I nearly fell for one of these
-
Phishing email scam utilizes keylogger malware to steal sensitive information[^] I recently got an email with a Word attachment that insisted I install Silverlight in order to view the attachment. I did run the install in a moment of stupidity, but immediately realized my mistake. So I re-imaged my systems drive from a recent image to get rid of any potential malware. I also changed all my critical passwords with financial institutions.:mad: I have suggested it before, but I really wish we had a Security Forum on CP, where members can exchange data about such malware to benefit all of us.
Get me coffee and no one gets hurt!
- Block Office macros with Group Policy[^] (You'll probably need to download the Group Policy Administrative Templates for Office 2016[^]);
- Change the file association for
.js,.jse,.vbs,.vbeand.htafiles to open with Notepad by default; - Profit! :D
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Phishing email scam utilizes keylogger malware to steal sensitive information[^] I recently got an email with a Word attachment that insisted I install Silverlight in order to view the attachment. I did run the install in a moment of stupidity, but immediately realized my mistake. So I re-imaged my systems drive from a recent image to get rid of any potential malware. I also changed all my critical passwords with financial institutions.:mad: I have suggested it before, but I really wish we had a Security Forum on CP, where members can exchange data about such malware to benefit all of us.
Get me coffee and no one gets hurt!
Cornelius Henning wrote:
I recently got an email with a Word attachment
Red flag #1
Cornelius Henning wrote:
that insisted I install Silverlight
And that's when you toss it in the spam folder.
Proud to have finally moved to the A-Ark. Which one are you in?
Author of the Guardians Saga (Sci-Fi/Fantasy novels) -
- Block Office macros with Group Policy[^] (You'll probably need to download the Group Policy Administrative Templates for Office 2016[^]);
- Change the file association for
.js,.jse,.vbs,.vbeand.htafiles to open with Notepad by default; - Profit! :D
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Very nice of you to report your moment of fog on this, because if it could get an advanced tech user such as yourself (being a developer) it can definitely get other non-tech users. Sorry you went through that. EDIT BTW - I use VirusTotal - Free Online Virus, Malware and URL Scanner[^] for these types of things. Would love to see the results for your scan of that download.
-
Look on the bright side - at least you had the backup. Most non-professionals don't even have one.
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack. --Winston Churchill
Daniel Pfeffer wrote:
Look on the bright side - at least you had the backup. Most non-professionals don't even have one.
:sigh: But in my defense, I use my home PC only for gaming and paying bills, and also I'm notoriously lazy.
There is only one Vera Farmiga and Salma Hayek is her prophet! Advertise here – minimum three posts per day are guaranteed.
-
Phishing email scam utilizes keylogger malware to steal sensitive information[^] I recently got an email with a Word attachment that insisted I install Silverlight in order to view the attachment. I did run the install in a moment of stupidity, but immediately realized my mistake. So I re-imaged my systems drive from a recent image to get rid of any potential malware. I also changed all my critical passwords with financial institutions.:mad: I have suggested it before, but I really wish we had a Security Forum on CP, where members can exchange data about such malware to benefit all of us.
Get me coffee and no one gets hurt!
-
..there does not have to be a specific forum for your question, if there's no category that fits than pick the closest thing to it. Then again, you are simply opening an unsafe document with macro's; you know how that works :) If you want to know whether you can detect a keylogger, the answer is no.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
Eddy Vluggen wrote:
If you want to know whether you can detect a keylogger, the answer is no.
Yes you can. A keylogger needs to register a hook with
SetWindowsHookExwin32 API. That said, although tricky, you can detect installed global hooks. And somebody has already done it: [GitHub - prekageo/winhook](https://github.com/prekageo/winhook). It would be a tricky task to monitor and detect legit from malware global hooks. But it is possible.To alcohol! The cause of, and solution to, all of life's problems - Homer Simpson ---- Our heads are round so our thoughts can change direction - Francis Picabia
-
Well, again linux community is excluded from such an interesting software.
:laugh: Linux Ransomware Is Now Attacking Webmasters | TechCrunch[^] Ransomware meets Linux – on the command line! – Naked Security[^] New FairWare Ransomware targeting Linux Computers[^] Linux Ransomware and why everyone could be affected - Feature - PC Advisor[^] Linux and rise of Ransomware - Linux Audit[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
- Block Office macros with Group Policy[^] (You'll probably need to download the Group Policy Administrative Templates for Office 2016[^]);
- Change the file association for
.js,.jse,.vbs,.vbeand.htafiles to open with Notepad by default; - Profit! :D
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
I read about this yesterday on ZDNet, it's probably not a macro, but an image (install Silverlight) that points to a Visual Basic Script instead of a URL which installs the keylogger. Details: [^]
Which is why you change the
.vbsfile association to open with Notepad instead of WScript. :) Still doesn't hurt to disable macros, though, since some ransomeware still uses them.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
