Viruses, bugs, and other crap

User avatar
optimusprime
Posts: 535
Joined: Mon Mar 23, 2009 6:06 pm
Location: North Cakalaki
Contact:

Viruses, bugs, and other crap

#26

Post by optimusprime »

All good suggestions. The government gives us access to Symantec and McAfee that keep my machines bug free. I run Malware bytes, Microsoft products for my son's computer.

User avatar
SueDB
Posts: 27756
Joined: Thu Sep 30, 2010 2:02 pm
Location: RIP, my friend. - Foggy

Viruses, bugs, and other crap

#27

Post by SueDB »

Malwarebytes, Spybot S&D, Spyware Blaster, and the MS Defender. I figure between the 4 of them, I should be OK...and have been.
“If You're Not In The Obit, Eat Breakfast”

Remember, Orly NEVAH disappoints!

User avatar
esseff44
Posts: 12507
Joined: Sat Apr 16, 2011 12:40 am

Viruses, bugs, and other crap

#28

Post by esseff44 »

I just heard about the latest cyberscare on BBC. This one is called "Shellshock" and is a vulnerability that could leave millions of computers open to being taken over. http://www.bbc.com/news/technology-29361794 Patch immediatelyBash - which stands for Bourne-Again SHell - is a command prompt on many Unix computers. Unix is an operating system on which many others are built, such as Linux and Mac OS.The US Computer Emergency Readiness Team (US-Cert) issued a warning about the bug, urging system administrators to apply patches.However, other security researchers warned that the patches were "incomplete" and would not fully secure systems.Of particular concern to security experts is the simplicity of carrying out attacks that make use of the bug.

User avatar
Flatpointhigh
Posts: 8025
Joined: Fri Dec 09, 2011 1:05 pm
Location: Hotel California, PH23
Occupation: Voice Actor, Podcaster, I hold a Ph.D in Procrastination.
Contact:

Viruses, bugs, and other crap

#29

Post by Flatpointhigh »

Clamwin is freeware and quite good. does regular updates. I used ClamX on my mac, and I use ClamAV on my Ubuntu machine.

My Name is...
Daffy Duck.. woo hoo!
Cancer broke me

User avatar
Addie
Posts: 40391
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Viruses, bugs, and other crap

#30

Post by Addie »

I don't know what Apple is doing about it, but the major Linux distributions have been prompt in issuing patches for Shellshock. When I first read about the discovery, I tested my system and it came back "vulnerable." I applied the updates from Ubuntu, retested and it was clear. As I understand it, there will be further updating to come as they work through it, but the most difficult issues are for servers, and less so for desktops. Also, this is not the common kind of virus that spreads around from computer to computer, so consumer anti-virus applications don't have effect, as far as I've read.
"The very least you can do in your life is to figure out what you hope for." - Barbara Kingsolver

User avatar
Addie
Posts: 40391
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Viruses, bugs, and other crap

#31

Post by Addie »

PC Magazine has a pretty good explanation of this thing. Also Mashable: What Is Shellshock, How Does It Work and Why Does It Matter?
"The very least you can do in your life is to figure out what you hope for." - Barbara Kingsolver

User avatar
gupwalla
Posts: 2779
Joined: Sun Jul 07, 2013 12:57 pm
Location: The mind of Cassandra

Viruses, bugs, and other crap

#32

Post by gupwalla »

Shellshock isn't a virus so much as a vulnerability that can be exploited by a virus, Trojan, worm, or even certain web pages. It's like having a door lock that is weak against a clever if simple design of hairpin.The only solution is to update your bash shell to a version that is designed to block this particular exploit.Tom Scott does a nice quick explanation on YouTube, cf.
In a wilderness of mirrors, what will the spider do beyond the circuit of the shuddering Bear in fractured atoms? -TS Eliot (somewhat modified)

All warfare is based on deception. - Sun Tzu

User avatar
Addie
Posts: 40391
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Viruses, bugs, and other crap

#33

Post by Addie »

New York Times











How My Mom Got Hacked ...



CryptoWall 2.0 is the latest immunoresistant strain of a larger body of viruses known as ransomware. The virus is thought to infiltrate your computer when you click on a legitimate-looking attachment or through existing malware lurking on your hard drive, and once unleashed it instantly encrypts all your files, barring access to a single photo or tax receipt.



Everyone has the same questions when they first hear about CryptoWall:



Is there any other way to get rid of it besides paying the ransom? No — it appears to be technologically impossible for anyone to decrypt your files once CryptoWall 2.0 has locked them. (My mother had several I.T. professionals try.)



But should you really be handing money over to a bunch of criminals? According to the Internet Crime Complaint Center, a partnership between the F.B.I. and the National White Collar Crime Center, this answer is also no. “Ransomware messages are an attempt to extort money,” one public service announcement helpfully explains. “If you have received a ransomware message do not follow payment instructions and file a complaint.” Right. But that won’t get you your files back. Which is why the Sheriff’s Office of Dickson County, Tenn., recently paid a CryptoWall ransom to unlock 72,000 autopsy reports, witness statements, crime scene photographs and other documents.



Finally, can law enforcement at least do something to stop these attacks in the future? Probably not. Many ransomware viruses originate in Russia and other former Soviet bloc countries. The main difficulty in stopping cybercriminals isn’t finding them, but getting foreign governments to cooperate and extradite them.



"The very least you can do in your life is to figure out what you hope for." - Barbara Kingsolver

User avatar
Foggy
Posts: 30400
Joined: Tue Jan 20, 2009 12:00 pm
Location: District Court of Bun-Dogs
Occupation: Ugly bag of mostly water

Viruses, bugs, and other crap

#34

Post by Foggy »

This is why it's a good idea to buy a portable hard drive - mine holds 1 TB of data, and was really not that terribly expensive -- and back up all your computers weekly. If all my files become encrypted by criminals, they've encrypted only the work I've done this week. Then I take that portable hard drive and put in a safe location outside my home. If my house burns down, I'll still have a backup of everything up until yesterday.
For more information, read it again.

(Fogbow on PayPal)

Roboe
Posts: 1224
Joined: Fri Jun 10, 2011 8:59 am

Viruses, bugs, and other crap

#35

Post by Roboe »

Personally, I've got one USB thumb drive with all my important documents on it, and another (larger one) with random stuff (photos etc) on, that I can afford to lose, but would rather not. Whatever else I've got on my PC, I'll just count as a loss if I'm ever hit with Ransomware or the like.

User avatar
Whatever4
Posts: 12811
Joined: Tue Sep 08, 2009 6:36 am
Location: Mainely in the plain
Occupation: Visiting doctors.

Viruses, bugs, and other crap

#36

Post by Whatever4 »

Think of it as drastic Spring Cleaning.
"[Moderate] doesn't mean you don't have views. It just means your views aren't predictable ideologically one way or the other, and you're trying to follow the facts where they lead and reach your own conclusions."
-- Sen. King (I-ME)

Roboe
Posts: 1224
Joined: Fri Jun 10, 2011 8:59 am

Viruses, bugs, and other crap

#37

Post by Roboe »





Think of it as drastic Spring Cleaning.







I do one of those each year anyway. Mainly to root out any potential annoying software I might have picked up, and to ensure I get a fresh starts with regards to updated software. At the moment I'm considering doing in the coming weekend, since I picked up a badly broken update from Windows Update, which means every time I download a file (which I do a lot), I have to go into properties and unblock it, or else Windows will complain about it coming from another compure and mess with the files within.



Apparently it's part of the UAC (User Account Control) security function, which, given that I'm the only one who ever uses my desktop, I've always turned off, and it got snuck in by way of said broken update. And despite reverting and removing said update, the bug persists on my system - and it's annoying me quite a bit.

User avatar
SueDB
Posts: 27756
Joined: Thu Sep 30, 2010 2:02 pm
Location: RIP, my friend. - Foggy

Viruses, bugs, and other crap

#38

Post by SueDB »

The Windows update for 1 Jan totally hosed my daughter's machine. It really pisses me off when the software to keep the thing running cuts its own throat.

Reset and service time.
“If You're Not In The Obit, Eat Breakfast”

Remember, Orly NEVAH disappoints!

User avatar
Addie
Posts: 40391
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Viruses, bugs, and other crap

#39

Post by Addie »

I'm reading that Ubuntu 14.04 is not affected and since the systems on my machine are all based on 14.04, I'm not going to worry unless I have to. But this looks bad.





Ars Technica



Highly critical “Ghost” allowing code execution affects most Linux systems



An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions.

The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed "Ghost" by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What's more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come.



The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that's invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. In a blog post published Tuesday, researchers from security firm Qualys said they were able to write proof-of-concept exploit code that carried out a full-fledged remote code execution attack against the Exim mail server. The exploit bypassed all existing exploit protections available on both 32-bit and 64-bit systems, including address space layout randomization, position independent executions, and no execute protections. Qualys has not yet published the exploit code but eventually plans to make it available as a Metasploit module.





“A lot of collateral damage on the Internet”

The glibc is the most common code library used by Linux. It contains standard functions that programs written in the C and C++ languages use to carry out common tasks. The vulnerability also affects Linux programs written in Python, Ruby, and most other languages because they also rely on glibc. As a result, most Linux systems should be presumed vulnerable unless they run an alternative to glibc or use a glibc version that contains the update from two years ago. The specter of so many systems being susceptible to an exploit with such severe consequences is prompting concern among many security professionals. Besides Exim, other Linux components or apps that are potentially vulnerable to Ghost include MySQL servers, Secure Shell servers, form submission apps, and other types of mail servers.

"The very least you can do in your life is to figure out what you hope for." - Barbara Kingsolver

Roboe
Posts: 1224
Joined: Fri Jun 10, 2011 8:59 am

Viruses, bugs, and other crap

#40

Post by Roboe »

In the 'it had to happen one day'-category, two local municipalities managed to get most of their system infected by ransom-ware. It was such a new code it managed to sneak by the heavy duty spam filters most of the municipalities have in place. Since november last year, all contact with the municipality has to be via emails (unless you get a waiver, which has been a mess to implement), so the social workers pretty much have to open all the emails they get, thus greatly increasing the chance of exposure to trojans etc.

User avatar
SueDB
Posts: 27756
Joined: Thu Sep 30, 2010 2:02 pm
Location: RIP, my friend. - Foggy

Viruses, bugs, and other crap

#41

Post by SueDB »

Zero day is always a problem. That's the day that the virus comes out - before anyone has had a chance to write and anti-virus snippet to detect/clean it up.

We (system engineers/administrators) are always a day late, a dollar short, and a step behind ... occupational hazard.
“If You're Not In The Obit, Eat Breakfast”

Remember, Orly NEVAH disappoints!

User avatar
Addie
Posts: 40391
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Viruses, bugs, and other crap

#42

Post by Addie »

Reuters













Lenovo installed software making laptops vulnerable to hacking: experts



(Reuters) - China's Lenovo Group Ltd, the world's largest PC maker, had pre-installed a virus-like software on laptops that makes the devices more vulnerable to hacking, cybersecurity experts said on Thursday.



Users reported as early as last June that a program called Superfish pre-installed by Lenovo on consumer laptops was 'adware', or software that automatically displays adverts.



Robert Graham, CEO of U.S.-based security research firm Errata Security, said Superfish was malicious software that hijacks and throws open encrypted connections, paving the way for hackers to also commandeer these connections and eavesdrop, in what is known as a man-in-the-middle attack.



Lenovo had installed Superfish on consumer computers running Microsoft Corp's Windows, he added. "This hurts (Lenovo's) reputation," Graham told Reuters. "It demonstrates the deep flaw that the company neither knows nor cares what it bundles on their laptops."



An administrator on Lenovo's official web forum said on Jan. 23 that Superfish has been temporarily removed from consumer computers. Lenovo executives were not immediately available for comment during the Lunar New Year holiday in China.






"The very least you can do in your life is to figure out what you hope for." - Barbara Kingsolver

User avatar
TollandRCR
Posts: 20731
Joined: Sun Mar 22, 2009 11:17 pm
Location: RIP, my friend. - Foggy

Viruses, bugs, and other crap

#43

Post by TollandRCR »

This might have been done without the knowledge of anyone employed by Lenovo. It would have been very attractive to a government agency involved in corporate espionage. I've never bought a Lenovo product for that reason.
“The truth is, we know so little about life, we don’t really know what the good news is and what the bad news is.” Kurt Vonnegut

ducktape
Posts: 5334
Joined: Tue Jan 12, 2010 5:09 pm
Location: RIP, my friend. - Foggy

Viruses, bugs, and other crap

#44

Post by ducktape »





This might have been done without the knowledge of anyone employed by Lenovo. It would have been very attractive to a government agency involved in corporate espionage. I've never bought a Lenovo product for that reason.







Apparently, it was done with the FULL knowledge of Lenovo. Today, they issued a statement stating that the Superfish software was only installed on consumer-grade laptops between September and December 2014, and was removed from the builds in January 2015.



However, as Ars Technica notes in the update to their coverage, this statement is at odds with the Lenovo forum posts back to June 2014 complaining about the Superfish popups.



The "official" purpose of this was so that Lenovo could insert its own advertising based on the content of the page you were viewing. That's bad enough -- Lenovo said that the agreement and privacy policy for Superfish is presented to the user the first time the computer runs and, if they don't agree, Superfish is disabled.



But when you're signing on a new computer you're presented with several EULAs where, if you don't agree, you can just turn around and send your new machine back because the software won't work without your "I agree" check. Lenovo was counting on people not knowing what that is, not realizing that it is something that's not required, and anyway, you only have their word that it's disabled. Since they stupidly lied in their statement to Ars Technica, they've already revealed that you can't trust their word.



Superfish has apparently been a "rising company" darling, but now it turns out that their system inserts a self-signed certificate that sits between the browser and the website in an https connection, which is a very bad thing in security. It gives them (Lenovo or Superfish or anyone else with the Superfish private key) the ability to read everything you enter on any secure site and to transmit it later wherever they want. Forbes did an article about it, but adds "but it's not something that they would ever do." Holy apologetics, Batman! Who is "they" that would never do it. Superfish? Lenovo? Somebody who works for or contracts to either of those companies? Or someone with the Superfish private key?



That last one also is the problem, because the certificate and private key is apparently the same on EVERY Superfish installation (at least on every one from Lenovo) and Superfish already functions as a "man-in-the-middle" on all secure transactions.



Normally, when you connect with your Bank of America account, for example, your browser contacts BofA which sends its public key to your browser, and your browser sends its public key to BofA. Then, whatever you transmit through that connection (such as your login credentials and private data) is encrypted with the BofA public key before it is transmitted, and BofA decrypts it with their matching private key to read it. Then they send the web page information back to you, encrypted with your public key, and your browser decrypts it with your private key before displaying it. Without the encryption, information would be transmitted in plain text over the Internet and could be read by anyone sniffing your transmission (like the person at the next table in the coffee shop).



With Superfish's man-in-the-middle function, when you contact BofA, Superfish gives you ITS self-signed public key, which your browser thinks is OK because the system has already been set up to accept it. Your browser encodes using the Superfish public key, and the Superfish system uses its private key to decrypt what you sent, read it for its own purposes (supposedly advertising), and then re-encrypts it with the Superfish public key and sends it to BofA. The return path works the same way: BofA encrypts your info with the Superfish public key, sends it to you where it is received and decrypted by the Superfish private key. Again, they read the content for their own purposes, and then re-encrypt it with your browser's public key and pass it to the browser for decryption and display.



("Self-signed" means that it wasn't issued by a certificate authority, but by the company that puts it in. Your browser will issue all kinds of warnings if you try to connect with an https site which has a self-signed certificate, and some browsers won't connect at all unless you explicitly install the certificate in your operating system. Self-signed certificates are not used on reputable public sites -- they are used by companies who want to have a secure connection only for their own use. It's a bit of a PITA to set up your system to recognize one -- I know, because we use self-signed certificates on some old servers that we are slowly decommissioning and that external people no longer connect to. But Lenovo has theirs preinstalled.)



ANYone with Superfish's private key that can sniff your transmission can grab the information, or re-route or spoof any https server. Whether or not Superfish HAS more than one self-signed certificate isn't known, but all of the Lenovo installations apparently use the same one. By contrast, we use numerous different self-signed certificates for security on our internal servers, and we're a tiny company with just a few servers.



Superfish publicly says that their products are image recognition, to let you snap a picture of a couch in a showroom, for example, and it would analyze the image and search for that couch at shopping sits, and that's what their apps and PR is all about. But apparently, that's not the only business that they're in, and this revelation does not bode well for Lenovo nor for Superfish.



If you have an affected Lenovo PC, you can find out by looking in your certificates (control panel, security) and seeing if there's one for Superfish. At the very least, remove it. Better yet, reinstall Windows 8.1. Here is a walkthough of how to do that:

https://www.thurrott.com/uncategorized/ ... trabook2-1

User avatar
esseff44
Posts: 12507
Joined: Sat Apr 16, 2011 12:40 am

Viruses, bugs, and other crap

#45

Post by esseff44 »

Is anyone else having problems with the internet today? My computer and modem check out okay, and I can connect to some sitse but others time out. It just seems molasses slow. It started late last night and has been intermittent. I did a speed test and there was nothing unusual there.



Is this a response to losing the net neutrality battle?

User avatar
Addie
Posts: 40391
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Viruses, bugs, and other crap

#46

Post by Addie »

Not today, Esseff.
"The very least you can do in your life is to figure out what you hope for." - Barbara Kingsolver

User avatar
vic
Posts: 3829
Joined: Thu Jan 12, 2012 1:36 am
Location: The great San Fernando Valley
Occupation: Web developer

Viruses, bugs, and other crap

#47

Post by vic »



User avatar
RTH10260
Posts: 25801
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Viruses, bugs, and other crap

#48

Post by RTH10260 »



American Airlines planes grounded by iPad app error

A faulty app caused American Airlines to ground dozens of its jets.



The glitch caused iPad software - used by the planes' pilots and co-pilots for viewing flight plans - to stop working.



The firm's cockpits went "paperless" in 2013 to save its staff having to lug heavy paperwork on board. AA estimated the move would save it more than $1.2m (£793,600) in fuel every year.



The company said that it had now found a fix for the problem. "We experienced technical issues with an application installed on some pilot iPads," said a spokesman. "This issue was with the third-party application, not the iPad, and caused some departure delays last night and this morning. "Our pilots have been able to address the issue by downloading the application again at the gate prior to take-off and, as a back-up, are able to rely on paper charts they can obtain at the airport.



http://www.bbc.com/news/technology-32513066

User avatar
Jim
Posts: 3426
Joined: Fri May 04, 2012 4:05 pm

Viruses, bugs, and other crap

#49

Post by Jim »

I got the scam call from Microsoft Customer Service last night claiming my computer had a virus...so I played the shell game with him. I told him I had 3 computers and which one did they identify. Kept him on the phone for 4:15, could have been longer but I was laughing so hard at the end he finally figured it out and hung up.

User avatar
Fortinbras
Posts: 2945
Joined: Sun Jan 18, 2015 10:08 am

Viruses, bugs, and other crap

#50

Post by Fortinbras »

I had a similar phone call about 2 months ago. Claimed to be in NYC, had an Indian accent thick as a brick, and when I asked him what time it was he gave me an answer more than 7 hours off.

Post Reply

Return to “Computers & Internet”