Hello and welcome to the Tuesday, January 17, 2023 edition of the Sands and its Storm Center's Stormcast. My name is Johannes Ulrich and then I'm a recording from Jacksonville, Florida.

Very quick diary today, really a story that I have covered already a couple weeks ago here, and this is

the need to run an ad blocker if you are using Google. It has become so bad about malware

being advertised if you're trying to search for software download sites.

In particular, some open source projects were recently hit,

like, for example, OBS Studio, VLC, Audacity,

the software I'm using here to record this podcast. All of these software packages were hit by look-alike sites that weren't just sort of organic search results,

but paid ads with Google.

So there is really no good alternative right now because it can be very difficult to distinguish

valid from invalid search results. For example, for Audacity,

the valid site is audacityteam.org, not just audacity.org or audacity.com. So very possible

for an attacker to come up with something like Audacity Dash Team and such.

That's the type of lookalike domains that you often see here.

They're not using fancy things like international characters and such.

Just the variations of the valid domain name in order to trick you into downloading malicious software.

On Twitter, Malvern Hunter team has sort of taking a lead here in uncovering many of

these fake sites and they daily almost publish new sites that are impersonating valid

software, open source or commercial, and then

the malware is being advertised via Google Ads.

And well, password managers are in the news again and not in a good way.

This time it's Norton LifeLog's turn. The password manager that the Norton

Lifelock uses is accessible via a webpage and well requires just a username and password. Imagine

...