Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafemuddy

Post to this Thread - Sort Descending - Printer Friendly - Home


Tech: New Email Virus

GUEST,ChrisJBady 27 Feb 17 - 04:00 AM
GUEST,nickp (cookieless) 27 Feb 17 - 04:53 AM
TheSnail 27 Feb 17 - 05:24 AM
Mr Red 27 Feb 17 - 05:27 AM
GUEST,Grishka 27 Feb 17 - 05:27 AM
EBarnacle 27 Feb 17 - 09:31 AM
Steve Gardham 27 Feb 17 - 09:57 AM
DaveRo 27 Feb 17 - 10:13 AM
leeneia 27 Feb 17 - 12:41 PM
Nigel Parsons 27 Feb 17 - 12:41 PM
Nigel Parsons 27 Feb 17 - 12:43 PM
Joe Offer 28 Feb 17 - 01:43 AM
Thompson 28 Feb 17 - 02:29 AM
DaveRo 28 Feb 17 - 02:30 AM
Mr Red 28 Feb 17 - 03:31 AM
Joe Offer 28 Feb 17 - 04:35 AM
GUEST,ChrisJBady 28 Feb 17 - 07:15 AM
GUEST,ChrisJBady 28 Feb 17 - 07:47 AM
Mr Red 28 Feb 17 - 04:57 PM
Mysha 28 Feb 17 - 11:45 PM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:





Subject: Tech: New Email Virus
From: GUEST,ChrisJBady
Date: 27 Feb 17 - 04:00 AM

There's a clever virus that's suddenly appeared. It issues 'Enter' key strokes at odd times or when triggered by some event.

I think that its designed to emulate clicks on emails with single URLs which lead to rogue websites - the so-called Yahoo Mail / Wordpress rootkit trojan virus (Google this).

I got it when I received a damned email about restoring hair loss. The text of this was embedded in an image. There was a link for unsuscribing from further such emails. I clicked on that and saw that it was going to take me to a rogue web site itself until I realised the danger and immediately closed the browser.

But likely the damage had been done by then.

It appears that the Enter key is emulated when typing text. The effect in Mudcat is to post text before it is ready to send.

The more serious effect in emails is to emukate clicking on a rogue URL and being sent to a rogue website laden with trojan viruses (virii?).

Take care.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: GUEST,nickp (cookieless)
Date: 27 Feb 17 - 04:53 AM

I have had similar when Win 10 decides that hovering over a link means I want to open it. I have a suspicion that there's a mouse setting that I changed. Of course, that may be a complete red herring.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: TheSnail
Date: 27 Feb 17 - 05:24 AM

Never unsubscribe from that sort of email, mark them as spam.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: Mr Red
Date: 27 Feb 17 - 05:27 AM

I have seen something like this, when it happens you don't always know what you did, or didn't do!

I have seen clickbait doing this. Websites deliberately scroll at odd intervals as you click over "next" only to find the pop-up layer has snook under the cursor.

Any virus described in the OP will be trading on this scenario. I usually look at the headers in e-mails, if you have a load of addresses (changed often) you get to spot most rubbish because they send to an inappropriate address like honeypot@caughtyou.com (eg).


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: GUEST,Grishka
Date: 27 Feb 17 - 05:27 AM

Just two points on a very large topic:

There is no point in "unsubscribing" to anything you have never subscribed to.

There is no point in reacting in any way to a mail that does not look as if it were directed at you personally by a person who has a good reason to mail you. "Hi, look at this! Susan" does not qualify; delete it immediately; never click.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: EBarnacle
Date: 27 Feb 17 - 09:31 AM

My criterion is simpler: If the sender address looks wrong, it probably is. I then delete it, marking it as a scam.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: Steve Gardham
Date: 27 Feb 17 - 09:57 AM

I had 2 hits from a Trojan 3 days ago, probably the same thing. It took me a day to get rid of them. My virus protectors eventually did the job.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: DaveRo
Date: 27 Feb 17 - 10:13 AM

I wonder how many Windows users here use admin accounts?

Non-admin accounts mitigate 94% of critical Windows vulnerabilities

The last new computer I bought had Win XP and I remember that by default it set itself up insecurely - i.e. with a single admin account. It was a battle to change it - and I knew what I was trying to achieve. An ordinary person would have had no chance.

I don't know if about Windows 7 and later were the same.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: leeneia
Date: 27 Feb 17 - 12:41 PM

Thanks for the info, Dave.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: Nigel Parsons
Date: 27 Feb 17 - 12:41 PM

Okay. I read the link, and all the comments.
I've always thought I need to be an administrator, but my kids didn't.
It never occurred to me to set up a separate non-admin account for myself, but it seems a no-brainer.
And another account for all the photos I keep on my desktop which slows the loading. Except for the ones of items for Ebay, which can go into another ID just for that purpose.
WooHoo, I feel just like Triplicate Girl from the L.S.H.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: Nigel Parsons
Date: 27 Feb 17 - 12:43 PM

Oh, (just reminded myself)and another ID for all my digitized comics


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: Joe Offer
Date: 28 Feb 17 - 01:43 AM

Hi, Chris -
I'm hoping somebody comes up with a solution. Is there a way to remove this virus without losing data?

I had a similar problem a month ago, and it caused me to quit a volunteer IT job I had for 18 years. The development director of our nonprofit got the "Merry Christmas" ransomware virus. A popup told her she needed to load fonts onto Google Chrome in order to view a Web page. The popup looked credible, so she approved the download. Then she tried to pass the blame onto me, saying I had not kept our Norton Antivirus and our backup software up-to-date (something I had done religiously for years). She then proceeded to tamper with our antivirus and backup software, and texted me that she and the Board of Directors needed to know why I hadn't kept them up-to-date.

I am surprised that Norton allowed her to approve the download and that Windows allowed her to run the *.exe file. Maybe they did try to stop her, but she's an impetuous sort that isn't stopped by anything.

Anyhow, I felt that my trust relationship with the nonprofit's staff had been broken, so I quit. I had been donating $500 a year and driving 100 miles a week for that organization, but I don't need that kind of crap. I had years of experience to offer them, but sometimes young staff members of nonprofits don't respect that and just treat their volunteers like old guys that don't know anything.

Hope you find a solution to your virus, Chris.

-Joe-


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: Thompson
Date: 28 Feb 17 - 02:29 AM

There's also supposed to be a phone scam going around. Some randomer calls and during the call asks "Can you hear me?" When you say "Yes", your "Yes" is recorded and can, apparently, be used to give your "consent" to spending lots of money on nothing.

However, Snopes http://www.snopes.com/can-you-hear-me-scam says it's "unproven"… use your judgment.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: DaveRo
Date: 28 Feb 17 - 02:30 AM

Probably this_exploit. Very tricky - the malware is not in the email but in the website, so the browser itself is the first line of defence.

It says "currently only 9 out of 59 anti-virus software in the database accurately identify the file as malware." And that's a month after it appeared.

The individual who fell for it needs some training.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: Mr Red
Date: 28 Feb 17 - 03:31 AM

When you say "Yes", your "Yes" is recorded

They would need more information. Your name and date of birth. If they asked for those you would be alerted. They need your account number etc too, so that the recording matched the set-up. Simple use of recording could be outflanked by testing for echoes, if it was part of the security.

You would have to be high profile, lots of money in one hit to make it worth while.

And FWIW - if Farcebookers (etc) believe I was born on the 1st of January 1980 don't send birthday wishes. It is a security wheeze. All users should have thought it through! They don't need your true data, and friends know you better. Or aren't friends.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: Joe Offer
Date: 28 Feb 17 - 04:35 AM

Mr. Red, wasn't January 1, 1980, the default date for old DOS computers if you didn't set the date or if you had a power failure?

My first computer had two floppy drives and DOS 2.0 - my employer installed a 20-megabyte hard drive about 6 months later.

I like it that my computers and cameras remember the date. Wish my alarm clock would do the same when the power goes off.

-Joe-


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: GUEST,ChrisJBady
Date: 28 Feb 17 - 07:15 AM

The Yahoo / Wordpress rootkit virus is one of the most widespread. And it seems that users of smart phones are the most caught by this. When users receive a rogue email via their computer they are less likely to click on the rogue link it contains. But with a smart phone it is all too easy to click on a link in an email and not realise the consequeces.

It works like this: Yahoo Mail users receive a short one line email saying something like: "Hello - I found this, it is amazing, click here." The 'click here' link goes to a rogue website of which there are hundreds (thousands?).

Clicking on this link sends the unwitting user to a rogue website. This does a number of things:

1/ It installs the virus code onto the user's device - the code is written in XML or Javascript and well embedded into the rootkit of the device - hence the name - and it replaces some system files with identically named ones making it difficult to spot and remove - and since it is written in XML / Javascript the virus is undetected by most virus protections apps

2/ It copies and sends the user's contact list to the scammers - it does not 'hack' the email account per se, the user is already logged in - so changing the password afterwards is of no use

3/ The virus then sits there on the user's device generating identical copies of the original email and sending them out to his/her contacts

4/ With the user's contact list the criminals can later send out further emails along the lines of "so and so has made a surprise visit overseas, has lost his/her passport, is ill in hospital, please send cash to this account number ..." - the account number of course belongs to the scammers

There are many variants of this virus. The code is available on the Dark Web for a couple of hundred bucks. It is populuar with bored script kiddies at colleges.

It can be removed by Kasperky's TDSSKILLER - but needs to be run on all computers AND devices such as smart phones that have been used to access the email account affected.

A relative of mine gave me a hard time when a TDSSKILLER scan didn't find anything on his computer. The virus was actually on his phone. Both were used for sending / receiving Yahoo emails from the same account.

This virus has been around for years. It is reportedly due to a weakness in the cookies used by Yahoo Mail and Wordpress. Nothing has been done about it.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: GUEST,ChrisJBady
Date: 28 Feb 17 - 07:47 AM

Joe -

The Google font virus is a nasty one. With ransomware the virus disrupts the indexing structure of all data files on a device making it impossible to rescue them. It also extends to any other device that is attached like an external hard-drive, backup drive, etc.

There was a case recently where the virus code itself was bad, so that once scrambled, the affected files couldn't be unscrambled even though the ransom had been paid.

Ransomware virues are also spread by emails with attachments. These latter are usually zip or exe files masquerading as financial accounts, orders for goods, or delivery instructions.

The best way to avoid them is not to open any attachment unless the sender has pre-arranged to send somethng. Keep back-up drives off-line. Make regular duplicate back-ups and keep them in different places.

AND NEVER INSTALL ANYTHING THAT YOU HAVE NOT PERSONALLY RESEARCHED &/OR REQUESTED.

This all beggars the issue of Microsoft automatically downloading updates and installing them on a million (billion?) devices without the knowledge or authorization of the owner(s).

Just think if those with terrorist inclinations infiltrated Microsoft and managed to send out and install rogue updates that screwed up 90% of the world's computers and digitial devices.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: Mr Red
Date: 28 Feb 17 - 04:57 PM

the default date for old DOS computers if you didn't set the date or if you had a power failure?

default date for me. And taking of power failure, I think I am in need of another cookie or two.

And talking of computers, these cookies have chips in them too!

And talking of M$ updates - they are not averse to updating and forgetting some choice aspect involving the serious users. Like disabling part of VBA. Answer then was delete this obscure (go-faster) file and it will be re-constructed.
Thanks M$ - now you tell us (actually Stackoverflow did it for you).


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: New Email Virus
From: Mysha
Date: 28 Feb 17 - 11:45 PM

Hi,

Joe, maybe you should look for an alarm clock with a battery backup.

Bye,
                                                                Mysha


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 16 November 1:04 PM EST

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.