Top 10 Tips to Avoid Malware

In light of the latest bit of ransomware – Petya – here are tips to prevent getting hacked

The latest bit of ransomware – dubbed Petya – is currently running through banks, financial institutions and healthcare facilities in both Asia and Europe. The bug, like most ransomware, encrypts corporate data by encrypting hard drives, preventing access to needed data and computer systems. It also seems to have crossed the pond and entered the US.

Pharmaceutical manufacturer Merck reported that it had become infected with the malware as did multinational law firm DLA Piper, which counts over 20 different offices in the United States. Heritage Valley Health Systems, a health care network that runs two hospitals in Western Pennsylvania, also confirmed in a statement to Recode on Tuesday to be the victim of the same ransomware attack that has spread around the globe.

Petya in and of itself is a bit problematic in that this particular bug has the ability to adapt and mutate quickly, often working around patches that have been released by operating system and anti-malware vendors alike. With Petya, it’s difficult to insure your computing systems stay malware free. Anti-malware and OS vendors are having a great deal of trouble staying ahead of the game.

So, what’s the best way to stay Petya (as well as other phishing and ransomware infections) free? The best advice I can give ANYONE is to follow these top 10 computer security tips.

1. What’s in a Name?
Just because you see an email in your inbox from a name you recognize doesn’t mean they sent it to you. Be wary of all email in your inbox. Inspect the email address. If it looks suspicious or if you don’t recognize the domain (the wording after the “at sign” – for example @microsoft.com), don’t open it. Delete it immediately.
2. Look but don’t Click
Hover your mouse over any embedded links in any of the emails you receive. Don’t click before you do. A tool tip should appear showing the actual email address, or in the case of browser based clients, the address should display in the status bar at the bottom of your browser window. If the address isn’t one you recognize or if it looks strange, again, don’t click it.
3. Check for Spelling or Grammar Mistakes
Legitimate messages don’t have major spelling errors or clumsily structured sentences. If the message reads strangely and strikes you as unprofessional, its likely a fake. Delete it.
4. Analyze the Salutation
Messages from financial institutions will always address you by your name. They’re never going to call you, “Valued Customer.” If you get something like this from one of your financial institutions, I’d delete it and ignore it.
5. Don’t Give out Your Personal Information
Legitimate companies will never ask you to provide identity information or credentials via email. EVER.
6. Beware of Urgent or Threatening Language in the Subject Line of any eMail
Invoking fear via threatening or urgent language is a common phishing tactic. Be wary of any email indicating that your “account has been suspended,” or your account has had an “unauthorized login attempt.” There’s an excellent chance the emails are bogus.
7. Review the Signature Line
Lack of details about the signer or the absence of their contact information at the end of the message strongly suggests a phishing attempt
8. Don’t Click on Attachments
Malware payloads are often embedded in email attachments. Don’t open any you weren’t expecting, even from someone you know. Contact them offline, if possible, and confirm they sent you the attachment.
9. Don’t Trust the Information in an eMail Header
Hackers are smart enough now a days to spoof not only the display name, but the mail header as well. Even if you know how to check this information, you may not be able to validate it as genuine, so don’t bother. Assume this information is fraudulent in any suspect email.
10. Don’t Believe Anything you see
This is NOT your father’s internet any more. The world is hell bent on stealing everything you own and could own in the future (your identity, your credit, etc.), so the best defense is a strong offense – don’t trust anyone or anything you suspect is illegitimate. It may look valid, but it’s better to err on the side of caution that to spend the next 8 to 14 months straightening out your credit because you were the victim of a phishing attack. If you have even the slightest doubt or it even remotely looks suspicious, don’t open the message.

The point of all of this is that THIS particular piece of malware REQUIRES diligence.

Petya is rapidly changing. Its mutating and adapting to patches and detection engines in popular and well known, professional grade malware prevention products. You HAVE to be careful here, or you may end up losing everything on your PC.

Aside from the above, you should also do the following proactive steps on a regular basis. (start NOW if you haven’t done these yet, and insure that you do it malware free):

1. Install and Run an Anti-Malware Package
I have used a number of different packages over the years. Right now, one of my favorites is IOBIT Advanced SystemCare 10 Pro. Regardless of what you use, get one, install it, and use it… often.
2. Get your data on a cloud service
Whether we’re talking productivity files (Word, Excel, etc.) or pictures and home movies, it doesn’t matter. Get your data synchronizing with a cloud service so that you have an easy way to get your data back if it gets taken hostage.
3. Start a Local Backup Regimen
Macs have Time Machine. Windows users have Windows Backup; or you can use AOMEI Backuper and AOMEI Image Deploy. However, any way you cut it, you need to start and execute a local backup plan.
4. Start an Off-Site Backup Regimen
In order to do this, you need an off-site back up service like Carbonite or Backblaze. These low cost, subscription based services allow you to back up your computer over the internet and allow you to do a simple restore as well via the internet or via a hard drive that you can order and have delivered to you.

So, in summary:

1. Trust your Gut. Don’t open goofy looking email. Just delete them
2. Backup your data
3. Install and run an antimalware app

Have you gotten hit by ransomware? Have you paid the ransom, or have you just blown or replaced the drive and started over? I’d love to hear from you if you have gotten bitten. If you have, hit me up in the Discussion area, below, and tell me all about it.

Related Posts:

Why Don’t they just Upgrade, Already..?!?

Is it me, or does this seem like it would be a no brainer??

I’ve been in IT for a LONG time. I cut my teeth on Windows 95, Windows 98 and Windows 98SE. Microsoft’s Windows XP days were some of my biggest hay days because I wrote literally THOUSANDS of tips covering ALL of these Windows versions and Office 95 – 97 and Office 2000 – 2007 during my tenure there. When I got through it, I was – and still am – one of the more knowledgeable Windows pundits out there.

Given all of the ransomware recently targeting older machines running unsupported versions of Windows – like Windows XP and Windows 8, a lot of people are starting to point fingers at others trying to figure out who exactly is at fault. Some blame Microsoft, because they’re Microsoft, because they run 97% plus of all the computers that run the businesses of the world, and because they have bazillions of dollars. Others blame the IT departments and workers in those businesses for not either abandoning those outmoded operating systems for something more modern.

My former co-worker Paul Thurrott had this to say in his 2017-05-19 Short Takes:

WannaCry is not Microsoft’s fault

If you’re looking to point the finger of blame for WannaCry, I think we can find some better culprits than Microsoft. For example, the hackers responsible for this attack are an obvious place to start. The businesses—which include hospitals and other medical facilities, banks, and more—that are still inexplicably running Windows XP and putting their customer’s data in harm’s way. And yes, sorry, also the over-cautious IT staffs at businesses around the world who delay Microsoft security patches for far too long because they are in some cases trying to justify their employment or have just lost sight of what’s really important in the risk/benefit debate around Windows patching. I know it’s not everyone. But the sheer scope of this attack says a lot about how we do things. And it says almost nothing about Microsoft except that, in this case, they did the right thing. Stop deflecting the blame.

There are a number of issues in Paul’s quote – as well as other mitigating circumstances – that I want to touch on, but let’s start at the beginning… There are a lot of folks out there that may not know what WannaCry is.

WannaCry is a serious strain of malware/ ransomware targeting Windows PC’s worldwide. The attacks from this nasty bug started on Friday 2017-05-12. The bug was targeted at computers and systems running Windows XP and Windows 8 machines, and while it effected systems around the world, it was initially targeted at the UK’s National Health Service. Infected machines had their data encrypted and users were locked out, unable to access any data on any connected drive or system.

This originated as a phishing attack. Meaning that someone emailed a potential target a message with an infected attachment . That person opened the attachment, releasing the virus. The hackers responsible demanded $300USD in bitcoin to unencrypt the effected machines. Aside from the UK’s NHS, Germany’s rail system, Renault and Nissan factories, FedEx, Spanish telecom Telefonica, and even Russia’s central bank got hit by the data encrypting malware. In the end, well over 300,000 computers were infected globally.

There are a couple of things of note here:

  1. Why are these Older Systems Still Out there?
    To be blunt, there could be a number of reasons – The company using the machine doesn’t want to spend the money to replace the system, or they don’t have the money to replace the system because (reasons).More than likely, the effected machine is a legacy system sitting on a medical device or label printer or some other mission critical piece of equipment that is ONLY guaranteed to run on certain versions of an operating system, and the company that owns it can’t afford to replace it because nothing else like it is available; or they can’t find a way around the loss of the machine to their business process, or some other cost prohibitive reason that mandates that THAT specific machine stays exactly where it is, doing that one specific thing that the company can’t seem to live without.I’ve seen this happen at hospitals with ultrasound machines or some other medical device that can’t be replaced or upgraded due to licensing, budget or other cost based issues. I’ve also seen this happen in industrial settings (like the cited FedEx example, above) where there’s one piece of equipment that only runs software/ drivers that are compatible with a specific version of Windows and the business can’t or won’t replace it due to cost, or some other reason.As of this writing no known US government systems have been infected.
  2. Why haven’t the IT Department Updated/ Upgraded these Systems?This is a multi-faceted issue. No matter how you slice this issue, the effected IT department carries a large part of the blame. In some cases, the IT department got overruled and management has opted to roll the dice and risk getting hit by malware. However, Microsoft itself is also partially to blame, here. Allow me to elaborate…Microsoft has a huge history of releasing security patches and then patches for those patches because their testing process failed to account for every driver of every peripheral possibly attached to any and every partner, OEM’ed version of Windows out there. In other words, no matter how extensively Microsoft’s QA department tests, they’re always going to miss testing some testing some edge cases and that causes stuff to break in the wild.So, because there’s so many different kinds of computers that can work with some many different kinds of devices and peripherals, Microsoft can’t release patches without breaking something, somewhere.As a result, many IT departments/ businesses unwilling to risk having some mission critical piece of equipment going down due to a bad or faulty patch being applied opt NOT to patch, leaving their systems buggy and vulnerable to attack.

    IT departments are also largely unwilling to apply patches to every day production machines without the “proper” amount of testing being completed in their own test labs, prior to deployment. In fact, in many cases, Microsoft releases patches for previous patches and instead of updating their systems and living with the new problems (which could be bigger problems than the ones they’re currently living with), they wait for “early adopters” to discover them. These wait and see IT departments gain the benefit of avoiding new bugs and issues at the expense of remaining unpatched and vulnerable to known vulnerabilities.

    For them, patching Windows has historically been a lose-lose game.

So, given all of this mess, what SHOULD you do?

That’s simple –

  1. Stop running an unsupported operating system.
    Even though Microsoft patched the WannaCry exploit months ago and also provided patches for Windows XP and Windows 8 (even when they said they weren’t going to provide patches for those OS’ any longer), the best thing that you can do is find a way off the out dated, unsupported platform.
  2. Update Your Mission Critical Components
    In the case of mission critical hardware requiring drivers or other middleware only rated to run on older machines/ operating systems – find a way to live without them. Period. Change the business process, change operating systems/ platforms… do SOMETHING other than staying where you’re at. While it may be costly, in the end, it’s going to be cheaper than figuring out how to disinfect or decrypt effected systems
  3. Upgrade Already!
    Microsoft is never going to allow the circumstances that allowed Windows XP to stay on the market for 15 or so years to recur again. It’s YOUR business’ responsibility to figure out how they’re going to get you from one major OS version to another without killing the company’s productivity.WannaCry doesn’t target Windows 10. It also doesn’t work on patched systems.

So, is my PC at risk?

Your PC is at risk if its running

  • Windows Vista
  • Windows 8.x
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

If you’re running Windows XP, you need to upgrade immediately. If you’re running any of these other operating systems, Microsoft has issued patches to prevent WannaCry from infecting your system. Run the patch or upgrade your computer.

Regardless of which version of Windows you’re using, you need to make certain you’re up to date on all of your security patches.

OK, now that that’s out of the way, let’s talk about Paul’s statements and wrap this all up.

It’s not all Microsoft’s fault
There are literally hundreds if not thousands of different kinds of Windows compatible peripherals out there that require some kind of driver or middleware to work and Microsoft can’t buy and test them all. When you start working out the different permutations on all of these, it’s easy to get dizzy very fast. The best anyone can expect from Microsoft is to test those combinations that seem to be the most popular. After that, you’re on your own.

IT Departments Need to Upgrade
Debugging Windows problems can be a huge headache. The biggest way to avoid the problems is to not patch in many cases. Not everyone is going to get hit by every problem out there, so reducing cost by increasing risk can save a lot of time, money and headaches. However, when issues do arise, they tend to be big ones…

If your computer has been infected, you have a couple of options

  1. Restore from an Uninfected Backup
    Having a redundant backup plan is important. If you’re hit by WannaCry or any other virus and can’t get clean, restoring from a known, good backup may get you back up and running quickly. If you don’t have a redundant backup plan (local backup, local backup of backup and off site backup) figure one out now.
  2. Blow the Machine and Start Over
    Cutting your losses and starting over may be the only option you have, especially if you don’t have an uninfected backup to restore to. In this case, starting over is likely your only option. This may be less painful if you have your data stored on a cloud service like Drop Box, Google Drive or Microsoft OneDrive. That way, with all of your data easily resyncable to your computer, all you need to do is install the OS, reinstall your apps and download all of your data. This is somewhat similar to the work in option #1, above.

The last thing you’ll need to do is make certain you have an anti-malware package installed and running on your machine. Having an offline anti-malware scanner for when you get bugs that your regular scanner can’t remove is also helpful.

Did you or anyone you know get hit by WannaCry? Have you ever gotten hit by any kind of ransomware or other piece of malware that basically killed your access to your computer and all of your data? Did you pay the ransom? Did you get your data back? Did the hacker make you pay more than once? How did you get rid of the infection? I’d love to hear about your situation, in detail. Why don’t you meet me in the discussion area, below and tell me all about it?

Related Posts:

Dok Malware is the Disease that Ailes You

Currently, there is NO cure...

Malware – and specifically ransomware – is probably the most compelling reason I know of to completely abandon personal computing. Depending on where you are, what bug(s) you get, and how badly it affects you, I can totally understand the urge some people must feel to leave the computer age behind. Ransomware, or the type of computer virus that encrypts your hard drive without any way of recovering your data unless and until you cough up a payment or two to a hacker, who is then supposed to send you a key that removes the encryption from your hard drive, allowing you to recover your data, can be especially damaging if you don’t have the data backed up or if your backup(s) also gets infected. Infections like these are especially harmful to small businesses that simply don’t have the cash or resources to remove the infection or pay the ransom.

In order to prevent infections like these, regardless of what operating system or computer type you use, its highly recommended that you use a reputable malware scanner. Like I said… anyone can get malware… (Part 1, Part 2). Problems start when the malware scanner you’re using can’t detect the latest, greatest bug to be declared in the wild – case in point: Dok is the latest critter to move into the macOS space, and it targets ALL versions of OS X and macOS; and will take complete control of your Mac if you let it.

Before we go any further, there is a silver lining to this massive, malware cloud of doom – it’s a phishing attack that requires the user to open a ZIP archive that’s attached to an email message. This should be a warning sign to just about everyone – opening ZIP attachments in an email is likely NOT a good idea, regardless of where they’re coming from or who is sending them.

So, what exactly is phishing? According to Wikipedia, phishing is

“the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. [Phishing] is a neologism created as a homophone of fishing due to the similarity of using bait in an attempt to catch a victim.”

Most phishing attempts usually occur via email or instant messaging (so you have to be careful with IM apps as well…) and the “attack” occurs when you open a specific attachment or open an active web page that executes code that directs you to enter personal information on to a page that looks and feels like the real thing. Phishing messages are often sent by imitations of auction sites, credit card and bank sites, online payment processing sites, or from an “IT administrator” from any of those places. The idea is to fool you into thinking that the website or service you’re using/ viewing is legitimate so the hacker can install or execute some other program that will steal financial or other information from you that will provide them with financial gain.

The best and worst thing about phishing attacks is that most users can prevent them by not clicking on suspicious links or opening dubious email attachments sent from people or places you don’t know or recognize or aren’t expecting to receive messages from.

According to Check Point Software, a leading antimalware software publisher, Dok isn’t detectable by any malware scanner from any vendor as of this writing. While this is likely to change quickly, it still represents a huge problem. Dok uses a signed developer certificate. This means that your Mac will allow it to install despite having Gatekeeper active. That signed developer cert is authenticated by Apple, and because of THAT, if you open a ZIP file on your Mac, you could be risking infection.

Once Dok is installed on your Mac, the malware has elevated privileges that will provide access to all communication methods, even those sent over SSL connections, by redirecting all of your traffic through a malicious proxy server. All of your traffic will be monitored, and the person(s) monitoring that data can look through the details, saving what they want. This information could include access to the financial and other PMI based accounts you opened while infected.

The best way to keep yourself infection free at this point is to stay uninfected. In other words, don’t open any ZIP files from anyone. Period. Just delete the email. If you think the sender is a trusted party, email them back and make other arrangements to retrieve the attachments. Services like Dropbox, Google Drive and Microsoft OneDrive all have ways to send secure links to files you want to share with others. Look into those.
Additional information on Dok can be found at Check Point’s Advisories archive. If you’re running Check Point Antivirus R75 – R77, you can prevent unauthorized remote access by following these instructions. If you suspect you already have Dok, you need to take a look at this article by Lory Gil over at iMore. All the folks there are awesome; and this article is especially helpful.

As I mentioned earlier, the best way to keep yourself infection free is to not open attachments in email, especially attachments from someone you don’t know; or if you get unexpected attachments from someone you do know.

In the case of the latter, a quick phone call or text message asking if they did send you something can save you a huge headache. Err on the side of caution, kids. It’s better to be safe than sorry…

You should also make certain you’re running a good antimalware app. If you’re running macOS, you can find one here. If you’re running a Windows machine, you can find one here.

Related Posts:

Symantec to Acquire Identity Protection Service, LifeLock

The deal, worth $2.3B, is intended to create a more powerful AV tool

symantec_lifelock

2016 was a big antivirus year for me. I had two articles on how anyone could pick up malware. I followed it up here. Its true. Anyone can get a bug, so if you aren’t running a malware scanner or antivirus product, you really should be. Soft32.com has a number of GREAT antivirus products available. Some are free to try, or are completely free. Others, may cost you a subscription fee. Regardless of its payment structure, you need to run a virus scanner, whether you’re using a Mac, a Windows PC or a Linux machine.

Better safe than sorry…

And in that light, an interesting development occurred the other day. Antivirus maker Symantec is going to acquire identity protection service, LifeLock in a deal that’s currently valued at $2.3B dollars.

The deal, a combination of cash and $750M in new debt is scheduled to close in the first quarter of 2017. The merger of LifeLock and Symantec is anticipated to provide comprehensive online protection for consumers. They’ll have premier antivirus protection coupled with identity theft protection, according to Symantec’s CEO, Greg Clark.

Symantek is interested in moving away from just providing malware protection. They’re looking to go into the “digital safety,” an estimated $10B business. With personal information and data becoming an increasingly larger tarket, Symantec is “stepping up to defend [them] through innovation and vigilance.”

LifeLock shares rose 14% in the aftermath of the Symantec announcement, while Symantec shares were flat. LifeLock is best known for its former CEO K Davis sharing his social security number with the public. Since 2010, he had been a victim of identity theft at least 13 times. In 2010, the FTC said it reached a deal with LifeLock where the company would pay $12M to settle claims it used false advertising to push its identity protection services. Then, it reached another deal with the FTC to pay $100M for violating the terms of a 2010 court order to secure consumer’s personal information and stop deceptive advertising practices.

Related Posts:

BullGuard Internet Security

Keep your PC safe with this must have internet security suite.

ThankYouDogIf there’s one thing that I know and know WELL, it’s that anyone and everyone can get a computer virus or piece of malware. It’s becoming too easy not to pick up a bug, no matter how computer savvy or experienced you are. If you use a Windows PC, as nearly everyone in the universe does, it becomes even more difficult, as most of the viruses in the wild are targeted and attack Windows PC’s specifically. This is the number one reason why I really like apps like BullGuard Internet Security. It’s a suite of security apps that can keep your Windows PC clean as well as protect it from a number of different threats.

BullGuard Internet Security is an all-in-one security suite that guards you, your kids and your PC against ever-evolving malware and cybercrime. The app protects you, your computer and your family from all online threats – identity theft, credit card fraud, hackers, viruses, spyware and much more – thanks to its broad range of features covering nearly every possibility. With BullGuard Internet Security and it’s at-a-glance update system, you will never worry about your digital safety again.

bullguard internet security

BullGuard Internet Security provides the following, holistic, protection:

Total Protection – its real time scanner can stop intruding malware in its tracks, including viruses, worms, Trojan horses and adware so you can compute without worry. The latest enhancements include better protection against advanced rootkits that can steal control of your computer as well as from ransomware so you’ll never have control of your life stolen from you.

Unwanted Apps – Adware sucks. BullGuard Internet Security stops adware cold in its tracks, protecting your data, your browser settings and search engine preferences.

Advanced Backup – BullGuard Internet Security includes 5GB of free online storage so you can keep all of your data, photos, music and home video off site and safe. You can backup data directly from folders with one click. If you want, you can view data on your computer or even your smartphone. If you have a Dropbox account, you can back up your data directly to it.

Firewall – stop unwanted intrusions from accessing your computer and other resources connected to it.

Spamfilter – stop unwanted junk email and email scams, phishing attempts, viruses and foreign language email from flooding your inbox.

Keeping your computer safe is important. Finding the right application or suite of applications to do it isn’t always easy. To be very honest, there’s a lot of crap out there. However, BullGuard Internet Security is one of the best security suites available on the internet today.

Other suites are often overpriced, bloated or difficult to work with. BullGuard Internet Security is fast, easy to use and provides protection for up to three computers in your home. It can protect your PC from adware, viruses, spam and malware. It can protect your PC from unwanted intrusions.

While its licensing is subscription based, that business model is the industry standard, and for three computers, that breaks down to just $20 per PC per year…and honestly, that’s a small price to pay for peace of mind.

download Bullguard Internet Security

 

Related Posts:

Anyone can Pick Up Malware – Part 2

Sometimes, you can be your own worst enemy…

malwareA while back, I posted an article about how anybody could get a computer virus. It was telling, because the anybody was me. I ran afoul of a bad ad network somewhere and picked up something that caused me to, I thought, pick up a key logger. In the end, it turned out I was wrong, but I’ll get to that in a bit.

Instead I had picked up a couple other viruses, both of which came through a bad ad network and both of which, it turned out, were responsible for my spam situation. Unfortunately, NONE of the anti-virus products that I had on my machine – Webroot Secure Anywhere and MacScan, could remove the software, though it had no problems at all identifying the viruses on my Time Machine drive.

Based on this information, it was clear to me that the malware was 1) on my Mac, and 2) actively hiding from the real time scanner of one app and the manual scanners of both apps. To be blunt MacScan didn’t detect a thing. Webroot found everything, but only on my Time Machine drive, and couldn’t remove all of it.

I had a couple options at this point – 1) Rebuild the system (which involved blowing the drive, putting the OS back on and then reinstalling everything from scratch, and 2) Finding an anti-malware app that could remove everything. After trying Malwarebytes for Mac and having it fail miserably, I started looking for another Mac malware scanner and removal system.

What I found, was FixMeStick; but even THAT had issues. It works very well with Yosemite and earlier based Macs; but when I purchased it in January of 2016, it didn’t work with El Capitan based Macs, and my MacBook Pro runs El Capitan. Unfortunately for me, FixMeStick didn’t know about their inability to work with El Cap Macs when I bought the product. I helped them confirm the issue.

FixMeStick is an offline anti-malware scanner. You purchase a self-booting USB stick. You stick it in a USB port, boot from it, it scans your drive, finds the goo and removes it. Unfortunately, El Capitan’s default drive format makes use of journaling, and (up until about 2 days ago, as of this writing), FixMeStick couldn’t even READ a drive that was HSF+ Journaled/ Journaled, Case Sensitive. So it was effectively USELESS to me.

I checked in with them every three to four weeks, asking if they had resolved the issue. They would always say they were close, and that they would have an update to users and a release in about four to eight (4-8) weeks. Those deadlines were always missed, and I came very close to demanding a refund.

I’m going to jump to the end, here, as its going to make this a lot more valuable to everyone in the end…

In the end, they figured it out. Their product now works with El Cap formatted Macs, and the product found three bugs on my Mac and removed them… on the first scan after the issue was resolved… but not without some last minute drama – none of the bugs were the key logger that Webroot Secure Anywhere had identified (and I THOUGHT was the cause of my Google Apps (Gmail) account getting hacked). I thought there was a problem.

Thankfully, I was very wrong.

What I learned is that Webroot has a known issue with identifying false positives when their scanner scans your Time Machine drive. While Key Logger.Spector.Pro.r is a real problem, it isn’t when Webroot Secure Anywhere ONLY identifies it on your Time Machine drive and ONLY on your Time Machine drive.

According to Webroot, and I traded email with their tech support team this past weekend, what Secure Anywhere finds is a false positive on a info.plist file in a kext file that Gatekeeper uses to identify software that can run on your Mac without you having to constantly approve it; AND it ONLY identifies it in this kext file on your Time Machine drive. It’s well documented in their support forums.

So… after 9 months… not only am I virus free; but I never had a key logger, and I shouldn’t have anything or anyone else hijacking my Google Apps account (though thankfully, I actually haven’t had that happen for about four (4) months).

But as I said in November, anybody can get a computer virus. Just because you do, doesn’t (necessarily) mean you’ve been somewhere you shouldn’t nor does it (necessarily) mean that you’re careless. It just means that you picked up a bug. What you do need to do is pick up the right tool to get rid of it, and then make certain you have a real time scanner on your computer.

For me, this is FixMeStick and Webroot Secure Anywhere for Mac.

Related Posts:

Another Day… Another Virus (Backdoor.MAC.Elanor)

This one targets Mac systems. Heads up Apple users…!

As Macs and macOS become more and more mainstream, more and more virus and malware authors are going to be writing code that targets computers coming out of Cupertino. Case in point – a new piece of malware has been encountered in the wild, allowing attackers to hijack a Mac user’s machine.

backdoorThe new malware has been named Backdoor.MAC.Elanor by researchers at Bitdefender. The software installs a backdoor onto an infected Mac that provides full access to a Mac user’s data, and full control over their web cam. The malware has been traced to the installation of an app called Easy Doc Converter.app.

Easy Doc Converter is a fake file conversion app that is apparently available from reputable download sites across the internet. The app installs a component that provides remote, anonymous access of an infected system’s command and control center. Additional components allow attackers to view, edit, rename, delete, upload, download and archive/copy off files from infected systems. They also have elevated privileges that allow them to execute commands and scripts.

This particular bit of malware allows attackers to watch computer users at their workstations via the computer’s web cam. Attackers make use of an included tool called “wacaw” to capture stills and video from infected systems, according to Bitdefender.

Thankfully, the app isn’t digitally signed with an approved Apple security cert, so if you’ve got Gatekeeper enabled (and don’t disable it, trying to install Easy Doc Converter…) you won’t get infected.

As more and more malware targets Macs, you’d be hard pressed not to find and install a decent malware scanner for your Mac. Thankfully, Soft32 has more than one good AV scanner for Mac on the site, including BitDefender Antivirus for Mac 2016.

Since they’re the ones that broke the news on this new malware, they will likely also be the first with removal instructions should you find yourself infected. If you suspect this is the case, installing this app should be your first step.

If you find that you have Backdoor.MAC.Elanor, I’d appreciate hearing from you. Please leave a comment below in the Discussion area for this column and let us know where you found the Easy Doc Converter app and if you’ve been able to get rid of the malware.

Related Posts:

It was All a Marketing Stunt

The Italian ISP that deleted all of its servers… yeah, apparently… not so much.

hoaxLate last week, the owner of a small web hosting company in Italy said he “accidentally” executed some bad maintenance code on his servers, and they deleted all his servers.

Marco Marsala headed to a support forum and posted a cry for help claiming he made a big mistake,

“I run a small hosting provider with more or less 1,535 customers and I use Ansible to automate some operations to be run on all servers,” Marsala wrote. “Last night I accidentally ran, on all servers, a Bash script with a rm -rf {foo}/{bar} with those variables undefined due to a bug in the code above this line.

“All servers got deleted and the offsite backups too because the remote storage was mounted just before by the same script (that is a backup maintenance script).”

He got some sympathetic replies. However, most of the forum users basically told him he was an idiot and that since (as he further explained) that all of his onsite and offsite backup drives were also mounted to his servers at the time of execution, all of the sites that he ran (again, approximately 1535) all got permanently and irrevocably deleted.

Apparently, the delete was so destructive, that many users didn’t think that even an experienced data recovery company would be able to retrieve his data.

One user told him in no uncertain terms,

“You’re going out of business. You don’t need technical advice, you need to call your lawyer,”

I, and many others, woke up this morning only to find out that this had been nothing more than a giant hoax… it was all a marketing ploy. I guess the idea was that he was going to miraculously “restore” his data by himself, thus proving his technical superiority, and would hopefully gain more business.

If that wasn’t it, I have no idea, as, if I were someone wanting web hosting, I wouldn’t be looking to THAT guy…

According to Server Fault Meta, the whole thing was nothing more than a DUPLICATE of what is being called a “guerrilla marketing operation.” The user has been called a “blatant spammer/ troll” by a number of users

One user called Sirex, I think said it best, “we went into it thinking [this guy] was an idiot. We’ve came out of it thinking [this guy’s] an idiot, but for a different reason. I don’t think the joke is on us.

I happen to agree, here. If I were anyone that had a web account with this guy… I’d be long gone by now. What about you? Did you see this last week? Did you follow it at all? Were you surprised when it was reported to be a hoax? Why not chime in, in the Discussion Area, below and give me your thoughts?

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox

Find us on Facebook