Recent content by pc1

  1. pc1

    A warning, K-Lite codec pack can install Infatica.

    And just fyi to get an idea of the threat level resulting from Infatica, the router's AI Protection logs had literally hundreds of entries in these threat categories: C&C Server SSH Brute Force Login WEB SQL injection attempt -2.u WEB SQL injection attempt -41 WEB SQL injection attempt -17.a...
  2. pc1

    A warning, K-Lite codec pack can install Infatica.

    I posted the question at codecs.forumotion.net , it was silently deleted soon after. The attached image is the step in the install process where you have to decline the Infatica installation, and does not suggest it has any legitimate use. As for the threat actors, the system I had...
  3. pc1

    A warning, K-Lite codec pack can install Infatica.

    I recently saw unusual entries in my Asus router's AI Protection logs. I ran a full scan of windows defender, found nothing. I then ran Malwarebytes, it flagged Infatica as a pup. Infatica is a proxy service, and while it can have legitimate uses, it has high potential for malicious use. When...
  4. pc1

    MyCommerce/Digital River meltdown

    Something else to keep in mind with credit card purchases like this, I've always used the "virtual card" feature that my visa offers, so that I can choose to lock that card to prevent any automatic future payments (i.e. auto-renewals). I did that in this case so that Ecommerce/DigitalRiver cant...
  5. pc1

    MyCommerce/Digital River meltdown

    On 2024-08-10 I purchased a copy of Blue Iris for a new build I was doing, it was purchased via Amazon, Amcrest store (https://www.amazon.com/gp/product/B07TS9N4RM). Is it correct to assume that this transaction was not affected by the MyCommerce/DigitalRiver scam?
  6. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    It's been over a month, any updates from their cybersecurity team, and/or McAfee?
  7. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    Thanks EMPIRETECANDY for confirming that the plugin is built-in (i.e. a firmware update will have no effect on it), and that the functionality of the camera's "sophisticated settings" are dependent on installing the plugin. Regarding your McAfee comment, it does not appear to relate to the...
  8. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    Here's another threat analysis https://hybrid-analysis.com/sample/469705fb3df80c89c67927f4d07e0b3a22ce19811272e86789c18e26e35a8add?environmentId=160 I've also anonymously submitted the plugin to CISA's new next-gen analysis (Malware Next-Generation Analysis | CISA). If any U.S. citizen here...
  9. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    You're implying awareness that the firmware and plugin are separate, I'm curious as to how you determined that? A careful and simple step when evaluating a camera is to download the firmware from the vendor support site, and check it. Then, even if the camera claims it has the same version...
  10. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    No worries. However the issue is not whether it's possible to get the plugin to safely enable features, the higher level concern is that the plugin as provided to the general user base includes a high risk component. The camera model is stated in the title of this thread, IPC-Color4K-T...
  11. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    1: Please check the sha256 hash of your ITC413 plugin. If it's not 469705fb3df80c89c67927f4d07e0b3a22ce19811272e86789c18e26e35a8add, it's not the same plugin as used in the IPC-Color4K-T 2: see post 18 3: see post 11
  12. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    1: See attached pdf file, listing the contents of the extracted plugin. Please advise which file(s) you identify as the actual plugin, and how you would install it. 2: The plugin is apparently required for some of the advanced useful features to function. (post 21)
  13. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    fyi, I've separately pinged Empire Tech and the amazon seller, asking them to comment on the situation. If/when they respond I'll post it in this thread.
  14. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    My isolated testing environment always starts with a clean os image, the chance of something else on the computer as an infection source is highly unlikely.
  15. pc1

    Malware in EmpireTech IPC-Color4K-T webplugin.exe

    Thanks, I understand that some vendors on virustotal are less rigorous and will generate a false positive based on loose heuristics. I've seen other webplugins from various cameras with a few low confidence virustotal hits, and they're fine. This one however lights up way too many vendor...