|
27 Feb 17 - 04:00 AM (#3841841) Subject: Tech: New Email Virus From: GUEST,ChrisJBady There's a clever virus that's suddenly appeared. It issues 'Enter' key strokes at odd times or when triggered by some event. I think that its designed to emulate clicks on emails with single URLs which lead to rogue websites - the so-called Yahoo Mail / Wordpress rootkit trojan virus (Google this). I got it when I received a damned email about restoring hair loss. The text of this was embedded in an image. There was a link for unsuscribing from further such emails. I clicked on that and saw that it was going to take me to a rogue web site itself until I realised the danger and immediately closed the browser. But likely the damage had been done by then. It appears that the Enter key is emulated when typing text. The effect in Mudcat is to post text before it is ready to send. The more serious effect in emails is to emukate clicking on a rogue URL and being sent to a rogue website laden with trojan viruses (virii?). Take care. |
|
27 Feb 17 - 04:53 AM (#3841851) Subject: RE: Tech: New Email Virus From: GUEST,nickp (cookieless) I have had similar when Win 10 decides that hovering over a link means I want to open it. I have a suspicion that there's a mouse setting that I changed. Of course, that may be a complete red herring. |
|
27 Feb 17 - 05:24 AM (#3841858) Subject: RE: Tech: New Email Virus From: TheSnail Never unsubscribe from that sort of email, mark them as spam. |
|
27 Feb 17 - 05:27 AM (#3841859) Subject: RE: Tech: New Email Virus From: Mr Red I have seen something like this, when it happens you don't always know what you did, or didn't do! I have seen clickbait doing this. Websites deliberately scroll at odd intervals as you click over "next" only to find the pop-up layer has snook under the cursor. Any virus described in the OP will be trading on this scenario. I usually look at the headers in e-mails, if you have a load of addresses (changed often) you get to spot most rubbish because they send to an inappropriate address like honeypot@caughtyou.com (eg). |
|
27 Feb 17 - 05:27 AM (#3841860) Subject: RE: Tech: New Email Virus From: GUEST,Grishka Just two points on a very large topic: There is no point in "unsubscribing" to anything you have never subscribed to. There is no point in reacting in any way to a mail that does not look as if it were directed at you personally by a person who has a good reason to mail you. "Hi, look at this! Susan" does not qualify; delete it immediately; never click. |
|
27 Feb 17 - 09:31 AM (#3841919) Subject: RE: Tech: New Email Virus From: EBarnacle My criterion is simpler: If the sender address looks wrong, it probably is. I then delete it, marking it as a scam. |
|
27 Feb 17 - 09:57 AM (#3841923) Subject: RE: Tech: New Email Virus From: Steve Gardham I had 2 hits from a Trojan 3 days ago, probably the same thing. It took me a day to get rid of them. My virus protectors eventually did the job. |
|
27 Feb 17 - 10:13 AM (#3841926) Subject: RE: Tech: New Email Virus From: DaveRo I wonder how many Windows users here use admin accounts? Non-admin accounts mitigate 94% of critical Windows vulnerabilities The last new computer I bought had Win XP and I remember that by default it set itself up insecurely - i.e. with a single admin account. It was a battle to change it - and I knew what I was trying to achieve. An ordinary person would have had no chance. I don't know if about Windows 7 and later were the same. |
|
27 Feb 17 - 12:41 PM (#3841960) Subject: RE: Tech: New Email Virus From: leeneia Thanks for the info, Dave. |
|
27 Feb 17 - 12:41 PM (#3841961) Subject: RE: Tech: New Email Virus From: Nigel Parsons Okay. I read the link, and all the comments. I've always thought I need to be an administrator, but my kids didn't. It never occurred to me to set up a separate non-admin account for myself, but it seems a no-brainer. And another account for all the photos I keep on my desktop which slows the loading. Except for the ones of items for Ebay, which can go into another ID just for that purpose. WooHoo, I feel just like Triplicate Girl from the L.S.H. |
|
27 Feb 17 - 12:43 PM (#3841962) Subject: RE: Tech: New Email Virus From: Nigel Parsons Oh, (just reminded myself)and another ID for all my digitized comics |
|
28 Feb 17 - 01:43 AM (#3842032) Subject: RE: Tech: New Email Virus From: Joe Offer Hi, Chris - I'm hoping somebody comes up with a solution. Is there a way to remove this virus without losing data? I had a similar problem a month ago, and it caused me to quit a volunteer IT job I had for 18 years. The development director of our nonprofit got the "Merry Christmas" ransomware virus. A popup told her she needed to load fonts onto Google Chrome in order to view a Web page. The popup looked credible, so she approved the download. Then she tried to pass the blame onto me, saying I had not kept our Norton Antivirus and our backup software up-to-date (something I had done religiously for years). She then proceeded to tamper with our antivirus and backup software, and texted me that she and the Board of Directors needed to know why I hadn't kept them up-to-date. I am surprised that Norton allowed her to approve the download and that Windows allowed her to run the *.exe file. Maybe they did try to stop her, but she's an impetuous sort that isn't stopped by anything. Anyhow, I felt that my trust relationship with the nonprofit's staff had been broken, so I quit. I had been donating $500 a year and driving 100 miles a week for that organization, but I don't need that kind of crap. I had years of experience to offer them, but sometimes young staff members of nonprofits don't respect that and just treat their volunteers like old guys that don't know anything. Hope you find a solution to your virus, Chris. -Joe- |
|
28 Feb 17 - 02:29 AM (#3842035) Subject: RE: Tech: New Email Virus From: Thompson There's also supposed to be a phone scam going around. Some randomer calls and during the call asks "Can you hear me?" When you say "Yes", your "Yes" is recorded and can, apparently, be used to give your "consent" to spending lots of money on nothing. However, Snopes http://www.snopes.com/can-you-hear-me-scam says it's "unproven"… use your judgment. |
|
28 Feb 17 - 02:30 AM (#3842036) Subject: RE: Tech: New Email Virus From: DaveRo Probably this_exploit. Very tricky - the malware is not in the email but in the website, so the browser itself is the first line of defence. It says "currently only 9 out of 59 anti-virus software in the database accurately identify the file as malware." And that's a month after it appeared. The individual who fell for it needs some training. |
|
28 Feb 17 - 03:31 AM (#3842043) Subject: RE: Tech: New Email Virus From: Mr Red When you say "Yes", your "Yes" is recorded They would need more information. Your name and date of birth. If they asked for those you would be alerted. They need your account number etc too, so that the recording matched the set-up. Simple use of recording could be outflanked by testing for echoes, if it was part of the security. You would have to be high profile, lots of money in one hit to make it worth while. And FWIW - if Farcebookers (etc) believe I was born on the 1st of January 1980 don't send birthday wishes. It is a security wheeze. All users should have thought it through! They don't need your true data, and friends know you better. Or aren't friends. |
|
28 Feb 17 - 04:35 AM (#3842048) Subject: RE: Tech: New Email Virus From: Joe Offer Mr. Red, wasn't January 1, 1980, the default date for old DOS computers if you didn't set the date or if you had a power failure? My first computer had two floppy drives and DOS 2.0 - my employer installed a 20-megabyte hard drive about 6 months later. I like it that my computers and cameras remember the date. Wish my alarm clock would do the same when the power goes off. -Joe- |
|
28 Feb 17 - 07:15 AM (#3842090) Subject: RE: Tech: New Email Virus From: GUEST,ChrisJBady The Yahoo / Wordpress rootkit virus is one of the most widespread. And it seems that users of smart phones are the most caught by this. When users receive a rogue email via their computer they are less likely to click on the rogue link it contains. But with a smart phone it is all too easy to click on a link in an email and not realise the consequeces. It works like this: Yahoo Mail users receive a short one line email saying something like: "Hello - I found this, it is amazing, click here." The 'click here' link goes to a rogue website of which there are hundreds (thousands?). Clicking on this link sends the unwitting user to a rogue website. This does a number of things: 1/ It installs the virus code onto the user's device - the code is written in XML or Javascript and well embedded into the rootkit of the device - hence the name - and it replaces some system files with identically named ones making it difficult to spot and remove - and since it is written in XML / Javascript the virus is undetected by most virus protections apps 2/ It copies and sends the user's contact list to the scammers - it does not 'hack' the email account per se, the user is already logged in - so changing the password afterwards is of no use 3/ The virus then sits there on the user's device generating identical copies of the original email and sending them out to his/her contacts 4/ With the user's contact list the criminals can later send out further emails along the lines of "so and so has made a surprise visit overseas, has lost his/her passport, is ill in hospital, please send cash to this account number ..." - the account number of course belongs to the scammers There are many variants of this virus. The code is available on the Dark Web for a couple of hundred bucks. It is populuar with bored script kiddies at colleges. It can be removed by Kasperky's TDSSKILLER - but needs to be run on all computers AND devices such as smart phones that have been used to access the email account affected. A relative of mine gave me a hard time when a TDSSKILLER scan didn't find anything on his computer. The virus was actually on his phone. Both were used for sending / receiving Yahoo emails from the same account. This virus has been around for years. It is reportedly due to a weakness in the cookies used by Yahoo Mail and Wordpress. Nothing has been done about it. |
|
28 Feb 17 - 07:47 AM (#3842098) Subject: RE: Tech: New Email Virus From: GUEST,ChrisJBady Joe - The Google font virus is a nasty one. With ransomware the virus disrupts the indexing structure of all data files on a device making it impossible to rescue them. It also extends to any other device that is attached like an external hard-drive, backup drive, etc. There was a case recently where the virus code itself was bad, so that once scrambled, the affected files couldn't be unscrambled even though the ransom had been paid. Ransomware virues are also spread by emails with attachments. These latter are usually zip or exe files masquerading as financial accounts, orders for goods, or delivery instructions. The best way to avoid them is not to open any attachment unless the sender has pre-arranged to send somethng. Keep back-up drives off-line. Make regular duplicate back-ups and keep them in different places. AND NEVER INSTALL ANYTHING THAT YOU HAVE NOT PERSONALLY RESEARCHED &/OR REQUESTED. This all beggars the issue of Microsoft automatically downloading updates and installing them on a million (billion?) devices without the knowledge or authorization of the owner(s). Just think if those with terrorist inclinations infiltrated Microsoft and managed to send out and install rogue updates that screwed up 90% of the world's computers and digitial devices. |
|
28 Feb 17 - 04:57 PM (#3842193) Subject: RE: Tech: New Email Virus From: Mr Red the default date for old DOS computers if you didn't set the date or if you had a power failure? default date for me. And taking of power failure, I think I am in need of another cookie or two. And talking of computers, these cookies have chips in them too! And talking of M$ updates - they are not averse to updating and forgetting some choice aspect involving the serious users. Like disabling part of VBA. Answer then was delete this obscure (go-faster) file and it will be re-constructed. Thanks M$ - now you tell us (actually Stackoverflow did it for you). |
|
28 Feb 17 - 11:45 PM (#3842220) Subject: RE: Tech: New Email Virus From: Mysha Hi, Joe, maybe you should look for an alarm clock with a battery backup. Bye, Mysha |