Poisoned Emails
-
Oh yes, I forgot about the fake invoices. I get those too.
Get me coffee and no one gets hurt!
-
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
I get a few dozen of these every day. "Past due bill" "Invoice Payment" "Fax sent" etc, etc...
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
Don't worry. Letting windows update own your computer and rule your life will solve all your problems. Oh, wait... No it won't. It'll just "fix" things that work. The best process security and peace of mind is, and has always been, "don't do anything stupid". If you use Outlook (the MS Office version), one trick is to drop suspect files into the "Junk E-mail" folder before opening them. That disables anything that could do a nasty. But I prefer the "If in doubt, delete" method. Failing to open a genuine e-mail will not add or remove a second to or from your lifespan.
I wanna be a eunuchs developer! Pass me a bread knife!
-
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
Well, gosh, don't you have a filter in your e-mail whatever that is at least flagging these toxic billet-doux, routing them into a special folder (as in Chrome's 'Spam folder) ? If I were ever crazy enough to open one of those '.doc files, or run some kind-a strange JavaScript, I suspect my Emsisoft software would catch them and warn me.
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
-
Don't worry. Letting windows update own your computer and rule your life will solve all your problems. Oh, wait... No it won't. It'll just "fix" things that work. The best process security and peace of mind is, and has always been, "don't do anything stupid". If you use Outlook (the MS Office version), one trick is to drop suspect files into the "Junk E-mail" folder before opening them. That disables anything that could do a nasty. But I prefer the "If in doubt, delete" method. Failing to open a genuine e-mail will not add or remove a second to or from your lifespan.
I wanna be a eunuchs developer! Pass me a bread knife!
Quote:
But I prefer the "If in doubt, delete" method.
Precisely! Same here. But maintaining good backups does not hurt. Ransom viruses are also spread by hacked "good" websites. There is always the risk of visiting a supposedly safe website that has been hacked.
Get me coffee and no one gets hurt!
-
Well, gosh, don't you have a filter in your e-mail whatever that is at least flagging these toxic billet-doux, routing them into a special folder (as in Chrome's 'Spam folder) ? If I were ever crazy enough to open one of those '.doc files, or run some kind-a strange JavaScript, I suspect my Emsisoft software would catch them and warn me.
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
-
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
Had the exact e-mail before. A good metric to see what scanners are good is to upload the attachment to http://www.virustotal.com and see which scanners detect it. Neither MalwareBytes nor Symantec picked it up when I checked awhile ago.
-
Had the exact e-mail before. A good metric to see what scanners are good is to upload the attachment to http://www.virustotal.com and see which scanners detect it. Neither MalwareBytes nor Symantec picked it up when I checked awhile ago.
-
Never posted a link here before. It did something like codeproject.com/virustotal.com :laugh: I changed the link to just be the full address that you can copy and paste.
-
Never posted a link here before. It did something like codeproject.com/virustotal.com :laugh: I changed the link to just be the full address that you can copy and paste.
OK, I reached the page by typing virustotal.com in the URL bar. Thanks for the reference! Your post deserves an upvote. :)
Get me coffee and no one gets hurt!
-
Quote:
But I prefer the "If in doubt, delete" method.
Precisely! Same here. But maintaining good backups does not hurt. Ransom viruses are also spread by hacked "good" websites. There is always the risk of visiting a supposedly safe website that has been hacked.
Get me coffee and no one gets hurt!
Cornelius Henning wrote:
Ransom viruses are also spread by hacked "good" websites.
This is the exact reason why I typically use Firefox with NoScript and AdBlockPlus (extended with my own personal filters). It has made the internet a pretty spartan place and there are some websites that don't even load anymore but I consider any website that will not fulfill its basic purpose without scripts or linking to 12 other sites as poor web design and not worth my time (and by basic purpose, I mean displaying information). If I need the full capabilities of a website, I turn on what is needed or switch over to Chrome. The end result is that I have ultimate control of what web content is allowed to run on my PC.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
-
Cornelius Henning wrote:
Ransom viruses are also spread by hacked "good" websites.
This is the exact reason why I typically use Firefox with NoScript and AdBlockPlus (extended with my own personal filters). It has made the internet a pretty spartan place and there are some websites that don't even load anymore but I consider any website that will not fulfill its basic purpose without scripts or linking to 12 other sites as poor web design and not worth my time (and by basic purpose, I mean displaying information). If I need the full capabilities of a website, I turn on what is needed or switch over to Chrome. The end result is that I have ultimate control of what web content is allowed to run on my PC.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Quote:
It has made the internet a pretty spartan place
This is so unnecessary! See this thread: The Lounge - CodeProject[^] Especially the item by John Simmons on HOSTS files. Shameless plug: Also see my article about surviving the Ransom Virus. If you are properly prepared, you can surf the Internet without fear. :)
Get me coffee and no one gets hurt!
-
Cornelius Henning wrote:
Ransom viruses are also spread by hacked "good" websites.
This is the exact reason why I typically use Firefox with NoScript and AdBlockPlus (extended with my own personal filters). It has made the internet a pretty spartan place and there are some websites that don't even load anymore but I consider any website that will not fulfill its basic purpose without scripts or linking to 12 other sites as poor web design and not worth my time (and by basic purpose, I mean displaying information). If I need the full capabilities of a website, I turn on what is needed or switch over to Chrome. The end result is that I have ultimate control of what web content is allowed to run on my PC.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
But why worry? If your own, personal files (which are a tiny proportion of the files on your PC) and your configuration details for various programs (which don't amount to five beans' worth of disc space) are saved to other locations, then all you lose is an OS -- and I'd be quite happy to lose any OS higher than Win 7. Just use another machine while the "attacked" one is getting everything reinstalled and copied over, and you haven't lost a peanut.
I wanna be a eunuchs developer! Pass me a bread knife!
-
Quote:
It has made the internet a pretty spartan place
This is so unnecessary! See this thread: The Lounge - CodeProject[^] Especially the item by John Simmons on HOSTS files. Shameless plug: Also see my article about surviving the Ransom Virus. If you are properly prepared, you can surf the Internet without fear. :)
Get me coffee and no one gets hurt!
I am in total agreement with that. All that unnecessary junk steals my bandwidth even if my browser settings block it from being rendered. If I may also play devils advocate, I also understand that many websites depend on advertisements to supply their operating capital BUT the broad spectrum tactics that most ad services utilize, showing you a million ads in hope that you click one, is reliant on quantity and not quality. In my opinion, one or two high-quality, content-targeted ads per page is more than enough. Three dozen ads trying to sell me the latest pharmaceutical product or another product that I have no need for is a waste of money on both ends and does the advertising industry a disservice.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
-
But why worry? If your own, personal files (which are a tiny proportion of the files on your PC) and your configuration details for various programs (which don't amount to five beans' worth of disc space) are saved to other locations, then all you lose is an OS -- and I'd be quite happy to lose any OS higher than Win 7. Just use another machine while the "attacked" one is getting everything reinstalled and copied over, and you haven't lost a peanut.
I wanna be a eunuchs developer! Pass me a bread knife!
Mark, When I am attacked by Ransomware, it takes me less than 10 minutes to totally recover and clear my computer of the virus. (It has happened 3 times.) If data files are corrupted by the virus, add the time to overwrite the corrupted files from a backup that was disconnected at the time of the attack. Can you beat that? If yes: I would love to hear how!
Get me coffee and no one gets hurt!
-
But why worry? If your own, personal files (which are a tiny proportion of the files on your PC) and your configuration details for various programs (which don't amount to five beans' worth of disc space) are saved to other locations, then all you lose is an OS -- and I'd be quite happy to lose any OS higher than Win 7. Just use another machine while the "attacked" one is getting everything reinstalled and copied over, and you haven't lost a peanut.
I wanna be a eunuchs developer! Pass me a bread knife!
Mark_Wallace wrote:
Just use another machine while the "attacked" one is getting everything reinstalled and copied over, and you haven't lost a peanut.
This is an option at work but I only have one computer at home (and I've hand built the thing into a real monster). Since I really don't like being without a computer at home or have to wait for my work PC to be re-imaged, I take a few extra steps to prevent my machines from being infected due to someone else's unwillingness to filter their advertising content before presenting it to me. I know that this approach only filters out all the 3rd party ads and any ads 'native' to the website are still displayed.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
-
Mark, When I am attacked by Ransomware, it takes me less than 10 minutes to totally recover and clear my computer of the virus. (It has happened 3 times.) If data files are corrupted by the virus, add the time to overwrite the corrupted files from a backup that was disconnected at the time of the attack. Can you beat that? If yes: I would love to hear how!
Get me coffee and no one gets hurt!
-
Mark_Wallace wrote:
Just use another machine while the "attacked" one is getting everything reinstalled and copied over, and you haven't lost a peanut.
This is an option at work but I only have one computer at home (and I've hand built the thing into a real monster). Since I really don't like being without a computer at home or have to wait for my work PC to be re-imaged, I take a few extra steps to prevent my machines from being infected due to someone else's unwillingness to filter their advertising content before presenting it to me. I know that this approach only filters out all the 3rd party ads and any ads 'native' to the website are still displayed.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Hell, you can save everything important to one or more SD cards or memory sticks. These attackers can't follow back-up trails and locations, especially if it involves removable media. Look carefully at what it is that makes your computer to be Your Computer, and get a back-up program to back it up while you're sleeping. Formatting a drive and re-installing stuff is no great hardship. It's losing what's your own that's a pain, but that's easy to protect against.
I wanna be a eunuchs developer! Pass me a bread knife!
-
Mark, When I am attacked by Ransomware, it takes me less than 10 minutes to totally recover and clear my computer of the virus. (It has happened 3 times.) If data files are corrupted by the virus, add the time to overwrite the corrupted files from a backup that was disconnected at the time of the attack. Can you beat that? If yes: I would love to hear how!
Get me coffee and no one gets hurt!
Unfortunately, C, I can't give you timing data, because I've never been daft enough to get infected in the first place! [Ambles away, whistling the theme to Goldfinger)
I wanna be a eunuchs developer! Pass me a bread knife!
-
Are you backing up to a NAS?
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Quote:
Are you backing up to a NAS?
Nooooo! A Ransom virus will encrypt all files on the network, especially files in servers or a NAS! Look what happened to the hospital in LA, who was forced to pay $17,000 to have files on their network unencrypted. You need to back up to an "air gap" device, that is only briefly connected to the network while the backup is being saved. That applies to backing up data files, as well as system drive images that are vital in case of an attack.
Get me coffee and no one gets hurt!