My twitter feed has recently been full of promotions for WIFI Password Hacker tool. It seemed interesting.
“Free” is always a compelling argument. Also, my ‘friends’ are liking and endorsing it, so it must be good. Right?
DANGER! DO NOT DOWNLOAD OR RUN THIS SOFTWARE!
Proofpoint says that clicking on links and files in emails from social networks is the biggest security risk.
But honestly, if it looks slimey like a phish, reads like a phish, smells like an old phish, probably it’s a phish. Yet the tweets piqued my interest even though I knew is was likely phish. Was this a new WIFI password tool and somehow better than the one I have now?
My current WIFI password revealing software is on a CD and runs a mini Linux Kernel small Operating System (OS) at boot. For non technical people it boots and runs just this program. It is a useful tool when setting up routers (DDWRT) to test security, particularly bridged and repeaters which extend the area of a wireless hub and when people “forget” their router password. This software does have legitimate purposes.
After install and testing, if the software does not damage or compromise, and it is worth keeping, it gets transferred to the big box. When software fails or corrupts, its easy to reinstall W7 and carry on. This seemed like a more useful purpose for an old laptop than trashing it.
So back to WIFI hacking… clicking on the link takes me to a suspicious site above. Suspicious because the site doesn’t relate to the subject matter: two sites actually came up: easygifthouse.com and wifipasswordhack.co
A whois reveals more suspicious information about wifipassword.co. If you are interested here is the link for the other: (http://www.ip-adress.com/whois/easygifthouse.com)
After clicking on the links in the tweets the first thing that popped up is a requirement to endorse the software. This requirement must be met in order to download.
I heard virtual claxtons so right there I stopped. Well not really stop, just stop the download of this version of the software. Of course I could have created a bogus facebook ID to meet the requirement ,but chose no to. The potential of passing along a recommendation for phishing software to my friends and followers is not going to happen.
So it seemed to check the validity of the application. Here is a quick check to see what else is out there. Oh, what is this? 3.3 million hits for WIFI password hack?
This is software version is likely loaded with malicious intent. There are other versions of this available and the same rules apply. The software does not appear to have a legitimate source, author or publisher. Unlike most software which has a publisher’s site. No single creator’s source homepage is another red flag.
CAUTION! If you insist on downloading and testing, only do it on an isolated and clean machine where no data is stored and a reinstall will not cause inconvenience. And NEVER open your social network as a requirement for any software or download! NEVER!
The next four downloads had similar packaging. They were never ‘installed’ either. Whether these intended to put a virus on my computer, install tracking software, hijack my computer, ransomed-ware the disk or other nefarious activity, it is hard to say. But it is clear it had evil in mind.
Pulling it all together, the core software in this case may well be benign but for the users intent. That doesn’t matter. Even the most harmless software can be wrapped in an envelope of software that is malicious.
This particular offer is compelling because it is endorsed by friends and is in twitter. I have since, let my friends know they may have been phished and what to do about it.
If a victim yourself let your friends know also. They may become victimized because other friends have endorsed it without their intent.
There are good tools to remove malevolent software such as Malwarebytes, CCeaner, AVG, Symantic, Glary and many others. It is wise to have a good firewall and maintain it. It is also wise to have a good firewall and maintain it. But still, the best thing is to follow rule number one.
Remember and obey the first rule of security: “Don’t do anything stupid!” Should you accidentally get compromised, clean it up immediately.
Please share this post with your friends so they may be aware of how to protect themselves and follow us.
BPID is on a mission to eliminate the password in 2016. Our asymmetrical data system makes eliminating the password possible without compromising security or convenience. Stay aware of our progress, please join us by signing up for our news at bpidsecurity.com.