Posted on 05/13/2017 9:52:01 AM PDT by Leaning Right
The accidental hero who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.
*snip*
...the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a kill switch in the malicious software.
(Excerpt) Read more at theguardian.com ...
[[I miss Black ICE. It made you invisible to the internet. Is there anything like it today?]]
TOR- however, several posts o n youtube suggest that using TOR is like sendign up a big red flag to hackers- who- the more sophisticated ones at least, know how to break through it- i guess they figure that if you’re savvy enough to know about, and use something like TOR then you probably are more likely to have something worth hiding-
Also- there is supposed to be a more secure linux- uses soem masking programs and whatnot- there are several- here is a list of soem with their pros and cons:
https://www.bestvpn.com/blog/10314/linux-distributions-built-for-security-and-anonymity/
Copy these instructions in Notepad then save as Stop Ransomware.js
Save as: All files
Most people will assume that is safe to open. Microsoft doesn’t help much because the default icon for a javascript extension resembles a document icon. People will click on this and it will execute the script, connecting to a download server, fetching the ransomware in the form of a Windows program (an .EXE file), and launching it to complete the infection.
The way to stop this is to create a text file with notepad and rename it with the .js extension. Then right click on it and click on “Open with” then click on “Choose default program” and open with Notepad. If you do not see Notepad then click on the Browse button and go to C:\Windows and you then click on Notepad and make sure “Always use the selected program to open this kind of file”.
This way if one accidentally downloads one of these and clicks on it, it won’t run
To show the extension you open a folder then go to Tools> Folder Options> View tab then uncheck Hide extensions for known file types. Now you can see the extension. Remember to check the box after you create the file as described above. I placed my file on the Desktop. Anywhere will do.
That should’ve been “patch,” not “path.” Sorry for the confusion.
Let me step through each piece of your scenario:
If an email doesn’t have an attachment, it’s just a long string of text. Even with an attachment, an email is relatively benign, as any code in the email or the attachment doesn’t just spring to life upon delivery. It’s a payload or a brick of C4. It could be harmful in the right conditions, but its mere existence does not beget tragedy.
You click on a link in the email. The first question that I’d ask is, “Did you look at the URL? Do you know where it’s taking you?” You go on to say you did not and clicked. Here’s where things get muddy. Every web browser functions slightly different from the next. Internet Explorer, for instance, is very permissive by default, so if there was embedded code in the form of Javascript or Java, it likely executed, regardless of its purpose. Firefox and Chrome, on the other hand, will often gently tap the breaks or outright deny access to a site that’s been compromised if it was reported as such. Existence of a site in the Ukraine is not, by itself, a reason for concern. Remember, however, that a site’s name and its hosted location don’t have to be the same. It would take me less than 5 minutes to register a domain in the .ru or .tk top-level domains and point it back to an IP that resides in the US or the UK or anywhere else in the world.
Finally, modern exploits don’t use downloads anymore. Malicious code embedded in the website or even in advertisements can trigger behavior behind the scenes that opens up your computer to being exploited. By virtue of just going to a website or having an advertisement pop up on your screen, you could be compromised. The importance of ad-blocking software that works with your browser cannot be understated. Web companies will grouse that you’re taking away their revenue stream, but you’re protecting yourself. Too many incidents have been reported in the last few years of advertising networks selling ad space to malicious entities who then go on to infect thousands of systems, turning them into botnets. I suggest AdBlock Plus as well as NoScript to prevent the execution of scripts in your browser without your permission.
Bottom line, you might not have anything to worry about, but there’s a small chance that website embedded a cookie on your system or executed some code that could later be used to turn your computer into a botnet zombie. Online link scanning sites are just aggregators of bad endpoints. Check it again, wait a week, check it again, wait a month... if it keeps coming up as “clean,” then it’s likely nothing to worry about. In the interim, run scanning utilities on your system such as Malwarebytes, CCleaner, and provided you have it running, Windows Defender. Also check the Windows firewall and review all of the ports and programs permitted access to the open Internet. If anything looks out of place, disable or delete the rule. If something goes awry with your computer, you can always add the rule back later.
Windows 7 is still in extended support and will continue to receive support until 2020.
As a business entity with an EA that covers a handful of legacy systems, I can tell you that while yes, they’ll help you if you have trouble with, say, Windows XP or Server 2003, the support is not what you might think. In most cases they outsource the labor to third-parties who have experts in those older operating environments. There are instances, however, where that support just doesn’t or can’t fix issues due to the functionality of the operating system itself.
It also affects shared drives. BTDT
[[Did you look at the URL? Do you know where its taking you?]]
Like a dummy nope=- I didn’t- We get frequent emails from the fella- and he’s never forwarded stuff or sent attachments before- and we let our guard down on this one- I know- dumb-
We use firefox under linux- and yep- I’ve seen firefox stop stuff before- usually with a warning about unsigned certificates or something- I got none of that with this particular site though
[[Existence of a site in the Ukraine is not, by itself, a reason for concern.]]
That’s what i was wondering- I shouldn’t have psoted thel ink in this thread- I’m new to all thi crap really- never having had ot deal with a site like that before- I did check it in link scanners- all the regular ones like nortons, web of trust, McCafee etc- and oen that combines like 10 or so checkers- one came up as dangerous - I did include the warning not to click the site- but posted it thinking others might have gotten similar emails with that address- in hindsight i shoulda altered the link to include a space to render it unclickable- or just given the main addy name without the .com stuff- or something- -
My concern though was how do they, the link scanners, check the sites? Just by users submitting what they assume to be dangerous links? If so, then being a new fly by night site, it wouldn’t show up as dangerous
[[Remember, however, that a sites name and its hosted location dont have to be the same.]]
Yup- I’m learning that now- I tend this computer for the family- so I’m gona have to learn what to look for better than i know now- Gah- at my age I’m gonan have to keep learning htis stuff simply because some hackers havent’ got anything better to do than to make other people miserable
[[Finally, modern exploits dont use downloads anymore.]]
That was my main concern- not knowing enough about htis stuff- I have got a lot to learn- I ran into the drive by download junk years ago when it got real bad on the net- You’d look up something like ‘rice cakes’, or ‘Labrador retrievers’ or something innocent, see al ink about dogs, or health food, click on it and immediately get redirected to another site and autodownload would ruin your day- seemed like it was happening a lot- then all of a sudden it seemed to nearly stop- I just assumed Ie got a handle on it and ‘fixed the problem’ didn’t realize sites coudl then infect without downloading stuff-
[[By virtue of just going to a website or having an advertisement pop up on your screen, you could be compromised.]]
There was no advertisement- the page was blank except for the updating messages (you would have to refresh screen- which i did, thinking the site was stalled or soemthing- )
[[The importance of ad-blocking software that works with your browser cannot be understated.]]
I do run adblock+ in firefox- wouldn’t use the Internet without it- I’m also I guess gonna have to look into stopping scripts and just allowing them on sites in an individual case by case situation- Sad that we have to do this- but i guess it’s what we have to do now- my family members are less tech than i am- and I’m not all that good at it myself- so I gotta do something i guess-
[[Online link scanning sites are just aggregators of bad endpoints. Check it again, wait a week, check it again, wait a month...]]
Good advice- I’ll keep running it- I think probably I’m alright being that i use linux- and the links showed ok- and no advertising was present- but my friend i know uses windows- most likely doesn’t have adblock- and i know he wouldn’;t have sent anything like that himself- so he likely has had his email hacked-
I’m also looking into a linux install that runs things in a virtual environment- sounds like that might further isolate any incidents in a sandbox like environment-
When i ran windows- I had a program called rollbackRX- fantastic system restore program on steroids- it could restore computer during boot incase computer wouldn’t start- anytime i ran across anything suspicious on net, I would always do a rollback to before it happened- just to be sure- with linux though I don’t have that choice- worse comes to worse though i could restore from a clone backup i made not long ago- but i think I’m ok at this point- for the reasons listed above-
Thanks for taking the time to go over this- Helped ease my mind about it a bit- I’ll keep running the checks- and inform my friend that their email has been compromised- -
I got this e-mail today:
Find out for a chance to win a Stormtrooper Helmet!
Hello.
Did you know that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain?
Now they can launch a “CEO fraud” spear phishing attack on your organization.
KnowBe4 can help you find out if this is the case with our complimentary Domain Spoof Test and enter you for a chance to win an awesome Stormtrooper Helmet Prop Replica at the same time.
Also, EVERYONE in the US/Canada will receive a real Kevin Mitnick collectible stainless steel lock-pick business card.
Don’t like to click buttons? Copy-and-paste this into your browser:
https://info.knowbe4.com/dst-sweepstakes-062017
Warm Regards,
Stu Sjouwerman
Founder & CEO
KnowBe4, Inc.
A couple weeks after I wrote the post you just responded to, I actually got a junk email (”Your Amazon Order Has Been Canceled”) that had a bona fide Amazon.com sender address.
I have no idea how they could fake that.
If it is possible, it seems like EVERY scammer and hacker in the world would use a bogus corporate return address, but they don't, they almost all use original throw-away domains.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.