• About
  • Contact

Dagny's Desk

Dagny's Desk

Tag Archives: malware

England’s NHS PCs Under Cyber Attack

12 Friday May 2017

Posted by Dagny Gromer in Computers, Software, windows

≈ Leave a comment

Tags

cyber security, malware, windows

Note: the NHS is England’s medical/health system

The NHS has been hit as part of a global cyber-attack that threw hospitals and businesses in the UK and across the world into chaos.

The unprecedented attack on Friday affected 12 countries and at least 16 NHS trusts in the UK, compromising British IT systems that underpin patient safety. Staff across the NHS were locked out of their computers and trusts had to divert emergency patients.

…

“If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?” Anderson said. “This is the sort of thing for which the secretary of state should get roasted in parliament.”

Alan Woodward, visiting professor of computing at the University of Surrey, said that the attack’s success “is likely to be because some organisations have either not applied the patch released by Microsoft, or they are using outdated operating systems”.

Amazingly, NHS’s failure to maintain their Windows PCs is the reason they are in trouble today.

Link: https://www.theguardian.com/society/2017/may/12/hospitals-across-england-hit-by-large-scale-cyber-attack

Here’s some more info: https://www.theatlantic.com/technology/archive/2017/05/a-massive-ransomware-attack-on-the-nhs/526524/

Ransomeware Attack

28 Tuesday Oct 2014

Posted by Dagny Gromer in Computers

≈ Leave a comment

Tags

malware, ransomware

A friend of ours lost a computer and all contained on it to a ransomware attack yesterday. Interestingly, a week of so ago an episode of The Good Wife tv show had a law firm attacked by ransomware. If you’re unfamiliar with the term, in this attack the victim’s computer has all its files encrypted by the hacker and all the computer will do is go to a web page that tells how to pay a ransom to get the key to unencrypted the computer files.

Our friend did not know how he was attacked. Generally its done by an opening an infected email or visiting a malicious web site. He was not able to recover with antivirus software, and he took the computer to a technician who said he could not fix it and that he saw several pc’s with the same infection. Our friend had a backup external drive which he leaves connected to his computer all the time and it too was ruined.

It was a Windows 7 pc that was attacked, but we Mac users should not get careless. To minimize risks: Don’t open emails that are not from someone you know and turn off your email client’s option to display the first few lines of emails automatically. Avoid dubious web sites, especially those that offer pirated software or bootleg movies or music. Porno sites are notorious for hosting malware – the only Mac virus infection I have ever personally seen was delivered by a porno site that required installation of a special media viewer, which was the virus carrier. Installing pirated software is an open invitation to trouble. Keep an offline backup that is not connected to your computer when you are not backing up. Mine stays in a safe.

Malware on Mac OS X

17 Saturday Jul 2010

Posted by Dagny Gromer in apple mac, Computers, Software

≈ 4 Comments

Tags

dns hijack, mac os x, malware, OSX.RSPlug.A, removal, trojan horse

On Friday I saw a Trojan Horse on an OS X (snow leopard) system in the wild. It was the first time I ever saw an infected Mac. Interesting, in the same way seeing a poisonous snake is interesting. Windows malware is common and is everywhere. This was different.

The infected Mac had a DNS hijack trojan. It changed the DNS server addresses to 85.255.116.150 and 85.255.112.148  A whois showed these to be shared hosts in the Ukraine. Going into the DNS settings (system preferences > networking > advanced > dns) and changing these to the desired dns servers did not “stick”, that is they would change back to the wrong ones by the trojan process. When web surfing, sometimes the Mac behaved normally and sometime it would go to seemingly random web sites.

A bit of google research turned up references to a trojan horse called OSX.RSPlug.A This cannot replicate itself, it was installed in error by the user who thought he was installing an updated codec. He was on a “questionable” site … ok he was trying to see a pornographic video and the site said he needed to install a codec update to see it. So here we have the crux of the matter, it was a user error that got this trojan on his mac. Self inflicted.

I found the removal solution at Macworld.com  here:  http://www.macworld.com/article/60823/2007/10/trojanhorse.html To prove the system has this trojan, use the terminal app and enter

sudo crontab -l

the last character is a lower case letter l, not the digit 1. cron is the unix/linux program that runs tasks or jobs at a specific time or interval. crontab is the program which lets you create, view, change, delete these scheduled tasks. If you see something like

* * * * * "/Library/Internet Plug-Ins/plugins.settings">/dev/null 2>&1

you have this malware. This says cron will run the script named plugins.settings on a regular basis. To cancel this,  in terminal enter

sudo crontab -r

then delete the plugins.settings file.  I found it in ~/Library/Internet Plug-Ins directory, not in /Library/Internet Plug-Ins. Do a search to see where it is and delete them all.

This worked, the infected Mac was cured.

Major Spam Sender Shut Down

14 Friday Nov 2008

Posted by Dagny Gromer in Computers

≈ 2 Comments

Tags

malware, spam

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9120162&intsrc=hm_list

Hosting firm shutdown forces botnets to relocate via kwout

A significant source of malware was shut down. It is said to have sent out up to 75% of all the spam emails in addition to controlling several botnets.

Unfortunately, the criminals responsible for this server will likely set up shop again elsewhere.

Some Toxic Windows Malware

19 Saturday Jul 2008

Posted by Dagny Gromer in Computers

≈ Leave a comment

Tags

computer virus, malware, rootkit, windows

A friend of my step son came out of the Phoenix heat to vist. He brought with him an older windows pc that has been transformed into a door stop by malware. Guess who was expected resurrect the thing? Yes, me. I do earn my daily bread working with computers, software, etc. But I really don’t care for the desktop stuff. Oh well. All of us in this field get to be the uncompensated support staff for relatives, friends, friends of relatives, etc.

I expected the usual viruses, adware, and spyware that plagues windows pc’s which are not armored with firewalls, virus scanners, constant os updaters, etc. This one had a few viruses and spybots, but it also had a rootkit. I have never encountered one of these, though I have read about them. I had to peel back layers of malware just to be able to boot into safe mode command line. After a while I decided to just reinstall windows, replacing everything.

Makes me appreciate our Apple MacBookPro and iMac even more!

← Older posts

Pages

  • About
  • Contact

Recent Posts

  • Porcupine
  • Ducks at Goldwater
  • Abert’s squirrel
  • Prescott Az covid death watch update
  • Video: Judy at the dog park

Recent Comments

Dagny Gromer on Fall color in Prescott, A…
Colorful Sisters on Fall color in Prescott, A…
Dagny Gromer on macOS 10.13 High Sierra and Da…
JayClay on macOS 10.13 High Sierra and Da…
You can Buy an Entir… on Cleator AZ
RSS  Subscribe

Flickr Photos

horses_and_riders-20210114-100juvenile_bald_eagle_in_flight-20210114-141juvenile_bald_eagle_in_flight-20210114-139
More Photos
January 2021
S M T W T F S
 12
3456789
10111213141516
17181920212223
24252627282930
31  
« Dec    

Archives

Posts by Category

Dagny on Twitter

My Tweets

Create a free website or blog at WordPress.com.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy