dude i cant fckn log in or change my password to my work accounts I CANT FCKN LOG INNNNNMM

I need to make a presentation due tomorrow but powerpoint mobile told me to sign in but i didnt have my password in my phone so i changed my password but now im locked out of my account for some fucking reason and my laptop wont even turn on i guess i didnt charge it or something. Not to mention the gargantuous lag that takes place when i tried to put in or change my fucking microsoft password. Like changing my password literally took several minutes. Sorry teach but the presentation will have to wait until next week.

Aol customer service number usa

I get direct mail e mail I can't get rid of.*Tried blocking truly modifications address passed the… I can't get into my aol mail. I hooked up my purchaser call, them “overlook approximately password” and it tel… Only one mobileular telecellsmartphone works to get AOL and I think I without a doubt have the wrong telecellsmartphone range withinside the system says my aol account has been de activated due to suspicious activity*said to call…https://www.realmailinfo.com/blog/video-wont-open-in-aol-desktop-gold/ sent emails showing “verizon notification *****@***.com” Is this the modern-day normal? I did… Necesito cambiar el idioma de mi AOL. Pueden cambiarmelo del Ingles al Espa*ol. Gracias Someone sent a sexually picture and perilous e-mail to my partner at artwork yesterday. Tr… I can’t retrieve my e mail garyjm @verizon.net Getting mistakes message even as seeking to deliver or preserve an e mail draft*Ep-**** I without a doubt have had * e mail addresses forever. In the past * months or so my Microsoft Outlook… Forgot password for my AOL account S*****@***.com and moreover changed my telecellsmartphone range so I… my direct mail deliver dpouble pages and does now now no longer show any type of ho*wq* many i get I can't get right of entry to the email or the range it truly is hooked up to my aol account, I need help res… I refreshed My e mail and now I’m kicked out and it say my password is incorrect. Hi I without a doubt have a delivery these days it’s miles a holiday Cottage and I need to recognize even as energy is goi… See extra modern-day reasons for calling Help me with my problem Our Editor’s Notes on AOL’s Phone-Based Customer Care AOL is one of the oldest online services companies withinside the United States. It provides e mail services, Internet services and online forums and talk companies to its members. With tens of hundreds and hundreds of users, it isn't always unexpected that AOL gets many requests for customer service each and every day. Why Do People Call AOL Customer Support? People call AOL for a range of reasons, along with: Help installing new accounts Help with changing or canceling accounts Addressing billing issues Reporting fraud or abuse Technical assist and troubleshooting Best Practices for Calling AOL Customer Service There are severa subjects that you could to ensure that your call to AOL goes nicely and that you achieve a brief selection for your problem: Before calling, make sure you’ve were given were given the right range. AOL however provides Netscape assist and there can be a exceptional range for the ones accounts. In addition, there are extraordinary numbers for Spanish language and TTY (being attentive to impaired services) assist. Call throughout assist hours. Technical assistance is 24/7 for paid subscribers. Other requests are handled throughout exceptional days and times. Have documentation relevant for your case handy. If you’re calling about a technical problem, be withinside the the front of your computer or have your device handy so that you can troubleshoot on the aspect of the representative. If you’re calling about a billing problem, have your statements or invoices nearby. Have a way of taking notes throughout your call. These can are to be had handy if you have to growth your case. How do Consumers Feel About Calling AOL Customer Service? Customers are reasonably satisfied with AOL customer service. As a legacy Internet organization, AOL has pretty some enjoy working with folks who aren't technically savvy. AOL moreover values its customers and wants to keep them with the organization. What Kind of Issues can AOL Customer Service Representative Resolve? As a completely online organization, AOL customer service representatives are able to resolve most issues, along with billing issues, technical troubles and issues of fraud. They are also able to process appeals of suspended and canceled accounts. What Can’t Be Resolved With a Call to AOL Customer Service? Because of the social nature of AOL, it’s miles now no longer viable for the organization to referee conflicts amongst members. Unless each different member’s conduct violates AOL’s terms of service, an AOL representative won't be able to have that man or woman suspended or banned from the platform. Another problem that an AOL customer service representative won't be able to resolve is if the AOL software program application or its platform are incompatible collectively together with your computer, devices, or jogging system. While the representative may be capin a role to help you troubleshoot to determine whether or not or now no longer technical troubles are because of an incompatibility, he or she also can moreover only have the capacity to suggest a likely workaround or that you use a exceptional device or OS. What Should You Do If You Have an Unsuccessful Call with AOL? If you get off the telecellsmartphone with an AOL representative and experience as aleven aleven though your question modified into now now no longer spoke back or your problem modified into now now no longer resolved, do now no longer offer up. You also can moreover however have options. Review your call notes. If you didn't take notes, write down or type out what you don't forget from the conversation. Take take a look at of any areas of possible miscommunication so that you can address the ones issues in your next call to AOL. Next, call AOL back. The next AOL customer service representative that you speak to also can moreover have extra enjoy or better training. This have to allow him or her to understand your troubles and provide a excellent solution. If the second call does now now no longer resolve your situation, try contacting AOL via its extraordinary customer service options. AOL does offer a live chat desire, on the aspect of e-mail assist, every of which have the gain of supplying you with a transcript of your conversation. Another desire is to request help from AOL via its social media accounts.

Info Stealing: a new operation in the wild

Attack attribution is always a very hard work. False Flags, Code Reuse and Spaghetti Code  makes impossible to assert "This attack belongs to X". Indeed nowadays makes more sense talking about Attribution Probability rather then Attribution by itself. "This attack belongs to X with 65% of attribution probability" it would be a correct sentence.

I made this quick introduction because the following analysis would probably take the reader to think about specific attribution, but it wont be so accurate, so please be prepared to have not such a clear conclusions.

Today I'd like to show an interesting analysis of a quite new InfoStealer Malware delivered by eMail to many International Companies. The analysis shows up interesting Code Reuse capabilities, apparently originated by Japanese Attackers reusing an English Speaker Attacker source code. Again I have not enough artifacts to give attributions but only few clues as follows. In the described analysis, the original sample was delivered by [email protected] (with high probability a compromised South Africa account) to one of my spamming email addresses.

The obtained sample is a Microsoft Word document within macro in it. The macros were heavily obfuscated by using four rounds of substitutions and UTF-8 encoding charsets (which, by the way, is super annoying). The following image shows the obfuscated macro code with UTF-8 charsets.

Stage 1: Obfuscation

 By using oletools and "tons" of cups of coffee (to be awake until late night to make recursive steps) I finally was able to extract the invoked command, showed in the following image.

Stage 1: Invoked Command

A fashionable powershell command drops and executes: hxxp://ssrdevelopments.co.za/a2/off.exe. Powershell seems to be a "must have" in contemporary Malware. Analyzing the "dropping" url and tracking down the time it is in "Index Of" mode (2017-0-13), I suspect it is not a compromised website rather a crafted web server or a compromised host of a dead company.

Dropping Web Site

By surfing on the Malware propagator web site I founded out many malicious executables (sees IoC section) each one showing up specific behaviors such as: password stealers, RAT and Banking Trojans. Even if the samples were developed for different targets, all of them shared the following basic behaviors:

Check for victims IP address before getting into Malicious activities (maybe related to targeted activities)

Install itself into auto execution path

Tries to fingerprint the target system (such as CPU, HD, Memory, Username, System, etc..)

Sniff for Keystrokes

I'd like to write a simple analysis for each found sample, but today time is not my friend, so let's focalize to one of the malicious samples. Let's get done the received sample by digging into the "second stage" dropped by the powershell "first stage" from ssrdevelopments.co.za/a2/off.exe. After few seconds on second stage (off.exe) it became clear that it was a .NET software. By reversing the interpreted .NET language some clear text comments appeared interesting. Japanese language such as comments and variable names came out from static analysis. Let's have a look to them.

Stage 2: Apparently Japanese characters

While the sample pretends to be compiled from "Coca-Cola Enterprise" (maybe a target operation against Coca-Cola ? Or a targeted operation agains Coca-Cola Suppliers ? So why it ended up to my inbox ? Anyway ... ) google translator suggests me that Japanese characters are in text: such as the "Entry Point", "Class names" and "Function Names". 

Stage 2: Japanese Names and Self Encoding Structures

It was not hard to figure out that Stage 2 was auto-extracting bytes from itself (local variables) and saving them back to hard drive after having set up auto execution registry key on windows local registry.  The following image shows the xoring function used to decrypt converted bytes to the real payload. 

Stage 2: Xoring function to extract Stage 3

On my run, the xored payload took the name of GIL.exe; another .NET  executable. We are now facing the third stage. By analyzing the decompiled sample it became clear that:

The coding style was quite different from the previous stage (Stage 2)

The implementation style was different from the previous stage as well

The sample was interested on information about the user, the machine, the webservices on the PC and to many more windows specific parameters.

Stage 3:  New Language in Strings and Class names

Stage 3: New Code Style

By closely investigating Stage 3, the analyst would probably notice the heavy presence of "decorators", a different format in the definition style and last but not least the code composition. Everything looks like belonging to different single developers. The variable language, the comments structure and the general usage of terms, takes the analyst to believe in having found two different developers belonging to different cultures (maybe countries). Finally the malware looks for users, computes, and webservices informations and drops everything up to C2 by posting parameters to : ssrdevelopments.co.za/cgi-bin/

IoC:

Following the principal IoC for the described threat.

Hash Stage 1:

7f1860673de9b1c2e6f7d6963a499e8ba4e412a1

bf4a26c9e52a8cacc7afd7d95d197bff1e47fb00

Hash Stage 2:

ac55ee783f3ed0bd23eccd01040a128dc6dc7851

Hash Stage 3:

6a38e4acd9ade0d85697d10683ec84fa0daed11c

Persistence: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\kij %APPDATA%\Roaming\kij\kij.exe

Dropping URL:

ssrdevelopments.co.za

Command and Control:

ssrdevelopments.co.za/cgi-bin/

Related hashes from harvesting Dropping URL:

62c9d2ae7bafa9c594230c570b66ec2d4fa674a6

b15b69170994918621ceb33cb339149bdff5b065

55abcfb85e664fbc8ad1cb8b60a08409c2d26caa

f843427e9b7890f056eaa9909a5103bba6ffb8fd

f2b81e66fcb1032238415b83b75b3fe8bf28247d

cab90f7c935d355172b0db123d20b6a7d1403f65

c1ba30d7adec6d545d5274f95943f787ad4c03e7

ed9959bb0087f2c985b603cee0e760f3e0faaab15

c93851627ffd996443f85d916f3dbedd70e0ff69

144b34b4816062c2308a755273159e0460ffd604

98293b80ccf312a8da99c2b5ca36656adebd0d0f 

2875d1b54337b1c17c8f4cd5f6b2d579667ee3d9 

0b4299ffb3f9aa59e19dd726e79d95365fe1d461

46bb0b10d790a3f21867308e7dcdeb06784a1570

0960726560a94fbbb327aa84244f9588a3c68be8 

a480a75c3af576e5656abadb47d11515a18a82be

2ba809c53eda2a475b1353c34f87ce62b6496e16

5b0c3071aa63e18aa91af59083223d3cceb0fa3c 

dc780bf338053e9c1b0fdf259c831eb8a2768169

As final thought I'd like to highlight the following key concept of that analysis:

From a single email, the analyst could discover attacker's assets, mapping them and disarming them (through IoC). 

The analyzed code shows apparent evidences to belonging to different groups of attackers.

The analyzed samples show code reuse. Code reuse is dangerous because it makes attackers more powerful and extremely quick to change Malware behavior.

Hope you enjoyed.

The post Info Stealing: a new operation in the wild appeared first on Security Boulevard.

from Info Stealing: a new operation in the wild