The Consensus Security Vulnerability Alert

January 19, 2023  |  Vol. 23, Num. 03

Internet Storm Center Spotlight


ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware

Published: 2023-01-18

Last Updated: 2023-01-18 07:31:54 UTC

by Brad Duncan (Version: 1)


Google ads are a common vector for malware distribution.  Do a Google search for any popular free software download.  Review any search results marked "Ad" or "Sponsored," then check the link to see if anything is unusual.

I've already written two diaries and authored various tweets about this type of activity:





Others have also reported his activity.  Recent posts include:





One example of free software routinely spoofed for Google ads is Notepad++.  Almost without fail, I can find a fake webpage for Notepad++ every day through Google ads.  For today's diary, I found a Google ad for a malicious site at notopod-plos-plus[.]com.

Read the complete entry:


PSA: Why you must run an ad blocker when using Google

Published: 2023-01-16

Last Updated: 2023-01-16 13:50:18 UTC

by Johannes Ullrich (Version: 1)

Today, I just have a short public service announcement: You MUST run an adblocker while using Google. It may be best just to keep the adblocker enabled all the time.

Ads have been important in supporting many good (and, of course, bad) content on the web. It has been a long standing "social contract" to allow ads to help support creators of valuable content. But sadly, ad networks have not provided any due diligence verification of the ad buys they accept. As a result, in particular, ads displayed as part of Google search results are often used to distribute malicious software impersonating popular products. Open-source and free products are particularly vulnerable. They usually cannot pay for competing for ads to reduce the effectiveness of malicious advertisements. 

Read the complete entry:


Elon Musk Themed Crypto Scams Flooding YouTube Today

Published: 2023-01-15

Last Updated: 2023-01-15 17:09:34 UTC

by Johannes Ullrich (Version: 1)

I noticed several videos posted to YouTube today attempting to direct users to crypto coin scam websites. The overall ruse is quite old: The scam promises that Elon Musk, or an organization associated with him, is giving away crypto coins. The catch: You first have to send crypto coins to the address to receive multiple of them back. 

It all starts with a video promising a live stream of Elon Musk covering current developments around SpaceX. The channel being used for these videos, SpaceXMission, has over 2 Million subscribers right now and around 430 Million views. Interestingly, this is not a new channel, but it started on August 25th, 2008. Currently, around 4 thousand users are watching the "live streams".

During the video, a QR code is displayed alongside an image that claims to show a tweet by Elon Musk promising crypto coins.

Read the complete entry:


Internet Storm Center Entries

Finding that one GPO Setting in a Pool of Hundreds of GPOs (2023.01.17)


Prowler v3: AWS & Azure security assessments (2023.01.12)