Major ransomware attack spreads from Ukraine, related to Petya/eternal blue, locks up boot drive rather than individual files, Microsoft may have patch already

Here is the New York Times story on the latest ransomware attack, called “Petya”, which seemed to spread quickly from the Ukraine this morning   It is also related to a malware scheme called “eternal blue”.

So far, a few American companies, including pharmaceuticals and one law firm, and smaller hospitals have been affected.

Trend Micro has a detailed writeup as of 12:30 PM today.

Heavy.com has a detailed story.

It is not clear if users who had installed previous Microsoft vulnerability patches are protected.



It is not clear if the latest Microsoft systems are less vulnerable.  It also spreads through Port 445 (for Microsoft shares).  This virus seems to affect master boot records rather than encrypting files.

 The Microsoft page published today June 27 says that Windows Defender Antivirus removes the threat so it should not be hard for all antivirus companies to do this.

Malware Tech has a good explanation that novices can understand, here.

Curious phishing email from "Apple-ID" imposter when i walk into an Apple store for a Genius Bar consultation

Just as I checked in an Apple store for genius bar support for an issue I have with my passwords, I got a phishing email from “Apple ID” claiming I had just purchased “Clash of C;ans”, “Box of Gems”.  

There were no credit card transactions in my accounts matching this purchase.

Apple was perplexed, saying this was a phishing email and is checking into the security issue.

Phishing trojan in Microsoft documents has mouseover vulnerability

Trend Micro reports a version of malware possible in Microsoft documents (specifically PowerPoint) where infection is possible merely by passing a cursor over a link in the document without clicking it.

It’s called OTLARD/Gootkit.  It seems to be spread mainly by phishing attacks to companies where employees are likely to be fooled by official-looking emails.  

iPhone popup malvertising adware claims I have "4 Virus", tries to sell fake removal software

Today, while visiting a Guardian article on anti-gay attitudes in Indonesia on my iPhone6, I kept getting popup urging me to download anti-virus softeare and claiming my phone was “28.1% infected” by the “4 Virus”.  It claimed I had visited adult web sites (I hadn’t).  That’s a dangerous claim. That could be related to other malware claiming you have child pornography.

Note the misuse of the Google trademark, also.



It’s a little concerning because I had popups turned off.  It happened only on this site, and I deleted the cache and cookies afterward.

Interesting article is here,  Here’s something more directly related.

Facebook scam claims the service is no longer free, demands a Ponzi payment

I had an incident Thursday where a Facebook “Friend” who seemed to live in a violence-prone area of the southern Philippines messaged me claiming that Facebook would no longer be free and that I had to pay into some Ponzi scheme.  The message was in poor English.
 
This is another obvious scam to be aware of.  I did report it, but Facebook has not responded directly.

WannaCry now has a chain-letter Ponzi scheme implementation

Now, there is a version of ransomware in the “WannaCry” family that aims at creating a Ponzi scheme,  The target can get her data back and avoid paying the ransom if she infects at least two other computers  It really sounds like the ultimate chain letter, or multi-level marketing scheme.  Always Be Closing, indeed.

Or, to get your data back, become a criminal, "like us".  Break the law.  Resist???
 
Sheea Frenkel has the Business Day story in the New York Times today, link here.

CERT warns of SNMP vulnerability for workplaces

DHS Cert in Pittsburgh is warning of a vulnerability in SNMP, Simple Network Management Protocol, which can be compromised to again unauthorized access to network devices.

This is not as likely to affect individuals or very small businesses, as larger organizations.  It would be possible to target a particular employee, for example, for blame.  So this advisory sounds more like a workplace issue.
 


That reminds me of the warning back in the early 1980s at a credit reporting company that associates must always sign off when not at the terminals and keep passwords secret, and could be terminated for misuse of their accounts by others.
 
Workplaces also have a problem in that spammers may imitate the employer’s trademarks and look in phishing attacks that would not work against home users.