Webroot upset many of its customers when one of its signature updates caused its anti-virus solution to flag critical Windows files as malicious.
The endpoint security provider’s anti-virus platform melted down between 13:00 and 15:00 MST on 24 April. In that time span, Webroot began detecting legitimate Windows files, some of which are essential for Microsoft’s operating system to function, as W32.Trojan.Gen, its generic name for a Windows trojan. The anti-virus platform responded by moving all these falsely flagged files into quarantine, rendering an untold number of computers inoperable.
Not too long after the update took effect, customers took to social media to voice their disbelief and share their stories.
And @webroot goes into meltdown. Hoping global restores will work. We have lot's of valid exe's for all types of software being flagged
— Dave Devery (@Davedevery) April 24, 2017
@Webroot everything is breaking, money is flying out the window… where are you? I have been on hold 20+min
— iSupportU (@isupportu) April 24, 2017
https://twitter.com/ericemoji/status/856621654537109504
Information security observer @SwiftonSecurity told Ars Technica that Webroot had falsely flagged “several hundred” files used by Windows Insider Preview at their place of work. Hundreds of “line of business” apps also went down as a result of the issue.
Strangely enough, Webroot even prevented users from accessing Facebook after it flagged the social network as a phishing site.
The flawed update was in place for 13 minutes before Webroot pulled it. Subsequently, the security firm released a workaround that users can implement to recover their files. This solution works for home users who have one or two affected PCs. But it doesn’t do much good for managed services providers (MSPs) that cater to hundreds or thousands of clients. For those clients, Webroot said in an update posted to its forums that it’s “still working to resolve this issue through the night and will keep you updated as soon as more information becomes available.”
That’s a small comfort to those affected by this incident. Still, it’s better than receiving a link to a slideshare about ransomware, something which Webroot sent to some of its users who complained.
All home users affected by Webroot’s snafu can reportedly fix the issue by uninstalling Webroot, restoring the quarantined files from a backup drive, and reinstalling the anti-virus platform. Let’s hope it doesn’t take long for the firm to release a solution for its business clients.
For more discussion around the issue, be sure to check out this edition of the “Smashing Security” podcast:
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Before we begin the show this week, I wanted to give a quick shout out to our sponsor Recorded Future, a threat intelligence company, and they really sort out the signal from the noise.
There's so much information out there in so many places about what's going on in the world of cybersecurity.
You need some experts to sift through it and find out what's important, what is trending, and deliver that information to you in a timely fashion.
Well, if you're interested in that, the latest information on the hackers, the exploits, the vulnerabilities, if you want that information delivered to you in a meaningful way every day, then sign up for the free Recorded Future Cyber Daily Newsletter.
All you have to do is go to recordedfuture.com/intel. That's recordedfuture.com/intel. And thanks very much to Recorded Future for sponsoring the show.
Smashing Security, Episode 18: Windows is a Virus, True or False? With Carole Theriault and Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 18. As always, I'm joined by my good buddy Carole Theriault. Hello, Carole, what have you been up to?
There's so much information out there in so many places about what's going on in the world of cybersecurity.
You need some experts to sift through it and find out what's important, what is trending, and deliver that information to you in a timely fashion.
Well, if you're interested in that, the latest information on the hackers, the exploits, the vulnerabilities, if you want that information delivered to you in a meaningful way every day, then sign up for the free Recorded Future Cyber Daily Newsletter.
All you have to do is go to recordedfuture.com/intel. That's recordedfuture.com/intel. And thanks very much to Recorded Future for sponsoring the show.
Smashing Security, Episode 18: Windows is a Virus, True or False? With Carole Theriault and Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 18. As always, I'm joined by my good buddy Carole Theriault. Hello, Carole, what have you been up to?
Oh, hi, Graham. Oh yeah, I do have some news. I was last week at St. George's School. So hi to the girls at St. George's School in Harpenden.
I was giving them a talk trying to get them to consider tech as a career path. Yeah, it was quite cool. Actually, a special shout out to Bernie, Sarah, and Zoe.
These are three girls from the school who did the latest Cyber First Girls competition, and they thought it was really great fun. So it was really cool meeting them.
Anyway, it was good, it was a really fun experience.
I was giving them a talk trying to get them to consider tech as a career path. Yeah, it was quite cool. Actually, a special shout out to Bernie, Sarah, and Zoe.
These are three girls from the school who did the latest Cyber First Girls competition, and they thought it was really great fun. So it was really cool meeting them.
Anyway, it was good, it was a really fun experience.
Oh, sounds terrific.
What about you?
I've just come back from Paris. I was given a little tour.
Oh, la la. Yeah, mais oui. How's your French coming along?
Ah, apprends-moi la déluge. Ce sont des mots qui vont très bien ensemble.
C'est horrible.
Anyway, yes, I actually managed to tweet under the English Channel. I was quite impressed that the Wi-Fi worked. Of course, I was using a VPN tunnel when I was using the Wi-Fi.
Sorry about that. And if you heard any other sound in the background, that is our special guest this week, Michael Hucks from PC Matic. How are things, Michael?
Sorry about that. And if you heard any other sound in the background, that is our special guest this week, Michael Hucks from PC Matic. How are things, Michael?
Things are great, things are great. I'm out here in Oxford for my first time, actually first time in England, and Carole's been showing me around and we've been having a great time.
It's good to be here.
Blimey, Governor, it's your first time in England.
My first time. Are you going to edit that out? I hope not.
It's Dick Van Dyke. Yeah, we want to make him feel at home.
Yeah, perfect. That's how it sounds, right?
All right, okay. Well, you know the score.
What we do is we all bring a story, something which has caught our attention in the last week, something which we thought was interesting from the world of computer security and hacking and malware and vulnerabilities and threats and data breaches and all of those sort of things.
There's an old joke, isn't there? There's this joke which goes around, which is that Windows, isn't that a virus? Isn't that malware? And people go, ha ha ha ha, very jolly.
Well, unfortunately, an antivirus product has made a bit of a clanger this week.
What we do is we all bring a story, something which has caught our attention in the last week, something which we thought was interesting from the world of computer security and hacking and malware and vulnerabilities and threats and data breaches and all of those sort of things.
There's an old joke, isn't there? There's this joke which goes around, which is that Windows, isn't that a virus? Isn't that malware? And people go, ha ha ha ha, very jolly.
Well, unfortunately, an antivirus product has made a bit of a clanger this week.
Oh no.
Yep.
What happened?
By misidentifying Windows as being a virus.
Oh, that seems rough.
It does, doesn't it? Webroot. You can't do that. The people responsible for causing this havoc, they released a bad update. I think it was on Sunday or Monday.
All of those computers, all of the computers relying on it, the companies, the organizations, the home users, it caused them serious issues.
What it was doing was it was misidentifying various essential Windows operating system files as W32.Trojan.Gen.
All of those computers, all of the computers relying on it, the companies, the organizations, the home users, it caused them serious issues.
What it was doing was it was misidentifying various essential Windows operating system files as W32.Trojan.Gen.
So anyone that was running this software, the security software, and had it up to date would ping and say that they had this Trojan, quote unquote, on their machine?
Not just ping and say corrupt. Because what it then would do was it would quarantine those files. Oh no. Effectively cutting the legs off the computer so it could no longer run.
And, you know, it shoved them in the recycle bin and your computer obviously became unstable and wouldn't work properly. Any files digitally signed by Microsoft were whisked away.
Now, fortunately, you could reboot and you could restore the quarantined files, but it was causing mayhem.
And I saw one Twitter user, a guy called Bob Ripley, he tweeted, "I seem to have installed a nasty ransomware app. It's called Webroot. They've already got my money.
Should I contact the FBI?" And you can kind of understand the frustration. I mean, let's put our hands up here, right? We work in the antivirus industry or have done in the past.
And I think we've probably all worked for vendors where occasionally a small snafu might happen.
And, you know, it shoved them in the recycle bin and your computer obviously became unstable and wouldn't work properly. Any files digitally signed by Microsoft were whisked away.
Now, fortunately, you could reboot and you could restore the quarantined files, but it was causing mayhem.
And I saw one Twitter user, a guy called Bob Ripley, he tweeted, "I seem to have installed a nasty ransomware app. It's called Webroot. They've already got my money.
Should I contact the FBI?" And you can kind of understand the frustration. I mean, let's put our hands up here, right? We work in the antivirus industry or have done in the past.
And I think we've probably all worked for vendors where occasionally a small snafu might happen.
Sure, it happens.
Yeah. I've seen one. I've experienced a few.
Oh yeah. I think during our days at Sophos, we experienced a particularly bad one, but we're not the only company who've suffered from them.
And obviously Webroot aren't having a great week this week and they've had bad experiences in the past.
In February, as The Register reports, they shafted corporate PCs in a separate instance, causing them to display the dreaded blue screen of death.
But this one has hit particularly badly, and it's affected all versions of Windows. It's also affected their managed service providers, other people who are using their engine.
And even though the update apparently was pulled after about 15 minutes, too late, the damage was done.
Because of course, the onus these days is on getting out those updates to protect people's computers as quickly as possible to protect against threats.
And somehow or another, this particular update clearly shouldn't have passed quality control, should it? It shouldn't have got out.
And obviously Webroot aren't having a great week this week and they've had bad experiences in the past.
In February, as The Register reports, they shafted corporate PCs in a separate instance, causing them to display the dreaded blue screen of death.
But this one has hit particularly badly, and it's affected all versions of Windows. It's also affected their managed service providers, other people who are using their engine.
And even though the update apparently was pulled after about 15 minutes, too late, the damage was done.
Because of course, the onus these days is on getting out those updates to protect people's computers as quickly as possible to protect against threats.
And somehow or another, this particular update clearly shouldn't have passed quality control, should it? It shouldn't have got out.
Yeah, I mean, oh God, the regrets must be going on and the blaming that must be going on and all the energy trying to fix this.
I mean, they are under severe stress, I bet, over there.
I mean, they are under severe stress, I bet, over there.
Well, you know, I'm glad you said that because I think we all know it's obviously painful for their customers.
We know it's painful for corporate customers, the users affected by this kind of snafu, but it's also horrible for the people manning Webroot's tech support and managing their community forums.
And you know, I mean, you can imagine a customer—
We know it's painful for corporate customers, the users affected by this kind of snafu, but it's also horrible for the people manning Webroot's tech support and managing their community forums.
And you know, I mean, you can imagine a customer—
I can't even imagine.
Feeling absolutely furious if hundreds of their computers have gone on the blink because of this.
Yeah.
But you know, it's hard, but don't lose your rag with the poorly paid guy in the support call center who's probably, you know, you're the 900th person who's been screaming at them about this problem.
And if he's lucky, he's maybe making time and a half to try and do the 80 hours this week to try and keep the customers happy, right? Yeah.
Exactly.
So instead, you know, bottle your fury, vent it next time the sales guy comes around trying to sell you something, or you can negotiate a better deal or speak to the company execs and say, what are you going to do to make up for this disaster?
And how are you going to most importantly ensure that this never ever happens anything like this again? Because it's disastrous.
So instead, you know, bottle your fury, vent it next time the sales guy comes around trying to sell you something, or you can negotiate a better deal or speak to the company execs and say, what are you going to do to make up for this disaster?
And how are you going to most importantly ensure that this never ever happens anything like this again? Because it's disastrous.
Have they actually fixed this problem yet? Fix come out and been delivered and everything's fine now, or is this still being dealt with?
Well, at the time of recording, so we're recording this on Tuesday afternoon, a fix isn't completely out there.
They have posted up on their support forums some methods by which people can protect the systems, but they're still working on exactly how to rectify this in the easiest way for everybody.
And clearly this is going to be something which is going to cause problems for some customers for a little bit of time until they've recovered.
It wasn't just that they were misidentifying some Windows LastPass files, there were also users on Twitter and on Webroot support forums saying, you know, this faulty update you've pushed out, it's also incorrectly blocking access to websites Facebook, saying that they're phishing websites.
So our users can no longer get onto Facebook. So to be honest, not all bad news then. Some good has come from this instead.
They have posted up on their support forums some methods by which people can protect the systems, but they're still working on exactly how to rectify this in the easiest way for everybody.
And clearly this is going to be something which is going to cause problems for some customers for a little bit of time until they've recovered.
It wasn't just that they were misidentifying some Windows LastPass files, there were also users on Twitter and on Webroot support forums saying, you know, this faulty update you've pushed out, it's also incorrectly blocking access to websites Facebook, saying that they're phishing websites.
So our users can no longer get onto Facebook. So to be honest, not all bad news then. Some good has come from this instead.
It's a nice way of looking at it.
Yeah, maybe some of the corporate clients will think, actually, can we keep that bit?
We'd like to carry on blocking Facebook, but just fix all that somehow with all of our computers being down, we've somehow managed to boost productivity at the same time.
I can't imagine how that could work.
I can't imagine how that could work.
But you know, I mean, Carole, you and I, we've hinted that we've had a problem before. I remember there was a massive Sophos false alarm a few years ago.
Oh, it was longer than that, but yeah. And it was where an update actually knocked out Sophos's own updating system, which meant that even though we had a fix—
Oh, it was longer than that, but yeah. And it was where an update actually knocked out Sophos's own updating system, which meant that even though we had a fix—
We couldn't update it.
We couldn't update people's computers with the fix.
It was the worst catch-22 ever.
Yeah, an antivirus detecting itself. So if that's any consolation at all, Webroot, possibly Sophos shot itself even more in the foot with ransomware.
And I'm sure I did at least 100 hours that week, just working there that week. So anyway, yeah, be nice to the staff, go after the executives if you want, but be nice to the staff.
They're getting it in the neck right now.
They're getting it in the neck right now.
Exactly. And they're trying to help you. And as with all these things, it's not worth losing your rag on the phone. It's not going to help anything.
Of course, you have to answer to your bosses as well and explain why the computers are down.
And you know, there may be serious discussions which have to take place as to, you know, what you're going to do about that in future.
Of course, you have to answer to your bosses as well and explain why the computers are down.
And you know, there may be serious discussions which have to take place as to, you know, what you're going to do about that in future.
But right now we have to solve the problem.
Exactly.
Right.
That's the important thing. So, you know, we feel sorry for Webroot's users and we feel sorry for Webroot as well. Let's hope these kinds of things happen less in the future.
Michael, I hope you've got something more cheery for us.
Michael, I hope you've got something more cheery for us.
I do, sort of, I guess. But let me start by asking you, both of you, a question.
Okay.
How many millennials do you think illegally stream movies and TV shows online in the US?
Oh.
About a quarter, I'd say, probably.
What would you guess? How many millennials? Oh no, I'd think more than a quarter. I would think 70%.
Stream illegally?
Yeah, 70% or something like that, don't you think?
All right, two very different answers.
Because I think they're all addicted to, I don't know, Game of Thrones or something like that, aren't they?
I mean, everyone streams, but then of course you want to see it as quickly as possible and might you— I'm not sure, 'cause most TV shows come outta the States.
So if it was from a country outside the States, wanting an American show, maybe it's higher. Sorry, this is a very long answer I'm giving you.
I mean, everyone streams, but then of course you want to see it as quickly as possible and might you— I'm not sure, 'cause most TV shows come outta the States.
So if it was from a country outside the States, wanting an American show, maybe it's higher. Sorry, this is a very long answer I'm giving you.
Oh, sorry, yeah, no, it's a detailed answer. Yeah.
Okay, I'm gonna say I'm sticking 25%.
All right, I'm gonna say 70%, 'cause that's what I said earlier.
Okay, well, you were both off, but right in the middle of the two of you.
So you mean we're both right. Fantastic.
Yeah, you're both as right as the other one. Now I can say that. That's all that matters.
A new study found that more than half of 53% specifically of all North American millennials regularly use pirate streaming services to watch TV shows and movies.
A new study found that more than half of 53% specifically of all North American millennials regularly use pirate streaming services to watch TV shows and movies.
I'm surprised by that. They don't have Netflix. Do they not have— do they not— well, that's using Amazon and all that stuff.
According to this, they— the preferred method is legal streaming.
But you know, in the age of not wanting to wait for anything and instant gratification, if that thing is not there, they— it's very accessible to go and just grab something for free online.
And so most people are doing that.
But you know, in the age of not wanting to wait for anything and instant gratification, if that thing is not there, they— it's very accessible to go and just grab something for free online.
And so most people are doing that.
Because there are these naughty sites these days where you don't have to go through all the effort of downloading a, you know, 1.3 gigabyte torrent or something like that.
Where you can, it's like Netflix, right? You can just stream a movie.
And I have encountered these sites where the movie might be released on DVD or something like that, and it isn't on Netflix yet. And you can just click and watch it.
Where you can, it's like Netflix, right? You can just stream a movie.
And I have encountered these sites where the movie might be released on DVD or something like that, and it isn't on Netflix yet. And you can just click and watch it.
And Graham, and Graham, did you ever get in trouble for that?
I didn't say I've done it, Graham.
Yeah, someone he knows did that once.
It's not something actually I regularly do.
Yeah.
But I have done it once or twice in the past, I must admit, hands up. Sorry about that.
But my preference would normally be to go to BBC iPlayer or to Netflix or Amazon Prime or something like that.
But my preference would normally be to go to BBC iPlayer or to Netflix or Amazon Prime or something like that.
Okay, but there's a few basic things.
Just because it works.
Yeah, yeah. So, okay, let's talk BBC iPlayer. I use it. However, I have trouble using it when my VPN is turned on and I'm in the country.
And I have trouble using it if I'm traveling, you know, because even though I'm a licensed user and licensed payer, I can't watch it when I physically am outside the country.
And I have trouble using it if I'm traveling, you know, because even though I'm a licensed user and licensed payer, I can't watch it when I physically am outside the country.
Yeah, well, that is a problem.
Some of these legitimate streaming sites, they do try and prevent the use of VPNs, which, you know, obviously runs contrary to what we would normally recommend in terms of security.
But of course, you know, when we are overseas, I've got a young child.
If I'm overseas and he wants to watch his favorite TV show, I would quite like to be able to log into iPlayer or one of the others and show it to him because I'm a licensed parent.
I'm a registered user of that particular site. I think those sites will begin to provide a mechanism for doing that.
Some of these legitimate streaming sites, they do try and prevent the use of VPNs, which, you know, obviously runs contrary to what we would normally recommend in terms of security.
But of course, you know, when we are overseas, I've got a young child.
If I'm overseas and he wants to watch his favorite TV show, I would quite like to be able to log into iPlayer or one of the others and show it to him because I'm a licensed parent.
I'm a registered user of that particular site. I think those sites will begin to provide a mechanism for doing that.
I think so too.
And that's one thing you can see here across the board is it seems like the streaming services are kind of making it difficult for people to access the things they want, especially when that's what we're used to.
And when it comes to these things, if you're out you can't watch it if it's not on Netflix, but it's on Hulu or it's on Netflix in the UK but not in the US.
And you know, it's just there doesn't seem to be this perfectly aggregated program that's been made to do it.
And so when people are having a hard time finding what they want, they're two links down from that is an ad saying, well, here's you can watch it for free.
And that's one thing you can see here across the board is it seems like the streaming services are kind of making it difficult for people to access the things they want, especially when that's what we're used to.
And when it comes to these things, if you're out you can't watch it if it's not on Netflix, but it's on Hulu or it's on Netflix in the UK but not in the US.
And you know, it's just there doesn't seem to be this perfectly aggregated program that's been made to do it.
And so when people are having a hard time finding what they want, they're two links down from that is an ad saying, well, here's you can watch it for free.
Yeah.
Can't really blame people for clicking on it, I guess.
But it is interesting how annoying it is because you live in the States, for example. And I remember I watched that doc I think I recommended it to both of you.
I watched that documentary called Tickled. Everyone out there, totally watch it. So yeah, and I think, Graham, you watched it, right?
I watched that documentary called Tickled. Everyone out there, totally watch it. So yeah, and I think, Graham, you watched it, right?
Yes, I have it.
Yeah, it was great.
So I obviously told Michael about it, and he can't it's not available for him on Netflix because they have a different version of Netflix for the UK and US, right?
And he doesn't have access to it yet.
So I obviously told Michael about it, and he can't it's not available for him on Netflix because they have a different version of Netflix for the UK and US, right?
And he doesn't have access to it yet.
So yeah, I know what you two are doing tonight then. You can get a cup of cocoa and watch Tickled.
Yes, that's exactly what we're doing.
Soak it all in while I'm here. Yeah, while he's in the UK. Cor blimey, governor, that's what you need to be doing, isn't it?
Now, I imagine the reason why you're raising this issue, however, is not just because we care about the movie industry.
But because of the potential security implications, because—
Now, I imagine the reason why you're raising this issue, however, is not just because we care about the movie industry.
But because of the potential security implications, because—
Way to go steal his thunder. Well, just saying, you invite a guest.
It was coming around to it.
Yeah, you invite a guest over and then just steal his story.
Is that right, Michael? Is that something we should be concerned about?
I think it's absolutely right.
And I wonder if most of the common people out there in the world who are just going around and looking for movies to watch, if they understand the security risk and the implications of using these sites.
What kind of things can happen to them? And I think that a lot of people don't really know.
They just think it's some kind of, wow, it's free and that's cool and nothing's really happening.
And not that I can see from at least, but do people understand that there are issues with this security risks?
And I wonder if most of the common people out there in the world who are just going around and looking for movies to watch, if they understand the security risk and the implications of using these sites.
What kind of things can happen to them? And I think that a lot of people don't really know.
They just think it's some kind of, wow, it's free and that's cool and nothing's really happening.
And not that I can see from at least, but do people understand that there are issues with this security risks?
Because if I was a bad guy.
Yeah. Which if, if.
Thank you. I might disguise my malware as a video codec, which you need to download in order to stream the latest episode of Lord knows what.
Or, you know, I mean, it's a natural thing to do.
And just as we've seen, for instance, apps which have been malware infected and pirated and put up onto torrents, equally, there's no reason to think that a streaming site, an illegitimate streaming site, if we want to call it that, might attempt to trick you into installing something or have some booby-trapped, malformed Flash Player what's-it, just ready to infect your computer.
Or, you know, I mean, it's a natural thing to do.
And just as we've seen, for instance, apps which have been malware infected and pirated and put up onto torrents, equally, there's no reason to think that a streaming site, an illegitimate streaming site, if we want to call it that, might attempt to trick you into installing something or have some booby-trapped, malformed Flash Player what's-it, just ready to infect your computer.
And I guess, yeah, you have recourse with the big boys, right? If you go to Netflix and there's a problem, at least there's a place for you to complain if something goes wrong.
Yeah, and Netflix, of course, you know, if anything were to go wrong on Netflix, it would go wrong for millions and millions of people worldwide and be very obvious.
Yeah.
So, you know, hopefully nothing ever like that will happen, but some of these other sites you have to be a little bit more cautious about.
After all, they've already proven that they're not necessarily walking the right ethical line by making available these movies which they don't necessarily have permission for anyway, right?
So they're already a little bit gray.
After all, they've already proven that they're not necessarily walking the right ethical line by making available these movies which they don't necessarily have permission for anyway, right?
So they're already a little bit gray.
And, you know, but I wonder if people, if it's naive to assume that a lot of people don't know what the difference between free and illegal is, what is allowed to be free?
And if someone goes on the internet, they say, can I watch, you know, The Big Lebowski for free? And there's a link right at the top and it says, yeah, hop right in.
Do they necessarily know that they're even doing something wrong? I mean, a lot of these sites are very professionally done.
They have great search cues and you can just go through and find whatever you want. They don't— they look legitimate, a lot of them.
And if someone goes on the internet, they say, can I watch, you know, The Big Lebowski for free? And there's a link right at the top and it says, yeah, hop right in.
Do they necessarily know that they're even doing something wrong? I mean, a lot of these sites are very professionally done.
They have great search cues and you can just go through and find whatever you want. They don't— they look legitimate, a lot of them.
So what advice should we be giving people to protect them better against these sort of things?
Don't do it.
Okay, so say someone absolutely must stream something from a site that— whether we're going to say we're assuming it's legal and they have to stream some sort of a site they do not know and therefore can't trust.
That's what we can focus on. What would you suggest? I'd suggest don't register with it. You know, have a throwaway email account if you have to register on it would be one.
Okay, so say someone absolutely must stream something from a site that— whether we're going to say we're assuming it's legal and they have to stream some sort of a site they do not know and therefore can't trust.
That's what we can focus on. What would you suggest? I'd suggest don't register with it. You know, have a throwaway email account if you have to register on it would be one.
I'll tell you what you might want to do. Okay, so I mean, first of all, you've set this example, Carole, where you've said you've absolutely got to watch something.
First of all, you know, let's question that. Is there anything you've absolutely really got to watch? Yes, definitely.
But if you absolutely do have to watch something for some reason, then you might be an awful lot safer maybe using an iOS device.
So using your iPhone or your iPad rather than Android or using Windows.
First of all, you know, let's question that. Is there anything you've absolutely really got to watch? Yes, definitely.
But if you absolutely do have to watch something for some reason, then you might be an awful lot safer maybe using an iOS device.
So using your iPhone or your iPad rather than Android or using Windows.
So you're in the walled garden concept?
Yeah, because generally they're more secure and there's less opportunities to exploit it and that the hackers are less likely to be attempting to exploit on those particular devices.
And be very wary of any site which asks you to register or give the email address. And if you are going to do that, give them a throwaway email address instead.
Don't give them your personal information in order to watch the movie.
And be very wary of any site which asks you to register or give the email address. And if you are going to do that, give them a throwaway email address instead.
Don't give them your personal information in order to watch the movie.
Yeah.
And that should avoid most of the threats in that way. But generally, I'd say, you know, get a little bit of patience or look for the video on YouTube or something.
Thanks, granddad.
Well, you know, that is my role, Carole, on this podcast is to be the curmudgeonly granddad.
You do it so well.
Well, thank you, Carole. You're very welcome.
You can wait. People can wait a little bit. And if anyone needs any more reason to not do it, I think that another repercussion just outside of security is how much it can cost you.
I mean, people have been charged and ordered to pay upwards of, you know, over half a million dollars for illegally downloading 30 songs. I looked at one today that—
I mean, people have been charged and ordered to pay upwards of, you know, over half a million dollars for illegally downloading 30 songs. I looked at one today that—
You are kidding me.
Guy was charged $22,500 per song that he downloaded and shared online. And this is a student in Boston who just downloaded some songs just like everyone else has always done.
But he's also sharing them online though, isn't he?
Yeah.
He's not just downloading them. I mean, that is obviously— okay, that's probably the worst bit of it.
Yeah.
Is that he's then encouraging others.
How many people don't even realize that? I think it's— I'm really glad you brought the story.
I mean, I think we just have to be aware that if, you know, they go after you, it's big bucks.
I mean, I think we just have to be aware that if, you know, they go after you, it's big bucks.
Can be bad. Yeah.
Yeah.
Well, I'm going to say, you know, show a little bit of self-restraint for goodness' sake. Wait until it arrives in your iPlayer or Hulu or whatever.
I seem to remember you with Doctor Who. Chomping at the bit for the next episode.
Hmm. Carole, that's Doctor Who. That's a whole different story.
Yeah, well, yeah, there's certain ones that, right, they don't fall within the same category as everything else.
Thank you, Michael. I really you as a guest. You're excellent. Carole, what have you got for us? Yes.
Ah, well, gents, cast your minds back to Ashley Madison. What is the first thing that comes to mind?
I think of someone with collagen implanted lips and a finger up to them going, "Shh." I can see the logo.
So you're thinking of the website rather than the hack that happened in July 2015?
Oh, sorry. Yes. No, I was thinking of the hack. Obviously I was thinking of the hack.
Oh, I was just thinking of my homepage. So yeah, we went to different places, but that's okay.
Yes, you did.
Well, I—
Yes. Okay. So onwards, onwards. So do you remember that there was, just to recap, so it was the Impact Team that stole just shy of 13 gigs of user data, right?
From the Flanders Paradise.
Now we can't tell you how many people that actually represents because a lot of the female registrants, if you remember, were found out to be actually bots.
But I remember, and Gizmodo, and you know, high five to Gizmodo because they did that research and it was awesome. It was a great report.
From the Flanders Paradise.
Now we can't tell you how many people that actually represents because a lot of the female registrants, if you remember, were found out to be actually bots.
But I remember, and Gizmodo, and you know, high five to Gizmodo because they did that research and it was awesome. It was a great report.
I thought that was fantastic.
Yeah, it was such a great story. So we can't really tell you how many of the people that is, but I think we could say all— most of the men were real.
So a lot of people were affected. Now, why did they get hacked?
The goal was to shut down this site because it was for moralistic reasons of, you know, the fact that they destroyed families and the rest.
However, the threat was, we're going to publish the identities of all the registered users regardless of whether they use the services or not.
So of course, we all know what happened. Ashley Madison did not shut down. Impact Team did publish the data on the darkweb, and as we remember, the media went bananas.
Now, there were obviously horrific consequences. I think there were two suicides in Toronto, and there was a few down south, I think New Orleans.
There was a few suicides down there as well. So yeah, this is a few years ago, right? So you think that's, you know, everyone's forgotten that story. That happened two years ago.
Why am I talking about it today? Well, a blackmail campaign has just been launched, and it's using the data from this dump.
So a lot of people were affected. Now, why did they get hacked?
The goal was to shut down this site because it was for moralistic reasons of, you know, the fact that they destroyed families and the rest.
However, the threat was, we're going to publish the identities of all the registered users regardless of whether they use the services or not.
So of course, we all know what happened. Ashley Madison did not shut down. Impact Team did publish the data on the darkweb, and as we remember, the media went bananas.
Now, there were obviously horrific consequences. I think there were two suicides in Toronto, and there was a few down south, I think New Orleans.
There was a few suicides down there as well. So yeah, this is a few years ago, right? So you think that's, you know, everyone's forgotten that story. That happened two years ago.
Why am I talking about it today? Well, a blackmail campaign has just been launched, and it's using the data from this dump.
Oh, saw that coming.
So what they've done is they've contacted targeted Ashley Madison users, so from the email addresses that they had collated and published, and the email read as follows.
So, on May 1st, 2017, we are launching our new site, Cheaters Gallery, exposing those who cheat and destroy families.
We will launch the site with a big email to all the friends and families of cheaters taken from Facebook, LinkedIn, and other social sites.
They will include you if you do not pay to opt out.
So, on May 1st, 2017, we are launching our new site, Cheaters Gallery, exposing those who cheat and destroy families.
We will launch the site with a big email to all the friends and families of cheaters taken from Facebook, LinkedIn, and other social sites.
They will include you if you do not pay to opt out.
Yeah.
So the payment is 0.4 of a bitcoin or $500.
Right.
So what do you do? What do you do if you're on that list? If you receive this email, do you play the ostrich and convince yourself that they're bluffing?
Do you pay up and hope that it keeps a lid on everything? Or do you just tell them to fuck themselves?
Do you pay up and hope that it keeps a lid on everything? Or do you just tell them to fuck themselves?
It's tough though, being in the situation. I mean, it seems very scary since they say that they're gonna launch a site with a big email.
So that big email, you know, who knows what that's gonna include.
So that big email, you know, who knows what that's gonna include.
Well, I wouldn't tell them to fuck themselves. I think that's just like poking an angry bear with a stick, isn't it? I think that's just gonna cause trouble.
You don't want them to focus any more attention on you.
You don't want them to focus any more attention on you.
Yeah, you should shy away from the bullies.
I don't think you should pay up either. Because if you pay up, you've revealed to them that you are someone who's prepared to pay.
Right? The trusted cash cow.
Yes.
You've actually just labeled yourself as a trusted person to actually attack because they know you're gonna deliver.
And if you've paid once, maybe you'll pay twice, or maybe you'll pay more next time.
And it's like, you clearly don't want this information to leak out, so I'm gonna try and get more money out of you. So don't give in to blackmailers.
And it's like, you clearly don't want this information to leak out, so I'm gonna try and get more money out of you. So don't give in to blackmailers.
Sure. And I wouldn't imagine the moral compass of the people putting on this scheme, they'll be like, well, he paid, so let's just call it quits and let him go.
I mean, what stops them from doing this over and over and over and over until they either wipe you completely clean or just you decide not to pay, but you've already paid 10 times.
I mean, what stops them from doing this over and over and over and over until they either wipe you completely clean or just you decide not to pay, but you've already paid 10 times.
Yeah.
I also think you need to think about, you know, how likely is it that the criminals are actually going to go through with their entire plan?
So, okay, they're saying they're going to create this site, Cheaters Gallery.
So, okay, they're saying they're going to create this site, Cheaters Gallery.
Smashing Security.
And expose people's names. Well, first of all, these people's names are already exposed. The Ashley Madison database has been out there for two years.
And there have been other attempts to blackmail them in the past.
I've received emails and people have forwarded me letters which they've received because they were members of Ashley Madison.
And there have been other attempts to blackmail them in the past.
I've received emails and people have forwarded me letters which they've received because they were members of Ashley Madison.
Yeah.
And they've been in some cases very worried about it. In some occasions, they've even received letters sent to their wives at their homes.
You would think that most of them who were involved in the original hack have come clean about being on the site because they had to go through this already.
I mean, maybe a few got through because they deleted the email or I don't know, somehow was able to hide away from it.
I mean, maybe a few got through because they deleted the email or I don't know, somehow was able to hide away from it.
I mean, there's some other aspects of this. The first thing which I want to focus on is put yourself in the point of view of the blackmailer.
What have they got to gain from going through that entire database and scouring Facebook and LinkedIn and trying to work out who your partners are and who your family members are, and then try and reach them as well?
That's an awful lot of effort to go to, and you're not going to make any money out of it.
What have they got to gain from going through that entire database and scouring Facebook and LinkedIn and trying to work out who your partners are and who your family members are, and then try and reach them as well?
That's an awful lot of effort to go to, and you're not going to make any money out of it.
No, but in the email, in the initial email that they send out just to show they mean business, they included some of the information from the data dump, the original data dump.
Yeah, from the data dump. That's easy. Anyone can get their hands on that within 10 minutes on the internet.
Well, and that's what they're suggesting they're going to do, right? They're saying they're planning to put all this online in a cheaters gallery.
And I think there's the extra gravy, if you want, of embarrassment by saying we're going to go after, you know, your loved ones and tell them what you've done.
And you're suggesting, of course, they're not going to do that. That's going to be a lot of work.
And I think there's the extra gravy, if you want, of embarrassment by saying we're going to go after, you know, your loved ones and tell them what you've done.
And you're suggesting, of course, they're not going to do that. That's going to be a lot of work.
Yeah, they might do it in a handful of examples, but they're not going to do it for most people.
And yeah, I'm tended to agree.
And even if they do create a cheaters gallery of everyone's detail up there, well, whoopee-doo, Mr.
Blackmailer, because there's already plenty of websites where you can enter people's names and see if they occur in the Ashley Madison database.
And furthermore, Ashley Madison never bothered to verify people's email addresses. So you could put in, and I believe, for instance, Tony Blair's email address, right?
Former Prime Minister of Great Britain. His email address was in the Ashley Madison database dump. But I don't think he was cheating on Cherie. No. Right?
Blackmailer, because there's already plenty of websites where you can enter people's names and see if they occur in the Ashley Madison database.
And furthermore, Ashley Madison never bothered to verify people's email addresses. So you could put in, and I believe, for instance, Tony Blair's email address, right?
Former Prime Minister of Great Britain. His email address was in the Ashley Madison database dump. But I don't think he was cheating on Cherie. No. Right?
Yeah, yeah, yeah. And there are stories of that. It's really, yeah, there's stories of people who say that they have been added, which obviously I'm sure that's true in some cases.
And I'm sure in other cases, that's the story you're using. Right. To try and—
And I'm sure in other cases, that's the story you're using. Right. To try and—
I'm sure it's a good go-to excuse.
Yeah, yeah, yeah. I mean, yeah, absolutely. I'm sure some people will use that excuse. Of course they will. Yeah. But it's an excuse.
One thing I would say is do not try and seek out the data dump to see if you are on it or not.
Check out a service like, for example, Troy Hunt's excellent service, Have I Been Pwned?
And you can put in your email address at that location to see safely whether you're on any of these lists and where you might have— your name may have been found, your email address and some of your data.
Check out a service like, for example, Troy Hunt's excellent service, Have I Been Pwned?
And you can put in your email address at that location to see safely whether you're on any of these lists and where you might have— your name may have been found, your email address and some of your data.
And be more careful in future.
If you're going to sign up, it doesn't matter if it's an adultery— I mean, Ashley Madison sold itself and marketed itself a great deal as, you know, having an affair and all that kind of business, right?
But even if it isn't that kind of site, even if it's just a regular dating site, if you're signing up for it tomorrow, be careful what details you give it and what email address and so forth you might give it, because in 15 years' time, when you are in a healthy relationship and that site gets hacked and your information comes out, your then current partner may think, "Well, what are you doing as a member of that site?" And you'll be there saying, "Well, I joined it 15 years ago." Okay.
Right?
If you're going to sign up, it doesn't matter if it's an adultery— I mean, Ashley Madison sold itself and marketed itself a great deal as, you know, having an affair and all that kind of business, right?
But even if it isn't that kind of site, even if it's just a regular dating site, if you're signing up for it tomorrow, be careful what details you give it and what email address and so forth you might give it, because in 15 years' time, when you are in a healthy relationship and that site gets hacked and your information comes out, your then current partner may think, "Well, what are you doing as a member of that site?" And you'll be there saying, "Well, I joined it 15 years ago." Okay.
Right?
Okay, but all these sites often require payment, and in order to provide payment, they often require credit card details.
Now, obviously, some have PayPal and some have other methods of payment, which can be better to protect your anonymity should the worst happen.
But you know, they do need to, a lot of these sites demand that you kind of provide legitimate credentials before you go forward.
Now, obviously, some have PayPal and some have other methods of payment, which can be better to protect your anonymity should the worst happen.
But you know, they do need to, a lot of these sites demand that you kind of provide legitimate credentials before you go forward.
Not all, but there's a lot that do. Not all, no. And so, you know, caveat emptor, right? Be careful what you're buying and what you're joining.
And I think we're all agreed, don't pay the blackmailers, right?
And I think we're all agreed, don't pay the blackmailers, right?
Don't pay.
Yeah, absolutely. Please do not pay.
Because if everyone didn't pay, if the payback was low, then wouldn't the criminals kind of go, ooh, that didn't work, maybe we should do something else, that data's dead. Right?
Because if everyone didn't pay, if the payback was low, then wouldn't the criminals kind of go, ooh, that didn't work, maybe we should do something else, that data's dead. Right?
And if this works for them, it encourages other people to do this on other things.
We say don't pay.
We say don't pay. We say don't respond to the blackmailers either.
In fact, I would say go one step further and report the blackmail extortion attempt to the authorities because it may well be that they are investigating the case and that they need evidence.
That's a good point.
In fact, I would say go one step further and report the blackmail extortion attempt to the authorities because it may well be that they are investigating the case and that they need evidence.
That's a good point.
That's a great point.
If you have any, pass it over to them so that they can try and find out who these blackmailers are.
Yeah.
Good call.
Yep. Alrighty. Well, on that cheery note, I think we're coming to the end of the show, aren't we?
If you enjoyed the show, make sure to subscribe to us on iTunes or on Google Play Music or Stitcher or TuneIn or Overcast.
If you enjoyed the show, make sure to subscribe to us on iTunes or on Google Play Music or Stitcher or TuneIn or Overcast.
And if you like us a lot, please leave us a review. It really helps. And a big shout out to Recorded Future, our sponsors this week.
You can sign up to their Cyber Daily newsletter and get their latest insights at recordedfuture.com/intel.
You can sign up to their Cyber Daily newsletter and get their latest insights at recordedfuture.com/intel.
Well, thanks very much for joining us this week. Thank you, Michael, as well. I hope the podcast wasn't too painful for you.
Thanks for having me. It was a lot of fun. I'll be back someday.
Yay. If you liked the show, tell your friends, let us know what you think.
You can go to www.smashingsecurity.com and you will find an email contact form and a link to our Twitter and all the other places where we hang out online.
And until next week, toodaloo, bye-bye, bye, au revoir.
You can go to www.smashingsecurity.com and you will find an email contact form and a link to our Twitter and all the other places where we hang out online.
And until next week, toodaloo, bye-bye, bye, au revoir.
Update: Mike Malloy of Webroot has offered the following statement:
Webroot has issued a standalone repair utility that provides a streamlined fix for our business customers. This is in addition to the manual fix issued Monday, April 24.
For access to the repair utility, business customers should open a ticket with Webroot support, or reply to an existing support ticket related to this issue.
The instructions we shared with our consumer customers yesterday are still the best solution for these users.
Our entire Webroot team has been working around-the-clock on this repair and is implementing additional safeguards to prevent this from happening in the future. We apologize to our customers affected and appreciate their patience during this challenging issue.
Strangely enough, Webroot even prevented users from accessing Facebook after it flagged the social network as a phishing site.
What's so strange?
I've been using Macs for >2 decades. Been running Sophos for years and years, but it never finds anything.
Given how often Windows throws a 'Unknown Publisher' modal alert for Windows own code, I'm surprised this sort of behavior isn't a daily way of life for PC's.
For ITs, it looks like nightmare at is best!…at least Webroot didn't flag itself as a threat…:)
Mental note: check antivirus test result reports (AV-comparatives dot org): does Webroot AV feature in the very good, okay, or mediocre category?
[why are all these business users and MSPs choose Webroot? – it has never featured on my business AV option list, never mind shortlist..]
Webroot will surely lose a lot of customers over this.. And I don't mean blocking of Facebook, which would appear advantageous to most business outside of some with sole web presence there..
Almost all antivirus products do something bad from time to time, but this is a so big.. (far bigger than McAfee hiding all a client's user files under Windows 8.1 pro in 2016. That resolved by uninstalling McAfee and installing a reliable product instead.)
I am fighting right now with a similar problem in Windows 7 Prof due to Kaspersky Internet Security., which I have had only 2 weeks. It suddenly started flagging eclipse JARs as "corrupt" (they weren't): Now, instead of that, it flags the 64-bit Java (8u131, the latest Oracle version) as "incompatible 16-.bit version" that I use to start eclipse.
A month ago I paid for a 3-machine Bitdefender product that I finally deinstalled, because it was preventing my machine from shutting down, and then strangely started fiddling around with my task bar (icons and size became different). Now I have these Kaspersky problems.
In between giving all these guys a chance to clean up their act, I deinstall their software and reinstall Microsoft Security Essentials, which I've been using to my satisfaction for years.
This story about Webroot has really made me sweat. Looks like I'll have to spend a lot of money short-term on a fast backup system that I should use daily – I have a lot of changing development data. Gotta go into AAV (anti-antivirus) mode.
What I cannot understand is why Webroot failed to test their own signatures on Windows PCs BEFORE distributing them! I have been using Webroot for 3 years now and even have it in our business because I personally recommended it. The only problem I have ever had with it is with an esoteric MIDI sequencer called Seq303. I reported the false positive to them, and they still have done nothing about it. I run Windows 10 Defender instead on that particular PC running Seq303.
That said, Webroot is the least intrusive, lightest resource usage, and easily most effective AV product I have ever used. It spotted viruses Kaspersky failed to spot. And it has heuristic analysis built in for zero-days. It is still excellent IMO, despite this wobble!
And I have installed Kapsersky products on Client computers that were infected when Webroot failed to detect an infection on their computers.