• About
  • Contact

Dagny's Desk

Dagny's Desk

Tag Archives: malware

TikTok is Chinese spyware

20 Tuesday Dec 2022

Posted by Dagny Gromer in Misc.

≈ Leave a comment

Tags

malware, spyware

If you have CCP spyware on your phone, deleting it is a really good idea!

TikTok would be banned from most U.S. government devices under a government spending bill Congress unveiled early Tuesday, the latest push by American lawmakers against the Chinese-owned social media app.

https://abcnews.go.com/Politics/wireStory/congress-moves-ban-tiktok-us-government-devices-95604140
Advertisement

England’s NHS PCs Under Cyber Attack

12 Friday May 2017

Posted by Dagny Gromer in Computers, Software, windows

≈ Leave a comment

Tags

cyber security, malware, windows

Note: the NHS is England’s medical/health system

The NHS has been hit as part of a global cyber-attack that threw hospitals and businesses in the UK and across the world into chaos.

The unprecedented attack on Friday affected 12 countries and at least 16 NHS trusts in the UK, compromising British IT systems that underpin patient safety. Staff across the NHS were locked out of their computers and trusts had to divert emergency patients.

…

“If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?” Anderson said. “This is the sort of thing for which the secretary of state should get roasted in parliament.”

Alan Woodward, visiting professor of computing at the University of Surrey, said that the attack’s success “is likely to be because some organisations have either not applied the patch released by Microsoft, or they are using outdated operating systems”.

Amazingly, NHS’s failure to maintain their Windows PCs is the reason they are in trouble today.

Link: https://www.theguardian.com/society/2017/may/12/hospitals-across-england-hit-by-large-scale-cyber-attack

Here’s some more info: https://www.theatlantic.com/technology/archive/2017/05/a-massive-ransomware-attack-on-the-nhs/526524/

Ransomeware Attack

28 Tuesday Oct 2014

Posted by Dagny Gromer in Computers

≈ Leave a comment

Tags

malware, ransomware

A friend of ours lost a computer and all contained on it to a ransomware attack yesterday. Interestingly, a week of so ago an episode of The Good Wife tv show had a law firm attacked by ransomware. If you’re unfamiliar with the term, in this attack the victim’s computer has all its files encrypted by the hacker and all the computer will do is go to a web page that tells how to pay a ransom to get the key to unencrypted the computer files.

Our friend did not know how he was attacked. Generally its done by an opening an infected email or visiting a malicious web site. He was not able to recover with antivirus software, and he took the computer to a technician who said he could not fix it and that he saw several pc’s with the same infection. Our friend had a backup external drive which he leaves connected to his computer all the time and it too was ruined.

It was a Windows 7 pc that was attacked, but we Mac users should not get careless. To minimize risks: Don’t open emails that are not from someone you know and turn off your email client’s option to display the first few lines of emails automatically. Avoid dubious web sites, especially those that offer pirated software or bootleg movies or music. Porno sites are notorious for hosting malware – the only Mac virus infection I have ever personally seen was delivered by a porno site that required installation of a special media viewer, which was the virus carrier. Installing pirated software is an open invitation to trouble. Keep an offline backup that is not connected to your computer when you are not backing up. Mine stays in a safe.

Malware on Mac OS X

17 Saturday Jul 2010

Posted by Dagny Gromer in apple mac, Computers, Software

≈ 4 Comments

Tags

dns hijack, mac os x, malware, OSX.RSPlug.A, removal, trojan horse

On Friday I saw a Trojan Horse on an OS X (snow leopard) system in the wild. It was the first time I ever saw an infected Mac. Interesting, in the same way seeing a poisonous snake is interesting. Windows malware is common and is everywhere. This was different.

The infected Mac had a DNS hijack trojan. It changed the DNS server addresses to 85.255.116.150 and 85.255.112.148  A whois showed these to be shared hosts in the Ukraine. Going into the DNS settings (system preferences > networking > advanced > dns) and changing these to the desired dns servers did not “stick”, that is they would change back to the wrong ones by the trojan process. When web surfing, sometimes the Mac behaved normally and sometime it would go to seemingly random web sites.

A bit of google research turned up references to a trojan horse called OSX.RSPlug.A This cannot replicate itself, it was installed in error by the user who thought he was installing an updated codec. He was on a “questionable” site … ok he was trying to see a pornographic video and the site said he needed to install a codec update to see it. So here we have the crux of the matter, it was a user error that got this trojan on his mac. Self inflicted.

I found the removal solution at Macworld.com  here:  http://www.macworld.com/article/60823/2007/10/trojanhorse.html To prove the system has this trojan, use the terminal app and enter

sudo crontab -l

the last character is a lower case letter l, not the digit 1. cron is the unix/linux program that runs tasks or jobs at a specific time or interval. crontab is the program which lets you create, view, change, delete these scheduled tasks. If you see something like

* * * * * "/Library/Internet Plug-Ins/plugins.settings">/dev/null 2>&1

you have this malware. This says cron will run the script named plugins.settings on a regular basis. To cancel this,  in terminal enter

sudo crontab -r

then delete the plugins.settings file.  I found it in ~/Library/Internet Plug-Ins directory, not in /Library/Internet Plug-Ins. Do a search to see where it is and delete them all.

This worked, the infected Mac was cured.

Major Spam Sender Shut Down

14 Friday Nov 2008

Posted by Dagny Gromer in Computers

≈ 2 Comments

Tags

malware, spam

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9120162&intsrc=hm_list

Hosting firm shutdown forces botnets to relocate via kwout

A significant source of malware was shut down. It is said to have sent out up to 75% of all the spam emails in addition to controlling several botnets.

Unfortunately, the criminals responsible for this server will likely set up shop again elsewhere.

← Older posts

Pages

  • About
  • Contact

Recent Posts

  • Cormorant eating a trout
  • Duck eating crayfish
  • Northern shoveler
  • Sparrow
  • Bald eagles

Recent Comments

Dagny Gromer on Anya RIP
rachelmankowitz on Anya RIP
Dagny Gromer on macOS Monterey
Dagny Gromer on Arizona is on fire!
Ric on Arizona is on fire!
RSS  Subscribe

Flickr Photos

cormorant_water_landing-20230318-100male_mandarin_duck-20230318-100-Editcormorant-20230318-104
More Photos
March 2023
S M T W T F S
 1234
567891011
12131415161718
19202122232425
262728293031  
« Feb    

Archives

Posts by Category

Dagny on Twitter

My Tweets

Blog at WordPress.com.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Dagny's Desk
    • Join 640 other followers
    • Already have a WordPress.com account? Log in now.
    • Dagny's Desk
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar