Wednesday, June 28, 2017

Pentagon may be prohibited from doing business with Kaspersky, Moscow-based security software popular on home computers in the U.S.

The U.S. Senate is considering a bill prohibiting the Pentagon from doing business with Moscow-based Kaspersky labs, NBC News story.

Geek Squad has often sold Kaspersky, and I have used it on at least two Windows computers. Kaspersky seems to be one of the most pro-active companies in warning about possibly dangerous websites.  It also tends to give amateur sites lower safety ratings than do many other companies.

Update: July 23

The Washington Post reports on local governments using Kaspersky in an article July 23 by Jack Gillum and Aaron C. Davis, link here .

Tuesday, June 27, 2017

Major ransomware attack spreads from Ukraine, related to Petya/eternal blue, locks up boot drive rather than individual files, Microsoft may have patch already

Here is the New York Times story on the latest ransomware attack, called “Petya”, which seemed to spread quickly from the Ukraine this morning   It is also related to a malware scheme of hacking tools called “eternal blue”.

So far, a few American companies, including pharmaceuticals and one law firm, and smaller hospitals have been affected.

Trend Micro has a detailed writeup as of 12:30 PM today. has a detailed story.

It is not clear if users who had installed previous Microsoft vulnerability patches are protected.

It is not clear if the latest Microsoft systems are less vulnerable.  It also spreads through Port 445 (for Microsoft shares).  This virus seems to affect master boot records rather than encrypting files.

 The Microsoft page published today June 27 says that Windows Defender Antivirus removes the threat so it should not be hard for all antivirus companies to do this.

Malware Tech has a good explanation that novices can understand, here.

Eweek has a self-innoculation idea of creating a file called perfc, no extensions or content, in Windows\folder (story).

Thursday, June 22, 2017

Curious phishing email from "Apple-ID" imposter when i walk into an Apple store for a Genius Bar consultation

Just as I checked in an Apple store for genius bar support for an issue I have with my passwords, I got a phishing email from “Apple ID” claiming I had just purchased “Clash of C;ans”, “Box of Gems”.  

There were no credit card transactions in my accounts matching this purchase.

Apple was perplexed, saying this was a phishing email and is checking into the security issue.

Saturday, June 17, 2017

Phishing trojan in Microsoft documents has mouseover vulnerability

Trend Micro reports a version of malware possible in Microsoft documents (specifically PowerPoint) where infection is possible merely by passing a cursor over a link in the document without clicking it.

It’s called OTLARD/Gootkit.  It seems to be spread mainly by phishing attacks to companies where employees are likely to be fooled by official-looking emails.  

Friday, June 16, 2017

iPhone popup malvertising adware claims I have "4 Virus", tries to sell fake removal software

Today, while visiting a Guardian article on anti-gay attitudes in Indonesia on my iPhone6, I kept getting popup urging me to download anti-virus softeare and claiming my phone was “28.1% infected” by the “4 Virus”.  It claimed I had visited adult web sites (I hadn’t).  That’s a dangerous claim. That could be related to other malware claiming you have child pornography.

Note the misuse of the Google trademark, also.

It’s a little concerning because I had popups turned off.  It happened only on this site, and I deleted the cache and cookies afterward.

Interesting article is here,  Here’s something more directly related.

Friday, June 09, 2017

Facebook scam claims the service is no longer free, demands a Ponzi payment

I had an incident Thursday where a Facebook “Friend” who seemed to live in a violence-prone area of the southern Philippines messaged me claiming that Facebook would no longer be free and that I had to pay into some Ponzi scheme.  The message was in poor English.
This is another obvious scam to be aware of.  I did report it, but Facebook has not responded directly.

Wednesday, June 07, 2017

WannaCry now has a chain-letter Ponzi scheme implementation

Now, there is a version of ransomware in the “WannaCry” family that aims at creating a Ponzi scheme,  The target can get her data back and avoid paying the ransom if she infects at least two other computers  It really sounds like the ultimate chain letter, or multi-level marketing scheme.  Always Be Closing, indeed.

Or, to get your data back, become a criminal, "like us".  Break the law.  Resist???
Sheea Frenkel has the Business Day story in the New York Times today, link here.

Tuesday, June 06, 2017

CERT warns of SNMP vulnerability for workplaces

DHS Cert in Pittsburgh is warning of a vulnerability in SNMP, Simple Network Management Protocol, which can be compromised to again unauthorized access to network devices.

This is not as likely to affect individuals or very small businesses, as larger organizations.  It would be possible to target a particular employee, for example, for blame.  So this advisory sounds more like a workplace issue.

That reminds me of the warning back in the early 1980s at a credit reporting company that associates must always sign off when not at the terminals and keep passwords secret, and could be terminated for misuse of their accounts by others.
Workplaces also have a problem in that spammers may imitate the employer’s trademarks and look in phishing attacks that would not work against home users.