England’s NHS PCs Under Cyber Attack

Tags

cyber security, malware, windows

Note: the NHS is England’s medical/health system

The NHS has been hit as part of a global cyber-attack that threw hospitals and businesses in the UK and across the world into chaos.

The unprecedented attack on Friday affected 12 countries and at least 16 NHS trusts in the UK, compromising British IT systems that underpin patient safety. Staff across the NHS were locked out of their computers and trusts had to divert emergency patients.

…

“If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?” Anderson said. “This is the sort of thing for which the secretary of state should get roasted in parliament.”

Alan Woodward, visiting professor of computing at the University of Surrey, said that the attack’s success “is likely to be because some organisations have either not applied the patch released by Microsoft, or they are using outdated operating systems”.

Amazingly, NHS’s failure to maintain their Windows PCs is the reason they are in trouble today.

Link: https://www.theguardian.com/society/2017/may/12/hospitals-across-england-hit-by-large-scale-cyber-attack

Here’s some more info: https://www.theatlantic.com/technology/archive/2017/05/a-massive-ransomware-attack-on-the-nhs/526524/

Ransomeware Attack

Tags

malware, ransomware

A friend of ours lost a computer and all contained on it to a ransomware attack yesterday. Interestingly, a week of so ago an episode of The Good Wife tv show had a law firm attacked by ransomware. If you’re unfamiliar with the term, in this attack the victim’s computer has all its files encrypted by the hacker and all the computer will do is go to a web page that tells how to pay a ransom to get the key to unencrypted the computer files.

Our friend did not know how he was attacked. Generally its done by an opening an infected email or visiting a malicious web site. He was not able to recover with antivirus software, and he took the computer to a technician who said he could not fix it and that he saw several pc’s with the same infection. Our friend had a backup external drive which he leaves connected to his computer all the time and it too was ruined.

It was a Windows 7 pc that was attacked, but we Mac users should not get careless. To minimize risks: Don’t open emails that are not from someone you know and turn off your email client’s option to display the first few lines of emails automatically. Avoid dubious web sites, especially those that offer pirated software or bootleg movies or music. Porno sites are notorious for hosting malware – the only Mac virus infection I have ever personally seen was delivered by a porno site that required installation of a special media viewer, which was the virus carrier. Installing pirated software is an open invitation to trouble. Keep an offline backup that is not connected to your computer when you are not backing up. Mine stays in a safe.

Malware on Mac OS X

Tags

dns hijack, mac os x, malware, OSX.RSPlug.A, removal, trojan horse

On Friday I saw a Trojan Horse on an OS X (snow leopard) system in the wild. It was the first time I ever saw an infected Mac. Interesting, in the same way seeing a poisonous snake is interesting. Windows malware is common and is everywhere. This was different.

The infected Mac had a DNS hijack trojan. It changed the DNS server addresses to 85.255.116.150 and 85.255.112.148  A whois showed these to be shared hosts in the Ukraine. Going into the DNS settings (system preferences > networking > advanced > dns) and changing these to the desired dns servers did not “stick”, that is they would change back to the wrong ones by the trojan process. When web surfing, sometimes the Mac behaved normally and sometime it would go to seemingly random web sites.

A bit of google research turned up references to a trojan horse called OSX.RSPlug.A This cannot replicate itself, it was installed in error by the user who thought he was installing an updated codec. He was on a “questionable” site … ok he was trying to see a pornographic video and the site said he needed to install a codec update to see it. So here we have the crux of the matter, it was a user error that got this trojan on his mac. Self inflicted.

I found the removal solution at Macworld.com  here:  http://www.macworld.com/article/60823/2007/10/trojanhorse.html To prove the system has this trojan, use the terminal app and enter

sudo crontab -l

the last character is a lower case letter l, not the digit 1. cron is the unix/linux program that runs tasks or jobs at a specific time or interval. crontab is the program which lets you create, view, change, delete these scheduled tasks. If you see something like

* * * * * "/Library/Internet Plug-Ins/plugins.settings">/dev/null 2>&1

you have this malware. This says cron will run the script named plugins.settings on a regular basis. To cancel this,  in terminal enter

sudo crontab -r

then delete the plugins.settings file.  I found it in ~/Library/Internet Plug-Ins directory, not in /Library/Internet Plug-Ins. Do a search to see where it is and delete them all.

This worked, the infected Mac was cured.

Major Spam Sender Shut Down

Tags

malware, spam

Hosting firm shutdown forces botnets to relocate via kwout

A significant source of malware was shut down. It is said to have sent out up to 75% of all the spam emails in addition to controlling several botnets.

Unfortunately, the criminals responsible for this server will likely set up shop again elsewhere.

Some Toxic Windows Malware

Tags

computer virus, malware, rootkit, windows

A friend of my step son came out of the Phoenix heat to vist. He brought with him an older windows pc that has been transformed into a door stop by malware. Guess who was expected resurrect the thing? Yes, me. I do earn my daily bread working with computers, software, etc. But I really don’t care for the desktop stuff. Oh well. All of us in this field get to be the uncompensated support staff for relatives, friends, friends of relatives, etc.

I expected the usual viruses, adware, and spyware that plagues windows pc’s which are not armored with firewalls, virus scanners, constant os updaters, etc. This one had a few viruses and spybots, but it also had a rootkit. I have never encountered one of these, though I have read about them. I had to peel back layers of malware just to be able to boot into safe mode command line. After a while I decided to just reinstall windows, replacing everything.

Makes me appreciate our Apple MacBookPro and iMac even more!