Ann Arbor Area Business Monthly
Small Business and the Internet

Latest in Malware

August 2015

By Mike Gould

No, this is not a fashion alert regarding what to wear at Briarwood. That would be Mall Wear. This is something completely different. Most people these days would recognize malware as malevolent software: viruses, phishing attempts, scams, et cetera, et cetera, ad nauseum.

It’s been more than a year since I visited this topic, March of 2014, to be exact, when I wrote “Secure Businesspeople Don't Get Viruses” (URL below). Needless to say, criminals continue to search for and exploit weaknesses in our web environs, and fearless public guardians such as myself continue to alert folks about ongoing nasties and general evil doing. And please, no widespread panic – I have yet to see any of the below myself on any of my clients’ computers - just be aware that bad things are a thing.

It’s Still a Jungle Out There
So here’s the latest on some of the evil going on down the tubes we affectionately call the World Wide Web. I was reminded of all this when I read the latest issue of TidBITS, an online magazine about the Apple ecosystem (URL below) to which I subscribe. The issues they describe aren’t unique to Macs, and the users of Windows systems have even more things to worry about, as we’ll talk about below.

This latest phenomenon is not really a virus or Trojan Horse, but a refined version of social engineering, and works like this: you end up on a web page in your browser, and all of a sudden your screen freezes and you are confronted with a scary message advising to call the number on your screen to fix the freeze. You call the number and an evil person on the other end talks you into permitting them to log into your computer to do the fix.

If you are addled enough to do so, they will log in, unfreeze your screen, and install all manners of evil ones and zeroes into your system unbeknownst to you. These enable the bad guys to turn your computer into a spam bot, and/or ransack your files looking for passwords, Social Security numbers, credit card numbers, and anything else of value.

Scary Monsters
How did you find yourself in such a predicament? You happened to click on a hijacked banner ad you thought would take you to Uncle Happy’s Fun Place, or the DMV, or anyplace that sounded appealing or useful at the time. Actually, probably not the DMV.

What happened was that the bad guys managed to hack into a legitimate website’s server and substituted the intended link with one to their infected page. This is usually done with a generous serving of hacked JavaScript, one of the main scripting languages of the Web. You can avoid this by turning off JavaScript in your browser, but if you do, you will miss a lot of legitimate web use in the sites you visit.

The above is an example of “Scareware” and there are any number of fixes for it. If you find your screen locked, you can usually force quit out of your browser and be on your merry way. Unfortunately, sometimes when you re-engage your browser, you will be automatically taken back to the previous page and the whole thing starts over.

Fixes
You get out of this by holding down the shift key when loading in Safari on a Mac, and various other keys (alt, command, etc.) depending on which browser you use and on which platform (Mac or Windows). I don’t have space here to list all the work-arounds for the various combinations of the above, but if you Google “unlock browser screen [your browser your platform]” you will find the correct combination. You might want to do this now and be forearmed if you wind up locked up in the future. The final answer to this lies with the browser makers, and they’re working on it. See the TidBITS article for more info.

Ransom Ware
The above should not be confused with actual ransomware. This is a pernicious program that can actually take control of your computer, and lock up the entire thing via encryption such that you cannot get to your files. You then have to send BitCoin to the Russian Mafia or someone to get the code to unlock your PC. Yeah, PC; this doesn’t affect Macs. Yet.

This happens when a PC user accidently downloads something truly evil from the Internet, which then springs into action, holding a gun to your mouse until the ransom is paid. This can also get into your system if your network is hacked. There are apps out that criminals use to do this called CryptoLocker (since taken down) and WinLock. If your PC gets hit with this, you are in serious trouble. There are no doubt experts in the area who can help (check with all the local PC repair places), but the best practice is the usual care taking in what you browse to and download from. For more info, see the wiki article below. And stay backed up.

Bob From Ohio
The final bit of evil I’ll address today is something I have been suffering for a while now: social engineering from overseas. Three times last week I got a call from “Bob from Ohio”, who has a very thick accent. I think they re-named a town in Asia to “Ohio” so they can make this claim. The return phone number is missing a couple of digits, so I now know to ignore such calls.

If you let “Bob” into your life, he will tell you he is from the official Windows repair service, and they have detected a problem in your system (all the way from Asia!) and he is here to help. He will have you run some “diagnostics” on your PC (again, they don’t know from Macs) that will show a bunch of (fake) issues which they will use as a lever to talk you into giving them access to your system. If you do this, they will load you up with all the evil above and be off to count your money.

Bottom line: never, ever give a stranger access to your computer, follow safe computing practices, and never talk to Bob from Ohio.

Secure Businesspeople Don't Get Viruses
http://mondodyne.com/b2b/smbiznet.193.shtml

TidBITS http://tidbits.com/article/15777

Ransom Ware https://en.wikipedia.org/wiki/Ransomware

Mike Gould hunkers in his bunker, was a mouse wrangler for the U of M for 20 years, runs the MondoDyne Web Works/Macintosh Training/Digital Photography mega-mall, is a laser artist, performs with the Illuminatus 3.0 Laser Lightshow, and welcomes comments addressed to mgould@mondodyne.com.

MonodoDyne <M> The Sound of One Hand Clicking...
734 904 0659
Entire Site © 2016, Mike Gould - All Rights Reserved