New Malware Warning

Discussion in 'Computer Corner' started by Dave W, Dec 24, 2013.

  1. Dave W

    Dave W Total Gardener

    Joined:
    Feb 6, 2006
    Messages:
    6,143
    Gender:
    Male
    Occupation:
    Anything I fancy and can afford!
    Location:
    Tay Valley
    Ratings:
    +3,035
    • Informative Informative x 3
    • Useful Useful x 1
    • ARMANDII

      ARMANDII Low Flying Administrator Staff Member

      Joined:
      Jan 12, 2019
      Messages:
      48,096
      Gender:
      Male
      Ratings:
      +100,834
      Hi Dave, I thought it only applied to XP???
       
    • wiseowl

      wiseowl FRIENDLY ADMIN Staff Member

      Joined:
      Oct 29, 2006
      Messages:
      44,113
      Gender:
      Male
      Occupation:
      Philosophy of people
      Location:
      In a barn somewhere in North Kent
      Ratings:
      +89,286
      The principle of Ransomware is simple. Usually it sneaks into a system disguised as an email attachment and, if opened, then proceeds to encrypt the files on your machine. When this has completed the virus deletes itself and tells the user that their data has been taken hostage and will only be released if they pay the demanded ransom for a key. These style of attacks were first reported in Russia back in 2004, with the Gpcode trojan horse. Security analysts at Kapersky labs were able to crack the hold Gpcode had over data by exploiting mistakes the author had made in the code.
      -------------------------------------------------------------------------------------------------------------------
      The most important though is to never, ever open a file or link in an email or on a social website unless you’re sure it was deliberately sent by the person themselves. It may seem interesting at the time, but the results could be utterly catastrop.;)
       
      • Like Like x 1
      • Jenny namaste

        Jenny namaste Total Gardener

        Joined:
        Mar 11, 2012
        Messages:
        18,325
        Gender:
        Female
        Occupation:
        retired- blissfully retired......
        Location:
        Battle, East Sussex
        Ratings:
        +31,029
        :spam: :eeew: :help: :help: :help: :sofa:
         
        • Like Like x 2
        • clueless1

          clueless1 member... yep, that's what I am:)

          Joined:
          Jan 8, 2008
          Messages:
          17,778
          Gender:
          Male
          Location:
          Here
          Ratings:
          +19,594
          There are two morales to this story.

          1. Make sure you keep your machine fully protected with a good antivirus/anti-malware suite kept fully up to date with the latest updates and
          2. Make sure your machine is not the only place where any really important data lives, ie keep backups of anything you can't afford/bear to lose.
           
          • Agree Agree x 2
          • Fern4

            Fern4 Total Gardener

            Joined:
            Jan 30, 2013
            Messages:
            16,335
            Gender:
            Female
            Occupation:
            The gardener of the house!
            Location:
            Liverpool
            Ratings:
            +7,491
            I've just read about it from Daves link but when it gives information about how to stay safe, why oh why don't they make it easy for computer dimwits like me to understand. For instance what's an "executable field" and how am I supposed to know what a "critical directory" is and don't get me started on setting the computers group policy objects etc etc. I've got Norton installed so I shall hope for the best! :dunno: :snork:
             
            • Agree Agree x 3
            • Like Like x 1
            • ARMANDII

              ARMANDII Low Flying Administrator Staff Member

              Joined:
              Jan 12, 2019
              Messages:
              48,096
              Gender:
              Male
              Ratings:
              +100,834
              Ahh, I've just checked about the Virus that is affecting user of Windows XP and here's an extract from a computer magazine.
               
              • Informative Informative x 1
              • clueless1

                clueless1 member... yep, that's what I am:)

                Joined:
                Jan 8, 2008
                Messages:
                17,778
                Gender:
                Male
                Location:
                Here
                Ratings:
                +19,594
                I've been a programmer professionally for nearly 20 years, and for a hobby for 30 years, and I've never heard the term 'executable field' before. I can only assume they are referring to the 'Executable' flag on the file, when you right click and then choose properties, then Security, its in the permissions flags, but the average non-techy user shouldn't have to bother with that.

                Group policies are something you only need to care about if you're on a network, usually a corporate network, managed by what's called Active Directories. The average home user need not care, but kind of related is that ideally you should not log in under an administrator account except when you specifically want to change anything major, but Microsoft themselves acknowledge that most home users don't think about that, which is why, with Windows Vista and later editions, they introduced User Access Control, which is the thing that brings up the message box warning you if you run something that wants to make changes to your machine.

                A 'critical directory' again is just a term invented in the article because I've never heard anyone refer to one before, but I'm guessing it means the various folders that belong to Windows itself, such as C:\Windows\System32 etc.

                Norton used to be the best suite of protective apps you could get, but they fell victim to their own success, in that every malware author on the planet made it their goal to break through Norton's defences. I think MacAffee are going the same way. Personally I wouldn't trust either. I use Microsoft Security Essentials, and have done for years now, without issue. Its free and it integrates very snuggly with Windows. I think its been superseded with something else in Windows 8, but I suspect its the same app, but just built into Windows rather than being an add-on.
                 
                • Informative Informative x 2
                • ARMANDII

                  ARMANDII Low Flying Administrator Staff Member

                  Joined:
                  Jan 12, 2019
                  Messages:
                  48,096
                  Gender:
                  Male
                  Ratings:
                  +100,834
                  Such "manufactured" terms, Clueless, as "executable fields" and "critical directory" don't exactly give you faith in the veracity of the advice though does it???:dunno: It sound like a lot of embellishment to make it more authoritive which makes me wonder about the authors.:scratch::doh::snork:
                   
                  • Agree Agree x 3
                  • DIY-Dave

                    DIY-Dave Gardener

                    Joined:
                    Jan 9, 2014
                    Messages:
                    733
                    Gender:
                    Male
                    Location:
                    Johannesburg, South Africa
                    Ratings:
                    +772
                    Found their AV products to be pretty bad giving lots of false positives if it finds a small executable (traditional of a virus) especially if it's something like an auto updater for an app.
                    AVG does the same thing.
                    Their heuristics automatically assume it's a trojan or some other form of malware.
                    One dim witted thing about Norton and MacAffee is that if one codes an app and uses the LoadLibrary and FreeLibrary API calls, then it completely ignores them and assumes all is safe when in fact these functions could call other DLL functions by ordinal and one could do some really nasty things to computers.

                    Have to agree that for Windows, Microsoft Security Essentials is the best.
                    As far as Windows 8 goes, will definitely be giving that a miss.
                    Luckily most of my work these days involves Linux (C and ASM) so no real worries about "nasties" creeping in.
                     
                    • Like Like x 1
                    • shiney

                      shiney President, Grumpy Old Men's Club Staff Member

                      Joined:
                      Jul 3, 2006
                      Messages:
                      61,004
                      Gender:
                      Male
                      Occupation:
                      Retired - Last Century!!!
                      Location:
                      Herts/Essex border. Zone 8b
                      Ratings:
                      +117,318
                      Sorry, Dave, but I didn't understand almost all of what you said! :scratch: :love30: :)
                       
                      • Agree Agree x 2
                      • DIY-Dave

                        DIY-Dave Gardener

                        Joined:
                        Jan 9, 2014
                        Messages:
                        733
                        Gender:
                        Male
                        Location:
                        Johannesburg, South Africa
                        Ratings:
                        +772
                        Hi shiney

                        Sorry about that, I was very surprised to find a computer section on a gardening forum so jumped at the opportunity to talk some shop.

                        Below follows the English translation :)

                        Although Norton, Macaffee and AVG are the most popular anti-virus products, I suspect that it's mainly due to the fact that they are free or very well priced, however it does not make them fantastic and many people are surprised when they still get a "nasty" on their computer.
                        Although having said that, there are times when the user is actually at fault for bypassing the protection.
                        Let me explain why.
                        A large percentage of users (referring to Windows here) never set their computers to show "known and system file" extensions (I will post a simple "how to" guide at the end of this post).
                        By default, Windows hides important/essential system files from the user so that they don't move or delete them by accident.
                        However this has a negative side-effect that hackers can use to fool people into thinking that the virus file is actually something else like a picture and hence safe to open.


                        In any computer system, there are three main kinds of files:

                        1) The executable (.exe) files which are the actual programs like Word, Paint and so on.

                        2) The support files (.dll, .ocx, .drv, .sys) these are used by program files for commonly used functions like saving, displaying, drawing and so forth.


                        3) The users files which include things like music, drawings, documents, photos etc etc.

                        Generally, the first two types of files are the ones that hackers use to embed a virus in and would have an extension of .exe so that the computer would know that it's a program to run instead of say a photo or some music which would have extensions of .mp3 or .jpg
                        Because most users don't enable the "view known and system files" option, an executables extension is not shown and the hackers exploit this by calling their virus something like Sunset_picture.jpg.exe
                        How this would be displayed on a the users computer as Sunset_picture.jpg so they think it's a jpeg picture and double click on it to open.
                        The anti-virus pops up a message saying something like "Are you sure you want to run this file?" and of course we say yes since it's a jpeg picture, right?
                        Wrong.
                        It's an executable file masked as a jpeg picture and the user could not tell because the .exe part was not being shown.
                        The end result is the user bypassed the protection by clicking on "yes run it" and the result is the computer is now at the mercy of the hacker.

                        Hope you haven't fallen off your chair by now with complete boredom.


                        Now for the second reason why I wrote what I did about those anti-virus products.
                        Virus writers are very knowledgeable about the computer system they are writing the virus for and exploit every possibility/weakness that they can so it's a continuous cat and mouse game between the virus writers and the anti-virus program writers.
                        As you can imagine, there are millions of files on any computer and for the anti-virus to properly scan each of them would take ages and slow the computer down to a complete crawl, so what the ant-virus programs do is use heuristics or look for patterns of computer code in files that resemble those of a virus.
                        Very often the heuristics gets it wrong and either a false positive is given (a harmless program is flagged as being a threat) or worse, the virus passes undetected.


                        I have had too many false alarms and once a real threat get pass undetected to ever trust those products again.
                        This is not to say that those products don't work, they do, it's just I find that Microsoft Security Essentials works even better.


                        Hope this lengthy (and hopefully not too boring) post will be of help.
                        I will post the guide on how to enable "known and system files" shortly.


                         
                        • Informative Informative x 2
                        • Useful Useful x 1
                        • Fern4

                          Fern4 Total Gardener

                          Joined:
                          Jan 30, 2013
                          Messages:
                          16,335
                          Gender:
                          Female
                          Occupation:
                          The gardener of the house!
                          Location:
                          Liverpool
                          Ratings:
                          +7,491
                          I've always wondered why "nasties" still get past Norton etc so thanks for explaining that. :)
                           
                        • Ian Taylor

                          Ian Taylor Total Gardener

                          Joined:
                          Nov 1, 2013
                          Messages:
                          2,228
                          Gender:
                          Male
                          Occupation:
                          Maintenance Manager, Oddfellows on the Park.
                          Location:
                          Cheadle Hulme
                          Ratings:
                          +2,751
                          Haven't got a clue what your all talking about, way over my head :dunno:
                           
                        • DIY-Dave

                          DIY-Dave Gardener

                          Joined:
                          Jan 9, 2014
                          Messages:
                          733
                          Gender:
                          Male
                          Location:
                          Johannesburg, South Africa
                          Ratings:
                          +772
                          Attached the guide on how to enable viewing/listing of "known and system" files.
                           

                          Attached Files:

                          • Informative Informative x 3
                          Loading...

                          Share This Page

                          1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
                            By continuing to use this site, you are consenting to our use of cookies.
                            Dismiss Notice