Woah, woah, hold up! Beware of MALWARE in Buyer requests!

[vepthy]

Pretty much 99% of people are walking around naked online.

Well, I know where I am 😃

The main reason why I posted this is because I know how many people are unaware of malicious content and their privacy.

I really hope this goes out far enough so Fiverr staff sees it and really take care of this. Privacy matters

[vepthy]

I am very paranoid about that stuff. It doesn’t help that in graphics & design nearly every BR has attachments.

Had a buyer request pop up about an hour ago in photo editing category. The request itself looked legit, but there was a text document attached. In the document there was a shortened link with something along the lines of “I want something similar to this picture I found on the internet, check it out”.

Uhuh. Not suspicious at all.

I did not investigate the link, but I’m 99% sure that in best case scenario it’s just some spam, but could be much worse.

When something that you are skeptic gets in your hand, best thing to do is to use VirusTotal and be sure.

Of course (like in this case), some things aren’t detected yet and you should be careful about that then.

[Guest fibocci]

I am honestly baffled how Fiverr still does not have anything set up to check for instances like these. This should have been covered at the very beginning.

[cyaxrex]

I am very paranoid about that stuff. It doesn’t help that in graphics & design nearly every BR has attachments.

Had a buyer request pop up about an hour ago in photo editing category. The request itself looked legit, but there was a text document attached. In the document there was a shortened link with something along the lines of “I want something similar to this picture I found on the internet, check it out”.

Uhuh. Not suspicious at all.

I did not investigate the link, but I’m 99% sure that in best case scenario it’s just some spam, but could be much worse.

This is why I don’t use wifi and make sure all my devices are locked down as best as I am able to make them. Sadly, I haven’t been able to thwart the Intel Management Engine, yet.

I am very paranoid about that stuff. It doesn’t help that in graphics & design nearly every BR has attachments.

To be honest, if my work involved me opening lots of attachments, I’d create a virtual machine in a free app like Virtual Box to scan and open files. - Or just use a separate machine for work and personal use.

I know some people can’t afford 2 PCs or devices. But I can still get by perfectly fine on a 2004 laptop if I need to for all kinds of personal business. That cost me less than $50 on eBay.

[vepthy]

I am honestly baffled how Fiverr still does not have anything set up to check for instances like these. This should have been covered at the very beginning.

Things like these are new and hand made. As you could see in my original post, only 20 av’s out of 50 detected it.

Chrome, Firefox and other huge browsers don’t have that file in their database either.

To be honest, if my work involved me opening lots of attachments, I’d create a virtual machine in a free app like Virtual Box to scan and open files.

Yes! Well said. Also, if you’re uncomfortable with those things, use “SandBox” software to manually isolate files that you open.

[Guest fibocci]

Things like these are new and hand made. As you could see in my original post, only 20 av’s out of 50 detected it.

Chrome, Firefox and other huge browsers don’t have that file in their database either.

To be honest, if my work involved me opening lots of attachments, I’d create a virtual machine in a free app like Virtual Box to scan and open files.

Yes! Well said. Also, if you’re uncomfortable with those things, use “SandBox” software to manually isolate files that you open.

They should, at the very least, set up some guidelines for Buyer’s Requests (for both sellers and buyers) instead of making them almost like a “secret feature”. Would’ve saved a lot of time and trouble.

[vepthy]

One question. Is there a way that some user/moderator can edit my original post with recent post that contains all updates. It would help everybody that visits this thread.

[Guest fibocci]

This is why I don’t use wifi and make sure all my devices are locked down as best as I am able to make them. Sadly, I haven’t been able to thwart the Intel Management Engine, yet.

I am very paranoid about that stuff. It doesn’t help that in graphics & design nearly every BR has attachments.

To be honest, if my work involved me opening lots of attachments, I’d create a virtual machine in a free app like Virtual Box to scan and open files. - Or just use a separate machine for work and personal use.

I know some people can’t afford 2 PCs or devices. But I can still get by perfectly fine on a 2004 laptop if I need to for all kinds of personal business. That cost me less than $50 on eBay.

To be honest, if my work involved me opening lots of attachments, I’d create a virtual machine in a free app like Virtual Box to scan and open files. - Or just use a separate machine for work and personal use.

Like having a Windows 10 VM for these (and anything else that involves sharing your data, even games) and Linux for everything else.

[humanissocial]

@cyaxrex, @marinapomorac, @wolfhowler, @humanissocial, @fibocci, @erik_keresztes

Sorry for pinging you all. I have an update. Will post here since I can’t edit my thread.

For now, no answer from Fiverr team. Will update you on that.

I have explored the graph from file detection on VirusTotal and this is real nasty. For anyone who would like to explore himself, here you go. It is 100% safe, no worries 😉 .

Seems like that Erik was right. It executes a script that later contacts with some nasty things. Here is an image of one part of it.

graph919×464 44.4 KB

I have also reported this to all major browsers and seems like that all in all, antivirus detection went from 20 to 30, which is good.

Take care!

Important update:

After searching more, I found more malicious sibling files. This seems to be another one from same guy/group.

“Freelancer.zip”

Link to detection

Hash: c49e6926ca713a3874e02ded35b7a5c6becb6ae893026a11a670677aa457a69e

“readme.txt.Ink” (In Freelancer.zip)

Link to detection

Hash: a5c25ce54a8003f5917593f03a460ad9751e5485c249e51ba39aaace07eba87a

“xml.xml”

Link to detection

A microsoft thread that explains what are these doing.

Goodness this is disturbing. Thanks so much for the details and insight. Fiverr should be assessing for these things, too. I doubt they are.

[vepthy]

Goodness this is disturbing. Thanks so much for the details and insight. Fiverr should be assessing for these things, too. I doubt they are.

Yeah, 2 days have passed, I have updated them several times. No response. Still curiously waiting for it 😕

[humanissocial]

Yeah, 2 days have passed, I have updated them several times. No response. Still curiously waiting for it 😕

Yeah you’d think this would be a priority. Says that a lot that it isn’t…

[cyaxrex]

To be honest, if my work involved me opening lots of attachments, I’d create a virtual machine in a free app like Virtual Box to scan and open files. - Or just use a separate machine for work and personal use.

Like having a Windows 10 VM for these (and anything else that involves sharing your data, even games) and Linux for everything else.

Like having a Windows 10 VM for these (and anything else that involves sharing your data, even games) and Linux for everything else.

To be honest, that’s not really the right approach. If I wanted to be safe as someone who uses something like Photoshop for work and I only had 1 PC, I’d download files normally, but put them through a virus scanner in a VM, before (if they were safe) getting work done in my regular PC environment.

Using apps like Photoshop in a VM is tricky unless you have lots of spare CPU power and RAM you can devote to a VM.

You also need to differentiate between Internet privacy and security. Playing games in a VM probably won’t work to well and will not protect your privacy at all. However, it will increase your overall workstation security.

If you are a complete novice when it comes to cybersecurity, it might be best to just enable S mode in Windows 10 and do what I said about opening and scanning attachments in a VM. You can also set your firewall to block all incoming requests and only use a guest account on your device to improve security.

Those steps alone will prevent you from falling victim to the majority of virus and hacking attempts.

[wolfhowler]

This is why I don’t use wifi and make sure all my devices are locked down as best as I am able to make them. Sadly, I haven’t been able to thwart the Intel Management Engine, yet.

I am very paranoid about that stuff. It doesn’t help that in graphics & design nearly every BR has attachments.

To be honest, if my work involved me opening lots of attachments, I’d create a virtual machine in a free app like Virtual Box to scan and open files. - Or just use a separate machine for work and personal use.

I know some people can’t afford 2 PCs or devices. But I can still get by perfectly fine on a 2004 laptop if I need to for all kinds of personal business. That cost me less than $50 on eBay.

This is exactly what I do, I have a locked down “safety machine” that allows me to download and execute files in a safe environment.

Well done @vepthy . A lot of time has gone into this and it just shows how dangerous some files can be. To everyone out there, get an anti virus and a firewall. Regardless of if you are on Windows, Mac or Linux. I am on Mac and so many times see people who don’t have an anti virus, they just say “but Mac is safe”, no no it is not.

[muztre]

whoa this is dangerous, I frequently download file from buyer request. Hope Fiverr can do something about this

[marinapomorac]

whoa this is dangerous, I frequently download file from buyer request. Hope Fiverr can do something about this

The only thing they can do is dedicate a real human to vet all requests before posting. And add report feature to BR section.

[vepthy]

The only thing they can do is dedicate a real human to vet all requests before posting. And add report feature to BR section.

It would be also a great idea to add maybe a “Buyer request id” so if something like this happens, Fiverr team can use the id (like ticket id) to forensics and have an direct easy access to the files.

[helenabester]

It would be also a great idea to add maybe a “Buyer request id” so if something like this happens, Fiverr team can use the id (like ticket id) to forensics and have an direct easy access to the files.

@vepthy

Please enlighten those of us that are ‘clueless.’ Would it be safe just to ignore zipped files? I suppose my Norton will take care of the rest?

[vepthy]

Like having a Windows 10 VM for these (and anything else that involves sharing your data, even games) and Linux for everything else.

To be honest, that’s not really the right approach. If I wanted to be safe as someone who uses something like Photoshop for work and I only had 1 PC, I’d download files normally, but put them through a virus scanner in a VM, before (if they were safe) getting work done in my regular PC environment.

Using apps like Photoshop in a VM is tricky unless you have lots of spare CPU power and RAM you can devote to a VM.

You also need to differentiate between Internet privacy and security. Playing games in a VM probably won’t work to well and will not protect your privacy at all. However, it will increase your overall workstation security.

If you are a complete novice when it comes to cybersecurity, it might be best to just enable S mode in Windows 10 and do what I said about opening and scanning attachments in a VM. You can also set your firewall to block all incoming requests and only use a guest account on your device to improve security.

Those steps alone will prevent you from falling victim to the majority of virus and hacking attempts.

Not really. It really depends on your AV. Some antiviruses still don’t detect these new files as malware.

If you are a complete novice when it comes to cybersecurity, it might be best to just enable S mode in Windows 10 and do what I said about opening and scanning attachments in a VM. You can also set your firewall to block all incoming requests and only use a guest account on your device to improve security.

This would be your best option for these files. Many antiviruses (including scanners in browsers) can’t scan inside of a zip file.

In a real scenario, you would extract the zip file to see what’s inside and if you accidentally open one of those files, you might be compromised.

If something like virtual machines are too complicated for you, before extracting or executing an attachment, go to https://VirusTotal.com and scan the files. You can also copy an url of the attachment and put it in their search box. Website will scan your file/url with 50-60 antiviruses.

[mjensen415]

Hi Everyone,

Buyers and sellers who are trying to pass viruses to an unsuspecting party is concerning. Fiverr is using advanced technology to monitor and remove threats. That being said, there are new techniques and code written all the time. Because the threat is ever changing we advise our users to take additional measures to protect themselves and their computer by applying Antivirus and never open files from unknown sources.

We are constantly improving our security capabilities and will always thoroughly investigate any complaints and concerns raised by our users. If a file looks fishy and you suspect that is may be malicious, please contact support with the order number right away.

[wolfhowler]

Hi Everyone,

Buyers and sellers who are trying to pass viruses to an unsuspecting party is concerning. Fiverr is using advanced technology to monitor and remove threats. That being said, there are new techniques and code written all the time. Because the threat is ever changing we advise our users to take additional measures to protect themselves and their computer by applying Antivirus and never open files from unknown sources.

We are constantly improving our security capabilities and will always thoroughly investigate any complaints and concerns raised by our users. If a file looks fishy and you suspect that is may be malicious, please contact support with the order number right away.

Do you know if Fiverr has a report feature for buyer requests on the table at all?

[dressyfiddle]

Oh, so it’s not just me. When I try to backtrack it they run 😕

[wolfhowler]

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

Regardless of if it’s malware or not, you shouldn’t reveal a username on the forums.

[vepthy]

Hi Everyone,

Buyers and sellers who are trying to pass viruses to an unsuspecting party is concerning. Fiverr is using advanced technology to monitor and remove threats. That being said, there are new techniques and code written all the time. Because the threat is ever changing we advise our users to take additional measures to protect themselves and their computer by applying Antivirus and never open files from unknown sources.

We are constantly improving our security capabilities and will always thoroughly investigate any complaints and concerns raised by our users. If a file looks fishy and you suspect that is may be malicious, please contact support with the order number right away.

I have edited my original post to contain all information in one place.

If Staff needs any of these files for further prevention/research/forensics, you will have all of the information in the post.

[vepthy]

Yeah you’d think this would be a priority. Says that a lot that it isn’t…

I have got an answer from Staff. I’m not sure if I’m allowed to post it here but here is summary:

We are looking into this and actions will be taken, sadly we won’t be able to share them with you as we are bounded by our Terms of Service.

And here is also a very important thing:

I’m adding an article to help to prevent this kind of situation, Preventing Phishing.

And a nice message at the end 🙂

As always, we’re here if you need us!!

[logographs]

Thanks man for letting us know!