20 Tuesday Dec 2022
Posted in Misc.
If you have CCP spyware on your phone, deleting it is a really good idea!
TikTok would be banned from most U.S. government devices under a government spending bill Congress unveiled early Tuesday, the latest push by American lawmakers against the Chinese-owned social media app.
https://abcnews.go.com/Politics/wireStory/congress-moves-ban-tiktok-us-government-devices-95604140
12 Friday May 2017
Tags
Note: the NHS is England’s medical/health system
The NHS has been hit as part of a global cyber-attack that threw hospitals and businesses in the UK and across the world into chaos.
The unprecedented attack on Friday affected 12 countries and at least 16 NHS trusts in the UK, compromising British IT systems that underpin patient safety. Staff across the NHS were locked out of their computers and trusts had to divert emergency patients.
…
“If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?” Anderson said. “This is the sort of thing for which the secretary of state should get roasted in parliament.”
Alan Woodward, visiting professor of computing at the University of Surrey, said that the attack’s success “is likely to be because some organisations have either not applied the patch released by Microsoft, or they are using outdated operating systems”.
Amazingly, NHS’s failure to maintain their Windows PCs is the reason they are in trouble today.
Here’s some more info: https://www.theatlantic.com/technology/archive/2017/05/a-massive-ransomware-attack-on-the-nhs/526524/
28 Tuesday Oct 2014
Posted in Computers
Tags
A friend of ours lost a computer and all contained on it to a ransomware attack yesterday. Interestingly, a week of so ago an episode of The Good Wife tv show had a law firm attacked by ransomware. If you’re unfamiliar with the term, in this attack the victim’s computer has all its files encrypted by the hacker and all the computer will do is go to a web page that tells how to pay a ransom to get the key to unencrypted the computer files.
Our friend did not know how he was attacked. Generally its done by an opening an infected email or visiting a malicious web site. He was not able to recover with antivirus software, and he took the computer to a technician who said he could not fix it and that he saw several pc’s with the same infection. Our friend had a backup external drive which he leaves connected to his computer all the time and it too was ruined.
It was a Windows 7 pc that was attacked, but we Mac users should not get careless. To minimize risks: Don’t open emails that are not from someone you know and turn off your email client’s option to display the first few lines of emails automatically. Avoid dubious web sites, especially those that offer pirated software or bootleg movies or music. Porno sites are notorious for hosting malware – the only Mac virus infection I have ever personally seen was delivered by a porno site that required installation of a special media viewer, which was the virus carrier. Installing pirated software is an open invitation to trouble. Keep an offline backup that is not connected to your computer when you are not backing up. Mine stays in a safe.
17 Saturday Jul 2010
Tags
dns hijack, mac os x, malware, OSX.RSPlug.A, removal, trojan horse
On Friday I saw a Trojan Horse on an OS X (snow leopard) system in the wild. It was the first time I ever saw an infected Mac. Interesting, in the same way seeing a poisonous snake is interesting. Windows malware is common and is everywhere. This was different.
The infected Mac had a DNS hijack trojan. It changed the DNS server addresses to 85.255.116.150 and 85.255.112.148 A whois showed these to be shared hosts in the Ukraine. Going into the DNS settings (system preferences > networking > advanced > dns) and changing these to the desired dns servers did not “stick”, that is they would change back to the wrong ones by the trojan process. When web surfing, sometimes the Mac behaved normally and sometime it would go to seemingly random web sites.
A bit of google research turned up references to a trojan horse called OSX.RSPlug.A This cannot replicate itself, it was installed in error by the user who thought he was installing an updated codec. He was on a “questionable” site … ok he was trying to see a pornographic video and the site said he needed to install a codec update to see it. So here we have the crux of the matter, it was a user error that got this trojan on his mac. Self inflicted.
I found the removal solution at Macworld.com here: http://www.macworld.com/article/60823/2007/10/trojanhorse.html To prove the system has this trojan, use the terminal app and enter
sudo crontab -l
the last character is a lower case letter l, not the digit 1. cron is the unix/linux program that runs tasks or jobs at a specific time or interval. crontab is the program which lets you create, view, change, delete these scheduled tasks. If you see something like
* * * * * "/Library/Internet Plug-Ins/plugins.settings">/dev/null 2>&1
you have this malware. This says cron will run the script named plugins.settings on a regular basis. To cancel this, in terminal enter
sudo crontab -r
then delete the plugins.settings file. I found it in ~/Library/Internet Plug-Ins directory, not in /Library/Internet Plug-Ins. Do a search to see where it is and delete them all.
This worked, the infected Mac was cured.
14 Friday Nov 2008
Posted in Computers
Hosting firm shutdown forces botnets to relocate via kwout
A significant source of malware was shut down. It is said to have sent out up to 75% of all the spam emails in addition to controlling several botnets.
Unfortunately, the criminals responsible for this server will likely set up shop again elsewhere.
Dagny's Desk 