore because you have to enter the magic number, which it says you will only get if you pay the ransom.
Okay, another question. So I've lost a number of phones and broken a number of phones in my life. Right? Because you're a klutz. But what I've learned from that experience, certainly on iPhone, is that you could just reset it and everything gets downloaded from your cloud account.
Well, yeah, I guess if you've got a backup, then you should be able to recover.
So big whoop. Don't be afraid. If this happens to you, just go, fine, screw off. I'll just reset. I
I was always wondering how effective are ransomwares in general on mobile devices? Because, I mean, for most people, I think it's a given that your phone will fall down the toilet at some point.
Yes. You're spending a lot of time there right now, of course, because you're in quarantine. You're dreaming you had a toilet, Ran. Or down the bucket. Whatever works at particular times. And then everything will be lost anyway. So I wonder if people actually pay these kinds of ransomware.
It is an excellent question, Ran. And we have the information about this particular piece of ransomware.
No, I'm so impressed. You've got so much time to do research these days.
Don't be so impressed. This was because of some research done by the folks at Domain Tools, who first alerted about this particular piece of ransomware. Turns out that this ransomware, which they've called COVID lock, doesn't actually encrypt or steal your files at all. The ransomware is lying. All it has done is locked your Android phone.
Well, it's not like they've built a huge trust relationship with me already, since the map is a big pile of poop.
Oh, I see. So you're not feeling too let down by it. You're not disappointed. Once burnt, twice shy, dudes. Apparently, after you start the app, it just waits for about 60 seconds. So it's sort of mimicking that it's doing things in the background and then displays the ransom note. So you think, oh, crikey, it must have done all this stuff in the background. It's done nothing of the sort. And a new variant of the ransomware is now asking for $250 as opposed to $100. So the price has gone up. But according to the researchers, and this is where we come back to Ran's point, the Bitcoin wallet, which it's asking to be paid, has so far received absolutely nothing. Zero. It's been a failure. Nobody's buying it. It's been a disaster. A complete disaster. If you thought the world was having enough disaster, here's another disaster to compound it, which is that the ransomware authors are a load of old rubbish. They're not fulfilling their promises. They're not encrypting your data. They're not actually stealing your files, and they're not even making any money despite all their attempts.
Okay, but dude, Grammy, or chum, chum. Yes. Don't you think? I don't know if it's a two-way chum thing. Well, I could call you what I normally call you.
Could you please stay at least six feet away?
Yes. Okay, clueless. Okay, now, couldn't this have been a test? Oh, maybe. Couldn't this just be test malware just to see if the whole thing kind of works and people download it and they're going, see, I told you, boss, people are going to fall for this. Let's do it for real.
Well, I suppose so. Certainly, it doesn't appear to be the most professional piece of Android ransomware ever seen. One of the interesting things, of course, is that if you were infected by this, and at the moment, it looks like it's just security researchers downloading it rather than actual real victims of this. But if you were to have your phone locked, the interesting thing is that the unlock code is actually hard-coded within it and is available for anyone to find. So it's not even something which changes. So the unlock code, I can tell you right now, is 486-508-3501. So all you have to do, if you were unlucky enough to get infected, that's the solution. If only it was so easy to fix coronavirus, eh?
Actually, you know what? I think it's very smart for the crooks to use social engineering in that way and not invest any time or effort in actually creating a ransomware because think about it. I mean, they probably invested like, I don't know, one, two hours, a few hours working on that app and the website and that's all. And if they get, I don't know, $100, $250, maybe $1,000 from like four or five people who really fell for that really silly scam, it's good money for a few hours of work. They didn't invest any time in actually creating a ransomware. So it could be smart.
Yeah, yeah. The ROI is huge. They've probably spent so much time washing their hands 48 times a day that they haven't had time to finish the coding, which is good news for all of us, isn't it? And it actually gives you some hope for the future of humanity. This gives us hope that the economy will be restored, that we won't face financial apocalypse because of all this horror which is going on right now. Because we see actual entrepreneurial spirit in action, don't we? Because we're seeing these guys taking advantage of an opportunity.
Well, just because they're a little bit creative in their deception. We're going to give them a little award.
Well, not a physical award, Carole.
Right, but you sound impressed, I'm just saying.
No, I—
Am actually quite impressed. Oh, great. This is how bored you are.
We're not surprised you're impressed. You've been sitting in the same room for 10 days.
Yeah, I mean, any entertainment in my case is good entertainment.
Yeah, this is one of the best things you've done all week. We know that.
But I think that if I wanted to make money fast, this is a good scam. I mean, it's fast and you make some money. Listeners, please don't take Ran Levy's advice. The hosts of Smashing Security do not necessarily agree with the opinions. Yeah, okay. So now I'll give you a story straight out of Israel, of course. I think it was the last time that we spoke I also gave an example story from Israel because we've got lots of interesting news going around. And actually, I think it was eight hours ago, the government approved in a very hush-hush move and very quick decision for the... It's called... Just a second. Hang on. What is going on?
Is that the Palestinians? What's going on, man? It's the apocalypse. The four horses of the apocalypse. One just landed above my house.
I just feel like I've been in a time warp. How does this, Graham, this sounds
very... This sounds very much like the app with the ransomware guys were promising. So it turns out the Israelis have actually written it. It works. What they are doing, and that's, I mean, the headline of most news stories about it, where kind of Israel uses anti-terror technology to counter-recuritize, this is a bit clickbaity because it's not actually anti-terror technology. It's a simple, you know, mobile tracking technology. So how do you think this will be used in principle? Will it be used against individuals? So for instance, imagine there is a train where a known coronavirus victim has been on the train And would they use this to track other people who had been on the train to identify them? Is that the sort of thing which is?
Yeah, the way they are planning to use it. And as I said, it's really just in the last few hours that the announcement was made, is that when somebody is tested and is seen to be positive, infected with coronavirus, they go back and see the records of all the places he was in the last 14 days. And then automatically they send messages to all the people whose phones were around this guy while he was moving around the world. So if, for example, in my case, if the corona patient that was on my train was, say, in my immediate vicinity in the train, they probably could tell that from the geolocation of the mobile device. And they could have sent me immediately SMS saying, you know, this guy who right now was tested positive a week ago, he was near you in the train. So now go and test yourself or be quarantined. And I think it's a great idea, basically, because now you can really control the infection vectors. If somebody is detected, you can get a hold of the people who are near him and everybody's got a cell
phone. But think about it. It's crazy as well, though. Don't think the world's not going to change. If one person in one train impacts, what, 80 people, and they are then all in quarantine for two weeks, and that happens everywhere, it's going to be an interesting time for us all.
It is already. I mean, think about my case. I was in a train with some thousand other people. Right. All of them were quarantined because we don't know where that guy's been specifically on the train. Exactly. If I knew he was in the same car as me in the train, I would be quarantined. But if we knew that he was in the back of the train, I was in the front of the train, I would probably be safe. I wouldn't have to be quarantined. So I think the potential of that kind of technology to really help control the epidemic sounds great. It really sounds great. I think the only caveat here is that that decision, specific decision, which is a good decision basically, It was gotten to in a way which is very problematic because there's no parliamentary oversight over that decision. And nobody prevents the government from abusing that. They just decided it. There's no oversight from the judiciary system or the parliamentary system. So nothing stops the government from tracking political rivals, abusing the power as we are always afraid of governments. So I think it's the process that's problematic here and maybe the precedent use
Yeah, I mean it's I mean I can imagine if this was used outside of Israel in the rest of the world and maybe other countries will let's take an example for instance Justin Trudeau the boss of Canada he's been self-isolating and his wife I believe was infected by coronavirus now I then heard that Idris Elba the actor. Also infected. He's also infected. Turns out he met up with Justin Trudeau's wife. And now I'm not pointing any fingers here, but we all know what Idris Elba's a bit like with the ladies in terms of the ladies' reaction. I'm just saying they were clearly in proximity, and that's possibly how it happened. Maybe it happened at a conference instead. I cannot believe you're bringing my
mother country's leaders into such disrepute. Idris Elba isn't British Prime Minister yet, Carole. He's not actually our leader. But maybe one day. I'm sure it won't happen.
Question of, I mean, what's the role of right for privacy in such extreme situations? Well, exactly. Even a normal day, it's hard, right? Exactly. And I mean, people in Israel, of course, are talking about it, saying, well, this is obviously an invasion of privacy. But the consensus is that, okay, this is probably a good idea in the short term, not a good idea in the long term. Seriously, guys, you don't have to worry about that because we're all going to be dead anyway. So I think stop worrying about these hypotheticals.
I'm not going to be dead. I haven't left my house in two weeks.
We're going to be all dead, but our butts are going to be very clean. Everybody's buying toilet papers like crazy. I mean what are they all doing with that? I have a conspiracy theory about that. What's your story for us? I'll tell you after the show too. Ice cream salesman? What do we, well, I don't know. The porn industry.
Good, good. That's unthinkable. I can do without the economy, but... The truth is that we have run out of porn, so we do need more to be made. It's not that there isn't an awful lot out freely available. You don't have to go down the supermarket and find it on a shelf. It's everywhere, for goodness sake. Why would you need more? Well, there's something else to consider in all this, right? Especially if there's a dearth in porn. I can relate. Ran's wife had the answer to that. She was sending him to the attic. Put them in the attic. Can someone divorce with their kids after two weeks at home? Can I just say that the whole reason I started working from home was to stop talking to people. Because in the office, it was kind of obvious that I was choosing not to talk to people. But now at home, I can get away with it much more easily.
Well, so I wanted to know, how many people do you think in the UK work from home as their main job? So I looked up 2019 statistics just to try and bypass this stuff. Oh, I don't know. One in 10. So one in 40. So one and a half million people work from home. So one in 40 of workers work from home. And in the States, it's closer to one in 30. So that means there are millions of people out there that are currently being asked to work from home for the first time. Twitter has always told people to work from home. Amazon, Google, NASA, JP Morgan, Samsung, the list goes on.
My company's team is working from home.
Right. Yeah. Because you probably spread the disease, Ran.
No, nobody's sick, but everybody's working from home. Everyone's been ordered home. Yeah, that's a precaution.
Okay, so we make jest, but it is super stressful, right? And I think all of us know something or two about security, and we know one or two things about working from home. So I thought we could share a few of our tidbit advice with our listeners to help them get through this. So let's get the boring security stuff out of the way first. So my first piece would be that orgs really need to provide a to-do list for people to ensure that their home environment is safe for them to do work from and to access files and all the stuff they're supposed to do. Some home workers are going to be asked to use their personal machines. Others will have dedicated working machines. Others will be waiting for machines to be delivered. And the first big security nightmare, I think, is making sure that that home machine is safe to access work files and services. So big companies out there are going to know what to do, right? But there are some companies that are facing this for the very first time. I would say make sure you're not using the default password that was provided with your router.
That's basic security. Yeah, 101. You should always do that. Yeah. Yeah. And lots of people don't. So if you haven't, go do that. The other thing is locking your screen all the time. I would go a step further and disallow the employees from working from their own personal computers. I think companies should provide them with laptops from work because for many people, I think the home machines are vulnerable because we download stuff and we browse unsafe websites, whatever.
I think that's a sensible investment for companies to make. I mean, it may only cost them like £600 per computer.
That's a ton of money if they're looking at being shut down if they don't get business ramp up in the next eight weeks.
Well, yeah. And obviously, they have to order these things and get them delivered. The hardware manufacturers are going to do well, at least, if they manage to keep their supply chains going. But I think from the security point of view, ideally, they are going to be using an approved computer, which has been checked over by the IT team rather than Lord knows what on Windows 95.
Maybe provide some sort of a virtual machine on that home computer. So it's technically more difficult. You'd have to probably bring a technician to actually operate this or set up the install. But that's another option because giving the people the option to log in from, I mean, it's a horrible environment, the home computer with games from the kids and everything. There's probably a large percentage of malware hiding in those files anywhere. So I wouldn't give them the option to log in from their personal computers. That's too big a risk, I think.
It's a complicated one, but I think some will be forced to go down that route. And one of the things to think about is organizations really ought to have a route so that staff know what to do in case there's problems. Lienwho to call, what are the emergency procedures? Think, for example, little Jimmy just stuffed a peanut butter sandwich into one of your laptops, right? So what do you do now?
I'm on the IT support desk. Jimmy, okay. Oh, yeah, it'd be the peanut butter thing, right?
Right, so even something as lame as that can put someone off work. And give people the tools to do the job, right? If they're running a computer, whether it's one that your company has provided or one that which they have themselves, then it needs to be up to date with security patches. It needs to be running up-to-date antivirus software. You're probably going to have to have two-factor authentication in place to allow them to log into the company network remotely. And the last one is backing up, backing up, backing up. So in a worst case scenario, as we've seen from Graham's story, there are people out there scouring around trying to dupe you and in some cases fake you into thinking you have ransomware, but in some cases you really will. And in those cases, it's very nice to be able to wipe and reinstate from where you were. So keep a backup.
Carole, do you have any tips for porn stars who are worried about working from home?
Self-love is the way I'd go right now. Oh, I guess so. Over a webcam. And over to Pick of the Week. So many of us now are realizing that moving to a fully work from home environment isn't always easy, but LastPass is here to make that transition easier, all without decreasing security. LastPass ensures your employees have secure access to their work applications and provides remote employees the ability to securely share passwords across teams in order to stay on top of critical projects. If you want to learn more, visit lastpass.com forward slash smashing. On with the show.
And welcome back. Can you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like. It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related, necessarily. I think we should call it COVID-19.
I think the world is calling it coronavirus.
Yeah, except that, you know, the Corona, the beer manufacturers' stock prices have, along with everyone else's, but they've had a special nosedive because of people calling it Corona.
Let's call it the Diamond Princess Cruise virus then, or the Chinese virus, as I believe the germaphobe in chief is calling it.
The Chinese really don't like when we call it the Chinese.
No, quite right too. I wouldn't either. No, no, it wasn't me who said it first. So obviously lots of hardship being caused around the world, and it's a serious problem. And many people are like Ran, and they've been locked up in their houses. And we saw Italy. We're watching Italy. Italy has been shut down, and everyone's stuck in their homes. And hence, I was rather bemused to see an announcement from a website which said that it would be giving free access to its premium version to everyone in Italy for the entire month. And the name of that website is Pornhub. And so Pornhub, who are quite good on the PR department, they're quite good at getting their name in the press, they announced that everyone in Italy can have free access to – apparently there is some premium version of Pornhub. I can't imagine what that gets you. But anyway, more porn, I suppose.
Jesus, Graham, enough with the Pornhub.
There is an issue though.
What's that about the idea of can the internet handle all this high-def video streaming that people are doing around the world while, you know?
That's right. Apparently it just celebrated 20 million users in one day which broke all records. Will they be able to keep it up or not? It's always the problem, isn't it? That's the question. So the Italians have free Pornhub? That's right. So if you have an Italian IP address or a VPN, Ran. Exactly. Lots of people are using their VPN to pretend to be in Italy to access Pornhub. And in fact, the guys at ProtonVPN, they tweeted saying, we finally figured out why our Italian VPN servers are under such high load. So apparently they're getting swamped by lots more requests than normal. And apparently they are adding new servers as fast as possible to cope with the demand.
So basically, I understand from what you're saying is that the Italians right now are mostly either watching porn or singing from their balconies.
See, they know how to live.
I like the Italian. Actually, you know, I read another article. I think it was yesterday, something like that. From Pornhub, they have what's called Pornhub Insights. It's a regular website. It's not, you know, a porn website. It doesn't have any porn, but it gives lots of interesting insights on statistics that they gather from their website.
That's what you told your wife. It's for research.
Really, it's for research.
And bored out of your mind.
And bored out of my mind, exactly. And it turns out that, if I remember correctly, there has been about 7 million searches for the coronavirus in Pornhub in the last 30 days or so.
What? Corona porn? Actually, COVID porn.
So rather than coming around pretending to be a plumber to fix the dishwasher, they're instead coming around in a hazmat suit. Just need to check you for coronavirus. Just give you this little injection here. If somebody is searching for coronavirus on Pornhub, it's really interesting to think about what are they trying to find there?
The insights, only the insights. Ran, what's your pick of the week? My pick of the week is tamer. It's more down to earth. Thank goodness. Is this live?
It is. I think it's refreshed every few minutes or so. It's almost live. Maybe there's a short delay, but it's taking the data from lots of various resources.
I wonder if it'll change with the change in air traffic patterns and the like, if there'll be any spotted differences, if it had any impact at all.
Interesting. Yeah, so it's very recommended.
It's very beautiful and calming, actually.
That's earth.nullschool.net. And if you didn't catch that, we'll put it in the show notes. Terrific. Carole, what's your pick of the week?
Well, okay. I was going to not be, just because you lowered the tone, Graham, with your pick of the week. So I asked my other half, right, what he thought my pick of the week should be. And he said, have more sex. What? So I'm just, he did. Hang on, I think—
That's what your husband's answer is to everything, isn't it?
And then I said, oh, that's a good idea. I said, that's a great idea. So people get pregnant and then they can't go to the doctors without risking infection. And what are they going to be called? What's the generation going to be called? Oh, millenniovids, the COVID generation. Yeah, deadly boomers, COVID boomers. And so he was like, well, what about safe sex then? I was like, where are you buying your paraphernalia? Where are you buying your safe sex paraphernalia? Paraphernalia? Sorry, what does he use condoms and other things? He needs a zorb. That's what I told him, he needs a zorb.
Is there a run on condoms like there is a run on toilet paper? Okay, if you needed to take the train, you're going to be taking the train soon. And let's say the infection levels are at least one in four, right? I would probably be hospitalized in the psychiatric department. I don't know how you get the second one on, to be fair. What's happened to this podcast? Anyway, that was my husband's recommendation.
Oh, okay. What's that about? Now, it's about—okay, so let me just give you the premise here. So Susan Powell, okay, she vanished in 2009 and her body was never found. If they've done 24 one-hour episodes they probably— Oh, yes. Right? Sounds fantastic. Yeah, I love true crime podcasts. Has the husband been arrested now or has he been detained? Maybe now. I'm not through it all yet, I'm only at episode 10. Could this chap who's been accused, could he not take legal action against the podcast or something? I mean, if he hasn't—
You know, that's a— That's a great question. I mean, it's a little bit uncomfortable, isn't it?
I'm already working on it, dude. I'm on it, it's going live soon. I've got a lot more time now to work on it. And on that note, we swiftly wrap up the show. Ran, I'm sure lots of our listeners would love to follow you online and find out more about what you're up to.
Yeah, so my podcast is called Malicious Life. It's about the history and the present and the future of cybersecurity. And you can follow me on Twitter at Malicious Life or at RanLevy, R-A-N-L-E-V-Y.
Very cool stuff. And you can follow us on Twitter at SmashingSecurity, no G. And you can also join us on Reddit, join us up on the SmashingSecurity subreddit.
As always, a huge thank you for listening to us, especially during a bleeping pandemic. Your support and kind words will get us through. Our aim is to keep going unless one of us gets sick. Also, a huge thank you to this week's Smashing Security sponsors, LastPass and DomainTools. Their support helps us give you this show for free. Check out smashingsecurity.com for past episodes, sponsorship details and information on how to get in touch with us. Until— Next time. Cheerio. Next week, guys. See you then, speak to you then. Don't see you. Graham, do you think maybe we should think about doing—
More than one show a week? Do you think people would like that?
I don't know. Do you think people would tell us where they would like that?
Probably not. They'd probably just be silent. We'd get no feedback at all unless you know different, dear listener. Yeah, interesting. Come—
On, you want more episodes? Let us know. Bye.
