Before You Read

Warning: If you are Resistant to Logic, please stay away from this page. Because we will be Persistent with Logic to wear down your Resistance.

Saturday, December 13, 2014

No Defense Against BadUSB Firmware Exploit, Yet

Verdict :

Possible time of origin : July, 2014

Circulation platforms : Internet

Circulation geography : Global

Original Message Version Under Analysis:
BadUSB writes or overwrites a USB device’s firmware code to carry out malicious actions. First announced in July 2014, BadUSB was discovered by a pair of computer researchers at Security Research Labs in Berlin, who then presented their discovery at the Black Hat Conference. The attack is feared because none of the traditional methods of checking for malice on a USB storage device do detect that. The malicious code is planted in the USB’s firmware, which is first executed only when the device is plugged into a host machine. The host machine can’t detect the firmware code, but the firmware’s code can interact with and modify software on the host machine. The malicious firmware code could then plant other malware, steal information, divert Internet traffic. All these may run while bypassing antivirus scans. Moreover this problem isn’t limited to USB devices. In fact, USB devices are the tip of the iceberg. Any hardware device plugged into your computer with a firmware component can probably be made malicious in a very similar manner. 
BadUSB has no defense today, but it may be easily defended against, in the near future. After all, it’s simply  a code/software (stored in firmware), so other protective code/software (to be developed) should be able to defeat it. 

Analysis by Merofact Awareness Team:


Everything said above is entirely true. USB devices are reversibly connected to computers and often even built into virtually all computers. This universal interface standard revolutionized the world over the past two decades, thanks to its versatility. Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect over using this ubiquitous technology. This versatility is also it's Achilles heel; Since different device types can plug in via the same connector, one type of device can turn into a more capable or malicious type without the user noticing at all. This is what a BadUSB does. To turn one device type into another, USB controller chips present in peripherals need to be reprogrammed. Most widely spread USB controller chips, including those in USB thumb drives, hardly (if any) have any protection from such reprogramming.
Regular computer users shares USB drives like average business cards, even though we all know that they often carry malware and many of us can remember few bitter experiences. To protect our computer from such undue experience we all depend on antivirus & antimalware scans. In case of some unpatchable trouble, the occasional reformatting keeps our thumbdrives from becoming the carrier of the malware epidemic. But the security problems with USB devices run deeper than we all knew about: Their risk isn’t just in what they detectably carry, it can be built into the core of how they work and talk to the host computer. 
The kind of compromise BadUSB is able to make, is nearly impossible to counter at present without banning the sharing of USB devices. The problem isn’t limited to thumb drives. All types of USB devices from keyboards, mice and webcam to smartphones have firmware that can be reprogrammed in a similar manner a USB memory sticks is made into BadUSB. BadUSB can do whatever one can do with a keyboard attached to a computer, which is basically everything a computer does. In summary BadUSB can do atleast the followings: 
1. Can emulate a keyboard and issue commands on behalf of the logged-in user, for example to download files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
2. The device can also spoof a network card and change the computer’s setting to redirect traffic.
3. It can detect that the computer is starting up and then can boot a small virus, which infects the computer’s operating system prior to boot.
To make things worse, cleanup after an infection is hard, if not impossible. Simply reinstalling the operating system – the last resort response to otherwise ineradicable malware – does not address BadUSB infections at their root. The USB drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB connected components inside the computer. A BadUSB device may even replace the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the infected USB drive.
Once infected with BadUSB, the computer and all USB peripherals that came in contact with the infected machine can never be trusted again.
One apparent good news is that this susceptibility is reportedly tested only on one USB manufacturer that is Phison electronics – A Taiwanese Electronics Company. Though Phison sticks can initiate attack on any device they are attached to, but it is not clear whether the established infection will be able to spread to any other USB drive that will be attached into the infected device later on. The company has not yet publicly listed the vendors for whom they manufacture USB sticks. Therefore, currently it is still not very clear, whether the issue really can turn into a digital epidemic.
The other good news is, according to knowledge available over web, at least one company (Ironkey) already does purposefully protect against BadUSB attacks. Their new line of thumbdrive products require that any new updates to its thumbdrives’ firmware be signed with an unforgeable cryptographic signature that prevents malicious reprogramming.

Saturday, December 6, 2014

"Missile Man of India, Dr. Abdul Kalam Hospitalized ..."

Verdict :

Possible time of origin : October 15, 2014 (as birthday wishes!)

Circulation platforms : WhatsApp, Facebook, Internet

Circulation geography : India

Original Message Version Under Analysis:
Missile man of India hospitalized and no media botheredDr. A.P.J. Abdul Kalam our Missile Man is hospitalized from last two weeks but no media is interested, but we are true lovers of him. Let’s pray for his speedy and complete recovery today 9 pm and share this message to everyone to prove that any media is not necessary to remember our Heroes. Forwarding your prayers. 

Analysis by Merofact Awareness Team: 

This is a rumor surfaced around October 15, 2014 when Dr. A.P.J. Abdul Kalam turned 83. Within a week, he too got concerned about the spread of this false message and tweeted about is well being. His message reads Som msg is bein circultd dat Im unwell & hospitalized!This is totally FALSE.Im bsy workin with severl commitmnts. Plz pay no heed2such rumor ". Next day OneIndia again confirmed the that "He is absolutely fine. He is at work".

Update July 27, 2015
                                                                                                    
We just got the saddest news that the  India's 11th President APJ Abdul Kalam passed away at a hospital in Shillong, Meghalaya today evening, he was 83. He was there to deliver a lecture on “Making the World More Livable”. He suffered a massive cardiac arrest (heart attack) during his lecture at the Indian Institute of Management, Shillong, around 6.30 pm. Promptly he was taken to the Bethany hospital. Bethany hospital sources told NDTV that, "President Kalam was brought to the hospital at 7 pm. When he brought in there was no sign of life. He was taken to ICU to try and revive him, which was futile,". Government declared 7 days of national mourning (Rashtriya shok) as a mark of respect for Dr. Kalam. During this period the national flag will fly at half mast on all places throughout India where it is flown regularly. Schools, colleges, other educational institutions and government institutions may decide to remain closed on this Tuesday.

Thursday, November 13, 2014

"Albert Einstein Used to Believe in Astrology"

Verdict :

Possible time of origin : 1960

Circulation platforms : Internet, Books, Word of mouth

Circulation geography : Global

Original Message Version Under Analysis:
Astrology is a science in itself and contains an illuminating body of knowledge. It taught me many things, and I am greatly indebted to it. Geophysical evidence reveals the power of the stars and the planets in relation to the terrestrial. In turn, astrology reinforces this power to some extent. This is why astrology is like a life-giving elixir to mankind.

Analysis by Merofact Awareness Team:

Transcript of the Letter in the image above:

January 7, 1943

Mr. Eugene Simon
c.o. Rabbi Herman Simon
184 East Willmore Ave.
St.Paul, Minn.

Dear Sir:
I fully agree with you concerning the pseudo-science of astrology. The interesting point is that this kind of superstition is so tenacious that it could persist through so many centuries.
Very truly yours,
(Signed, 'A. Einstein')
Professor Albert Einstein.
In 1943 Einstein wrote a brief letter to Eugene Simon, care of Rabbi Herman Simon, in which the he clarifies his position on the subject of astrology. Many astrologers' claim that Einstein was a firm supporter of the subject. That belief partly (if not entirely) stemmed from the (mis)quote presented in the "message under analysis" section of this post. 
For further details on the subject readers are suggested to consult a treatise published by Hamel Denis in November, 2007 in "The End of the Einstein-Astrology-Supporter Hoax", Skeptical Inquirer 31 (6): 39–43. He claims to have tracked the (mis)quote down to Carl Heinrich Huter, a German author. This (mis)quote had indeed appeared on page four of the 1960 edition (released at the end of 1959) of Huters Astrologischer Kalender, but not in previous editions.
Later that (mis)quote also showed up in an epigraph to Manuel d'astrologie published in Quebec, Canada, in 1965 by a Swiss-born Canadian astrologer Werner Hirsig. Actually Hirsig had written a book in 1950 titled Astrologie moderne (Modern Astrology), and above mentioned Manuel d'astrologie of 1965 was just a reprint of this book. Differences between the two books are minor, as both books have the same table of contents and pagination, only the prefaces are different. In the 1965 version, a foreword is added where the (mis)quote attributed to Einstein is introduced for the first time in Hirsig's book. 

Friday, November 7, 2014

"WhatsApp Will Become Chargeable; Blue Logo ..."

Verdict :

Possible time of origin : November 2014

Circulation platforms : WhatsApp

Circulation geography : Global

Original Message Version Under Analysis:
Saturday morning whatsapp will become chargeable. If you have at least 10 contacts send them this message. In this way we will see that you are an avid user and your logo will become blue and will remain free. (As discussed in the paper today. Whatsapp will cost 0.01€ per message. Send this message to 10 people. When you do the light will turn blue otherwise whatsapp activate billing.

Analysis by Merofact Awareness Team: 

As of today WhatsApp website says
What are WhatsApp's subscription fees?We want WhatsApp to be about communication with your friends and family, so we will never bother you with ads. Read more about our stance on advertisements here. We do have small subscription fees, however. Please note that WhatsApp will never automatically charge you for your subscription.For all phone types, WhatsApp is free to download and try for the first year. After, you have the option of extending your subscription for $0.99 USD per year.Subscriptions are cumulative, so if you pay for an additional year of service, it will add to your current subscription or free year-long trial. There is no difference between the free and paid versions of WhatsApp other than the length of service. Note: Deleting and reinstalling WhatsApp does not reset your subscription.If you have questions about costs related to using WhatsApp, please read here.Cheers,
WhatsApp Support Team


Thursday, October 30, 2014

"Square on Tubes Mean Something for Consumer"

Verdict : 

Possible time of origin : March, 2013

Circulation platforms : Email, Facebook

Circulation geography : Worldwide

Original Message Version Under Analysis:
Pay attention when buying toothpaste, at the bottom of the toothpaste tube there is a color bar. And do you only know the original meaning of the color bar!
Try to choose green and blue, there are four kinds:
Green: natural;Blue : Natural + Medicine;Red : Natural + Chemical composition;Black : pure chemical.
please share to all......

Analysis by Merofact Awareness Team: This supposedly helpful message is actually based on fiction and not fact. The colored rectangles on or next to the crimp of soft toothpaste tubes are meant for processing machines to read and not of interest for the consumers. These colored rectangles are often used in the process of automated industrial packaging and quality control. They are often referred as "eye mark" or "color mark" and they aid in "Machine Vision" (MV). Wikipedia entry says "Machine vision (MV) is the technology and methods used to provide imaging-based automatic inspection and analysis for such applications as automatic inspection, process control, and robot guidance in industry." Invariably the process involves capturing a image, which is read and analyzed by an customized software system, that directs a robotic system to perform a desired job according the reading received. So these marks can be used either to direct the machine to seal the tube at or next to the Color Mark or can be used for quality control purposes, eg. to orient the filled and sealed tube properly for further inspection, reading of registration and labels etc. The used colors and sizes of this eye mark depends on the camera (sensor) and software being used in the packaging process, which vary widely. At the end these marks remains on the tube as a secondary effect of the packaging and quality control processes but doesn't tell consumer anything about the tube content. If you really want to know what are the contents of the toothpaste you are about to buy/use, just have a look at the list of ingredients printed somewhere else on the tube. Watch the following short video to see how colors read by camera can be used to direct machines to sort them separately. A similar yet more complex proprietary process happen with toothpaste tubes we regularly use.

Monday, October 27, 2014

"Earth Will Experience 6 Days of Total Darkness ..."

Verdict :

Possible time of origin : 24.10.2014

Circulation platforms : Web, Twitter, Facebook

Circulation geography : Worldwide
Original Message Version Under Analysis:
NASA has confirmed that the Earth will experience 6 days of almost complete darkness and will happen from the dates Tuesday the 16 – Monday the 22 in December. The world will remain, during these three days, without sunlight due to a solar storm, which will cause dust and space debris to become plentiful and thus, block 90% sunlight.
This is the head of NASA Charles Bolden who made the announcement and asked everyone to remain calm. This will be the product of a solar storm, the largest in the last 250 years for a period of 216 hours total. Reporters interviewed a few people to hear what they had to say about the situation with Michael Hearns responding “We gonna be purgin my n*gga, six days of darkness means six days of turnin up fam”.
Despite the six days of darkness soon to come, officials say that the earth will not experience any major problems, since six days of darkness is nowhere near enough to cause major damage to anything. “We will solely rely on artificial light for the six days, which is not a problem at all”, says NASA scientist Earl Godoy. Visit our website daily for more shocking news!
Analysis by Merofact Awareness Team: 

This fake news was first arrived on huzlers.com then spreading virally elsewhere. The About Us section in Huzlers.com reads "Huzlers.com is a combination of real shocking news and satirical entertainment to keep its visitors in a state of disbelief.". International newspapers started reporting the viral spread of this weird news. There is no comment published on NASA website yet, neither we can expect one. This message is not an unique invention, one similar message have also been in circulation starting around August, 2012 claiming 3 days blackout on the Earth. That message purposefully also directed the readers to a fragmented original video showing NASA director Charles Bolden speaking on emergency preparedness (see below). Original context of the video can be found on the NASA website. If you listen carefully knowing the context you'll understand how this message have been misinterpreted to spread rumors.



Friday, September 26, 2014

"Rs.1000 Coin to be in Circulation Soon in India ..."

Verdict :
Possible time of origin : October 2012
Circulation platforms : Facebook, Blog
Circulation geography : India
Original Message Version Under Analysis:

Analysis by Merofact Awareness Team: The Government of India has the sole right to mint all currency formats in India. The currency department of in Reserve Bank of India attends to the core statutory function of note and coin issue and currency management. This is a responsibility for Government of India according to the Coinage Act, 1906 which may get amended from time to time. Anyway the fact of our interest is that, coins can be issued up to the denomination of Rs.1000 as per the above mentioned Coinage Act, 1906. The designing and minting of coins in various denominations is also the responsibility of the Government of India. Coins are minted at the five India Government Mints at Mumbai (Maharashtra), Alipore (Kolkata), Saifabad (Hyderabad), Cherlapally (Hyderabad) and Noida (UttarPradesh). The coins are issued for circulation only through the Reserve Bank in terms of the RBI Act.

As early as October 1, 2012 The Hindu reported a article with headline " Rs.1,000 coin to be released ". If you bother to read beyond the headline, you'll see that they clearly mentioned "The coin is being brought out as a special product to commemorate 1,000 years of Brihadeeswara temple of Thanjavur." Brihadeeswara temple is one of the largest temples in India and one of India's most prized architectural sites. The temple is now a part of the UNESCO World Heritage Site known as the "Great Living Chola Temples". This temple is built by emperor Raja Raja Chola I and completed in 1010 AD, so it turned 1000 years old in 2010.

So there actually is a Rs. 1000 coin released by RBI to commemorate 1000 years of Brihadeeswara temple but not for circulation in the country. Copies of this coin will only be available with few collectors who responded in time. To know a first hand experience with this coin, you may like to talk to Mr. D Satya Buddu a famous Indian numismatist and a Facebook user. The Hindu interviewed him after he collected this coin.

Lets analyze the image provided above, what can be seen in the above image is that, the name of the country India and denomination 1000 are spelled out in Hindi and English also the coin bears the emblem of the Lion Pillar of Ashoka with the words ‘Satyameva Jayate’ in Hindi below it. But what is missing is that, on the reverse side there is a figure of Raja Raja Chola-1 in a standing posture with folded hands along with a figure of the Brihadeeswara temple and the words depicting the 1000 years of the temple written in Hindi and English and the place and the year 2010 can be seen. Each coin, weighs 35 gm with 80 per cent silver and 20 per cent copper.

Even though this Rs. 1000 coin exists in reality, but that is only for a few collectors, it is not in circulation for all in the country and neither meant to be so. That is why we gave this message a False verdict.

Thursday, September 25, 2014

"Nano Silver Effective Against Ebola ..."

Verdict :

Possible time of origin : August 2014

Circulation platforms : Web, Youtube, Email

Circulation geography : Global

Original Message Version Under Analysis:
Claimed at http://drrimatruthreports.com/

Analysis by Merofact Awareness Team: Its just a mere claim by Dr. Rima Laibow voiced via NGO Natural Solutions Foundation and not a proven truth actually we do not know any nano silver preparation from any manufacturer that can cure a viral disease. The most of the propaganda about the effectiveness of nanosilver to cure viral diseases presents a well cited scientific report published in the Journal of Nanobiotechnolgy in 2005. The article presents data showing nanosilver particles of size 1-10 nm can interact with the surface of  HIV-1  and thereby inhibits their binding to susceptible human cells in vitro. Nine years passed by after this publication but we haven't heard of any clinical trial showing the effectiveness of nanosilver particles in curing HIV or any other viral diseases per se. 

US Food and Drug Administration seriously took note of the claims made by Natural Solutions Foundation and issued a warning notice to them day before yesterday (September 23. 2014). FDA 's letter addressed to Dr. Laibow went on to say "Based on FDA's review, we have determined that your websites promote these products ( Dr. Rima Recommends™ The Silver Solution also referred to as "Silver Sol Nano Silver™") for conditions that cause the products to be drugs under section 201(g)(1)(B)  of the Federal Food, Drug, and Cosmetic Act (the Act) [21 U.S.C. §321(g)(1)(B)]. The therapeutic claims on your websites establish that the products are drugs because they are intended for use in the cure, mitigation, treatment, or prevention of disease."
Nanosilver are nothing but suspension of silver as we know from jewelry in the form of too small particles ( diameter in the range of nanometer). The smaller size distribution of already known material may impart new properties to the material, which recently brought a lot of attention to nanscience & nanotechnology. The newly acquired properties of a nanomaterial as in nanosilver preparations can be beneficial but we can not rule out possibilities of negative effect on our health. So to deal with them specially to use them on humans, we should be extremely cautious. Some even suggests prolonged use of nanosilver can impact one's health rather negatively. 

Wednesday, September 24, 2014

MOM has Successfully Entered the Orbit of Mars

Verdict : 
Historic Event for India
Possible time of origin : 24.09.2014
Circulation platforms : All
Circulation geography : Global
Original Message Version (compiled) Under Analysis:
India created history on September 24, 2014 becoming the first country to successfully get a spacecraft into the Martian orbit on its first attempt. It is dubbed as Mars orbiter mission (MOM) or Mangalayaan. Before India, various countries have launched Mars missions, but out of the 51 attempts, only 21 were successful. ISRO (India) now joins the elite Mars orbiter club that comprises the NASA (USA), Soviet Union and the ESA (Europe). India's Mangalayaan is the cheapest Mars orbiter mission so far. It cost about a tenth of NASA's Mars mission Maven that entered the Martian orbit on September 22, 2014. Indian prime minister Mr. Narendra Modi applauded Indian scientists and had said, "Hollywood movie Gravity costs more than our space mission." The orbiter was launched on November 5, 2013 from Satish Dhawan Space Centre, Sriharikota, India and  after a 300 day flight, has covered a distance of 680 million km to reach the Red Planet's orbit. It'll go around Mars on an elliptical orbit with the closest point around 420 km and the farthest around 80,000 km. MOM will employ five equipment that collectively weight 15 kg to do scientific studies, most importantly it'll check for the presence of methane that can indicate just what kind of life existed on Mars, if at all.

Analysis by Merofact Awareness Team: 
As a matter of fact we are Indian and we got another reason to be proud of our country. Its a real pleasure to share this news to you. We congratulate ISRO team from the bottom of our heart. Whatever we compiled in the message above from various resources describes the magnitude of the real achievement from the scientists at ISRO. The spacecraft entered the Mars orbit at 07:18 IST  ( finalized by 07:42 IST ) on September 24, 2014. We strongly suggest all our readers to visit the ISRO's Mars Orbiter Mission page on Facebook and like. 

According to Wikipedia total cost of the Mars orbiter mission is around US $74 million out of which the satellite itself costs about US $25 million. On the other hand according to IMDB the movie Gravity had a budget of US $100 million. Mangalayaan have five scientific instrument payloads, namely; Lyman Alpha Photometer, Methane Sensor for Mars, Mars Exopheric Neutral Composition Analyzer, Mars Color Camera and Thermal Infrared Imaging Spectrometer. MOM was launched with PSLV ( Polar Satellite Launch Vehicle ) which is capable of launching 1600 kg satellites in 620 km sun-synchronous polar orbit and 1050 kg satellite in geo-synchronous transfer orbit. According to ISRO website so far PSLV has repeatedly proved its reliability and versatility by launching 70 satellites or spacecrafts, out of which 30 are Indian and 40 are foreign satellites, into a variety of orbits so far. 

All these put India, who deals in the satellite launching market under the name of Antrix Corporation Limited, into the forefront of the multi-billion dollar  global space market. As of the cost effectiveness, we want to share an intriguing calculation; the vehicle has traveled 680 million km for US $74 million, i.e. US $0.11 / km or Rs.6.6 / km, in our experience an average rikshaw puller charges more in India. 

Tuesday, September 23, 2014

A White Tiger has Killed an Student at Delhi Zoo

Verdict : 

Possible time of origin : 23.09.2014

Circulation platforms : All

Circulation geography : India

Original Message Version Under Analysis:
A youth was today mauled to death at Delhi Zoo by an adult white tiger when he accidentally fell into the enclosure while climbing its fence to take a picture. Though it is not clear how the youth, in his early 20s, fell into the enclosure, eyewitnesses said he had tried to climb the fence but slipped. The tiger did not attack the youth for a few minutes but became violent after someone threw a stone at it and guards started hitting the fence. Credit PTI
 Analysis by Merofact Awareness Team: 

India Today was one of the earliest news media sources to break the the shocking news over twitterThey also posted some unfabricated images and a video (caution: could be disturbing, we willfully avoided a link to the video) of the misshaping. Though there is little confusion about the identity and exact age of the unfortunate victim, we can safely assume that the young boy was in his twenties. International news media including BBC (english), CNN (english) and Spiegel  (deutsch / german) also responded quickly and started spreading the news worldwide.

Monday, September 22, 2014

File Extension Appearing to Viewer Can be Faked

Verdict :

Possible time of origin : September 2011
Circulation platforms : All
Circulation geography : Global

Original Threat Description (compiled) Under Analysis: 
Recently cyber criminals included in their arsenal a way to pass off malicious file as legitimate files by disguising Windows file extensions, and making them appear safe to download. Avast, the major digital security firm dubs this operation by malware operators as “Unitrix”. The “Unitrix” exploit takes several Unicode features designed for right-to-left languages and uses them to mask malicious executables as safe text, image, audio or video files. Combating Unitrix is difficult. The typical user looks only at the file extension, and allows a file to stay, or download a new file based primarily on the file extension. Unless the user is an expert with a thorough knowledge of the files that a system or application requires, the only way users can detect such malware-in-disguise is when the system displays additional details or the anti-virus or browser shoots up a warning message.
 Analysis by Merofact Awareness Team:   

Most avid internet users have been naturally trained not to launch untrusted *.exe files download from the Internet as they may be malicious. Though there are many other file extensions that can cause damage to your digital security, most users are not aware of them (Click here for a extensive yet incomplete list of executable file extensions). Most users have rather better knowledge about what types of files are safe (eg. *.doc, *.jpg, *.png, *.avi, *.mp3). Security concerned users apply a positive selection while choosing to download and open a file, i.e. they will allow the download to take place and will open the file only if the file extension shown are familiar and the user regard that as safe. 

But there’s one problem; by default Windows operating system hides file extensions in the file explorer. So the image.jpg present in your download folder file may actually be image.jpg.exe, and when you double-click it'll launch the potentially unwanted variety of *.exe file. So if you are a person who frequently downloads from internet, we expect you have checked the "Show file extensions" menu in your Windows settings, if not do that NOW. Once you were aware of the safe file extensions you could have opened them without any risk of security breach, but sadly only until around 2011. 

Net security scenarios have changed since Avast reported the Unitrix exploit. Simple yet factual description of the Unitrix exploit is under the head "Original threat ..." in this post. Hackers are using this new trick to cloak malicious files by disguising their file extensions to make them appear to user as safe to download and open i.e. run inside your computer with all the permissions available to the logged in user. A regular user just looks at the extension at the very end of the file name; for example, .doc for a Word document, and that is where the danger is, as .doc seen in user's file explorer window does not ensure that the file will open with default Word document viewer (usually MS Word) set in user's computer. Because Unitrix exploit can make the Windows operating system read the file name including the extension differently than what user sees on the screen. 

For a live example download a compressed file (egUnitrix.doc.zip) by clicking on this line then unzip the downloaded file in a preferable location in your computer. You should get a file named like egUnitrixGNP.doc with a supposed .doc extension. So if you double click on this file it should open with document viewer right? But it won't, if you try to open this file by double clicking you'll see the file is using the default *.png image viewer set in your computer to open the exactly same image you are seeing on this page above. 

Understandably if this example trick can work, it is also possible that any other seemingly safe file extension can be engineered to load a malicious infection in the users' computer. We found a simple way to check whether a suspected file is hiding its true file extension using Unitrix exploit. Just try to rename the file and it will tell Windows operating system to select the name and not the extension and magically you'll see a discontinuous selection, the part beyond the selection is having the real extension information, what will not fall in the safe category of file extensions. Other than this, the only other way a user may know something is a malicious executable file is if they scan the file with detecting security software. (You might say for the example provided, you can tell that is a image file from the associated icon. But that can be engineered too, we didn't indulged into that because that will take little more effort and might cross the line between an innocuous example and potentially unwanted.)

So start taking measures and restrict yourself to downloading files from trusted sources only. If you show interest in this post through comments we'll also write on whether a file with legitimate safe file extension can  carry potentially unwanted piece of code.

Sunday, September 21, 2014

"Modi's New project: Blood on call 104 ..."

Verdict : 

Possible time of origin : July 2014
Circulation platforms : Facebook, Whatsapp and even Blogspot
Circulation geography : India

Original Message Version Under Analysis: 
Modi's new project : "104 - Blood on Call" is the name of the new initiative which comes into being from this day onward and all one has to do in order to avail of this service is to call the aforementioned number 104 following which the much needed quantities of blood would be made available to you at your doorstep within four hours of receiving your call........
Bottles of certified and HIV free blood will initially be made available within a forty kilometer radius from the call centers set up at various locations throughout the length and breadth of the country and one would have to tender an amount of Rs. 450/- plus 100 Rs. as transportation costs (i.e Rs. 550/-) per bottle of blood ordered or received at your doorstep.......
According to PMO sources, this project will only be launched in select areas to begin with in the nature of a "pilot project" and it's footprint will gradually be increased to include every nook and cranny of our glorious motherland depending on the success of the pilot project.........
Further information about the same is awaited and shall be shared as soon as any such information is forthcoming but one should certainly doff one's hat to the Modi government in this case and hope and pray that this welcome initiative also does not go the way of similar initiatives that bit the dust for a multitude of reasons over varying periods of time........ 
Plz forward this message for people who don't read newspaper.. Many lives can be saved by this facility ........ plz circulate in ur groups. 

Analysis by Merofact Awareness Team: 
Even if some concepts are wrong and imaginary usually they do not originate completely de novo, rather they build upon some existing fact or idea. This message is one such example, where the truths got distorted. The message reports about a pan India "blood on call service" project initiated by present Indian prime minister Mr. Narendra Modi. If you notice the message claims the project "comes into being from this day onward". Though you may receive the message today or have already received anytime after the message started spreading around the end of July 2014. This (missing a date stamp) is a fatal mistake for a news, and a common signature for many of the socially engineered merofacts.

There indeed is a "blood on call 104" service also known as "Jeevan Amrut Seva" scheme that have been started in the state of Maharashtra, but not pan India. See the following Youtube video clip reporting initiation of Jeevan Amrut Seva scheme (audio language marathi). 
Jeevan Amrut Seva scheme shares similar features as said in the message but only available in the state of Maharashtra from January 7, 2014 as launched by public health department of Maharashtra government. Click here to see the reporting of Daily News and Analysis on the inauguration of Jeevan Amrut Seva scheme. 

On the eve of World blood donor day (a WHO campaign) on June 14, 2014 honorable PM Mr. Narendra Modi raised awareness about the importance of blood donation and encouraged young to take a lead in that via Twitter posts

Take a note of the time line here; January 7, 2014 Jeevan Amrut Seva scheme inaugurated in Maharashtra, May 26, 2014 Mr. Narendra Modi assumed PM office in Delhi, June 14, 2014 PM Mr. Narendra Modi tweeted to encourage blood donation. In our opinion, some tricky mind must have taken the three above mentioned facts as seed and crafted a socially engineered message with little if any intention to cause harm. 
Till now there is no official news about pan India "blood on call service" scheme. Such a service would be really nice to avail, but till we get there we have to depend on classical approach. So if you are not in Maharashtra don't sit relaxed with the thought that you can get perfectly good packet of blood at your doorstep when you need. Rather it is always good to stock few telephone numbers and addresses of local blood banks in your area. We would suggest you to try calling 104 and share your experience with all of us in the comments section. 

Saturday, September 20, 2014

"Ebola Virus Reached Apollo Hospital (India)..."

Verdict : 
Possible time of origin : August 2014
Circulation platforms : Whatsapp (primary), also being shared on Facebook 
Circulation geography : India

Original Message Version Under Analysis: 
Ebola virus reached Apollo Hospital, Delhi Metro Hospital, faridabad and few cases found in Bansal Hospital, NFC. So kindly avoid to visit these Hospital for any kind of infection unfortunately!! Infected patient Sreejith-M.Tech, NIT suratkal, expired today. Please take precautions against Ebola virus and spread the awareness!!
Friends plz eat tulsi leaves to safeguard yourself from this virus Ebola becz Ebola virus directly effects the human immune system. Tulsi leaves are good for the human immune system so this is a precaution to save u from the Ebola virus... Use hot water and salt to take your bath in the morning, do the same when you want to drink water (hot and salt). ...  It is said to be a traditional vaccine for Ebola. 
Please don't keep this information to yourself send to all your contacts including your enemies. God bless you as you share this.
Analysis by Merofact Awareness Team: 



Image Description : Scanning electron micrograph with artificially imparted color on Ebola virus budding from the surface of a Vero cell (African green monkey kidney epithelial cell line). Credit: NIAID, USA
     
According to World Health Organization, the total number of probable, confirmed and suspected cases in the current outbreak of Ebola virus disease in West Africa was 5335 , with 2622 deaths (between the start of 30 December 2013 i.e. start of epidemiological week 1 and end at 14 September 2014 epidemiological week 37). Countries affected are Guinea, Liberia, Nigeria, Senegal and Sierra Leone. 

What we found from the published news and and reports available over the web, clearly suggests that Ebola virus have not crossed the Indian shoreline yet (we'll update if we encounter any factual report). On August 9, 2014 The Hindu quoted Union Minister for Health Dr. Harsh Vardhan who clarified that India does not have any confirmed or even suspected Ebola virus affected person. A control room with Ebola helpline numbers 23063205, 23061469 and 23061302 was supposedly operational from the same day morning at the Health Ministry. When we tried to contact these numbers, some of them worked (please use 011, STD code for Delhi) and confirmed that yet there is no official reported case of Ebola infection inside India.

For about last one and half month, the message above started roaming the social media. The Times of India took attention on this Ebola scare spreading over social media in India on September 12, 2014 and dismissed the message by quoting Dr. Anupal Sibal, medical director at Apollo Hospital who denied having received any Ebola case.

So far we couldn't find any published document on the effect of Tulsi and warm water with salt against anything related to Ebola and the disease it cause. In the mean time, a report appeared on September 18, 2014 in The Times of India, suggesting certain unidentified  people claim to have knowledge of ayurveda that can cure Ebola. TOI also quoted Karnataka health minister UT Khader, saying "I was approached by some people about ayurveda having a cure for Ebola. I was more interested in a cure for malaria and dengue." The comment summarizes the present need in India. Malaria and Dengue is causing havoc in Indian subcontinent and people with proper knowledge of Ayurveda should find answer to those before indulging themselves into finding cure of remotely threatening Ebola.
Lastly, we want to share an important news for the patrons who took part in spreading the Ebola rumor message and still thinking of doing so. On August 19, 2014 Indian Express quoted concerned Karnataka health minister UT Khader saying "This is not the first time that online platforms have been used to create fear, unrest and unnecessary apprehension among the public. We have decided to investigate and take action against persons spreading such false rumors.” So, you should look up for the facts before you believe anything, that you find in social media. Not only that you should be really cautious before you decide to share the same message over social media literally owning them (i.e. taking responsibility). Any negligence on this front can really put you into big trouble out of the blue.

If you encounter any such messages please comment below or drop a mail to us by clicking on the "message in a bottle" image (Report a circulating merofact) on the right side panel of this page. We'll respond as soon as possible with an analysis on this blog. 

Friday, September 19, 2014

General Format of a MeroFact Analysis Post

Verdict : 
Possible time of origin : Month YYYY ( if known )
Circulation platforms : Email / Facebook / Twitter / Whatsapp / Hike / Advertisements
Circulation geography : Africa / Asia / Australia / Europe / North america / South america / Global

Original Message Version Under Analysis: (Disclaimer from Merofact Team for all Subsequent Posts: We may take some liberty to modify the version of the message we receive for better readability. Specifically we might but not necessarily rectify the spelling mistakes and the use of punctuation and emoticons, overall the content will remain the same as to its meaning and intention)
blah ... blah ...
Analysis by Merofact Awareness Team:
Note: As we mentioned in the earlier post, whenever possible we will provide link to the original knowledge resources we used in our analysis. To read the original knowledge resources provided this way, you can just hover on the part of the text inside the posts and click on the highlighted area to reach the relevant web resource. Please add your comment below if you have any suggestion/s regarding the organization and topic coverage of the merofact analysis post. You can also send a personal message if you want, just click the "message in a bottle" image on the right side panel of this page.