"Get some internet security computer protections NOW!!!!!!" Mon May-15-17 06:18 PM by c71
A computer I use has Norton Internet security on it. A recent pop-up from Norton on that computer said the things that Norton is doing to protect the computers that have the Norton security installed from this recent "ransomware" attack you might have heard about.
I don't know exactly where Norton rates as far as being the best internet/computer security technology is concerned (another internet security company called "PC Matic" has lot's of commercials claiming to be "better" than Norton and McAffee and the rest, but I just read an internet evaluation of PC Matic that said it's claims were mostly "exaggerations).
So, I'm glad Norton is claiming to do "something" about this ransomware thing that is going around. It would be wise to take heed about the warning that this ransomware crisis is not over and to get something, Norton or McAffee or whatever, pretty immediately.
'Accidental hero' halts ransomware attack and warns: this is not over Expert who stopped spread of attack by activating software’s ‘kill switch’ says criminals will ‘change the code and start again’
Nadia Khomami in London and Olivia Solon in San Francisco
Saturday 13 May 2017 10.49 EDT First published on Friday 12 May 2017 21.41 EDT
The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.
The ransomware used in Friday’s attack wreaked havoc on organisations including FedEx and Telefónica, as well as the UK’s National Health Service (NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.
But the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.
The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who works for Kryptos logic, an LA-based threat intelligence company.
“I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organisations being hit,” he told the Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.
The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.
MalwareTech explained that he bought the domain because his company tracks botnets, and by registering these domains they can get an insight into how the botnet is spreading. “The intent was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain,” he said. But the following hours were an “emotional rollercoaster”.
“Initially someone had reported the wrong way round that we had caused the infection by registering the domain, so I had a mini freakout until I realised it was actually the other way around and we had stopped it,” he said.
MalwareTech said he preferred to stay anonymous “because it just doesn’t make sense to give out my personal information, obviously we’re working against bad guys and they’re not going to be happy about this.”
He also said he planned to hold onto the URL, and he and colleagues were collecting the IPs and sending them off to law enforcement agencies so they can notify the infected victims, not all of whom are aware that they have been affected.
He warned people to patch their systems, adding: “This is not over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”
He said he got his first job out of school without any real qualifications, having skipped university to start up a tech blog and write software.
“It’s always been a hobby to me, I’m self-taught. I ended up getting a job out of my first botnet tracker, which the company I now work for saw and contacted me about, asking if I wanted a job. I’ve been working there a year and two months now.”
But the dark knight of the dark web still lives at home with his parents, which he joked was “so stereotypical”. His mum, he said, was aware of what had happened and was excited, but his dad hadn’t been home yet. “I’m sure my mother will inform him,” he said.
“It’s not going to be a lifestyle change, it’s just a five-minutes of fame sort of thing. It is quite crazy, I’ve not been able to check into my Twitter feed all day because it’s just been going too fast to read. Every time I refresh it it’s another 99 notifications.”
Proofpoint’s Ryan Kalember said the British researcher gets “the accidental hero award of the day”. “They didn’t realise how much it probably slowed down the spread of this ransomware”.
The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organisations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember.
The kill switch won’t help anyone whose computer is already infected with the ransomware, and it’s possible that there are other variants of the malware with different kill switches that will continue to spread.
The malware was made available online on 14 April through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency (NSA).
Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack used a piece of malicious software called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
The ransomware demands users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.
“This was eminently predictable in lots of ways,” said Kalember. “As soon as the Shadow Brokers dump came out everyone realised that a lot of people wouldn’t be able to install a patch, especially if they used an operating system like Windows XP , for which there is no patch.”
Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 74 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefónica were infected.
By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected.
Mac malware caught silently spying on computer users
by Selena Larson @selenalarson
July 24, 2017: 5:05 PM ET
Mac users typically think they're immune to malware. But a new strain used for spying reminds us even Macs can be compromised.
Researchers have found an unusual piece of malware, called FruitFly, that's been infecting some Mac computers for years.
FruitFly operates quietly in the background, spies on users through the computer's camera, captures images of what's displayed on the screen and logs key strokes.
Security firm Malwarebytes discovered the first strain earlier this year, but a second version called FruitFly 2 subsequently appeared. Patrick Wardle, chief security researcher at security firm Synack, found 400 computers infected with the newer strain and believes there's likely many more cases out there.
It's unclear how long FruitFly has been infecting computers, but researchers found the code was modified to work on the Mac Yosemite operating system, which was released in October 2014. This suggests the malware existed before that time.
It's unknown who is behind it or how it got on computers.
Thomas Reed of Malwarebytes called the first version "unlike anything I've seen before."
Wardle says there are multiple strains of FruitFly. The malware has the same spying techniques, but the code is different on each strain. After months of analyzing the new strain, Wardle decrypted parts of the code and set up a server to intercept traffic from infected computers.
"Immediately, tons of victims that had been infected with this malware started connecting to me," said Wardle, adding he could see about 400 infected computer names and IP addresses.
He believes this reflects only a small subset of infected users. The discovery of FruitFly reminds users that although Mac malware is considerably less widespread than Windows, it still exists.
"Mac users are over-confident," Wardle said. "We might not be as careful as we should be on the internet or opening up email attachments."
Apple (AAPL, Tech30) did not respond to a request for comment. Related: Cybercriminals can take a class on stealing credit cards Mac malware has increased in recent years. According to a report from McAfee, Mac malware skyrocketed in 2016, but most of it was adware -- or malicious advertising -- as opposed to targeted spy campaigns. Wardle said FruitFly is completely new for Macs. He alerted national law enforcement to the malware. The FBI said it does not confirm or deny the existence of investigations.
It's unclear how it got on machines and if it targeted individuals randomly or directly.
Wardle, a former NSA analyst, ruled out the possibility of a nationstate hacker who targets users to intercept data for cyberespionage. He also doesn't believe it's a criminal using people's data to make money.
"I believe its goals were a lot more insidious and sick: spying on people," Wardle said.
5. "RE: Get some internet security computer protections NOW!!!!!!" In response to Reply # 0
my job recently contracted a tech security company...not sure the full contract scope but essentially they were brought on to bring our org up to speed making sure we're at a baseline of protection & addressing any work specific issues we may face.
Our org is 12 people, based all around the world, & we deal with some fairly tenuous political issues (think, team members have had their houses raided, we're pissing off some folks with lots of $, etc.).
Anyway, we have an introduction meeting where they assess our need, so really just listening. I bring up a lot of things: how do we make sure our data is as secure as possible online how do we make sure we're not endangering our constituents handling their data what's the balance between ease of use (Google suites) with potential government interference, spotting fake profiles infiltrating online spaces, etc.
they come back & literally their whole presentation is: get a VPN install antivirus set up 2 step verification
I damn near laughed out loud in the meeting. And folks were eating this shit up! It felt like they googled "top 3 tech security tips" & just sent a printout.
Now, this is obviously an instance of a company just not being very good & us not doing a good job finding a vendor, but I have connects with activists in Mexico that have so much more experience with tech security threats that could easily do this type of contract work much better.
anyway, at the end of the day these folks put themselves in the game to get this $ but damn.
___________________________ He has the confidence of Vernon Maxwell on a yayo binge.