"Two weeks to prepare for cyber-attack"

gramps

gramps

Suspended / Banned
Messages
44,805
Name
'Gramps'
Edit My Images
No
The National Crime Agency is warning computer users they have two weeks to protect against a "powerful computer attack".
It comes as US officials held a press conference accusing a Russian hacker of masterminding the scam and raking in £60m.
Two pieces of malware software known as GOZeuS and CryptoLocker are at the centre of the alert.
People are being warned to make sure their security software and operating system are both up to date, and to run scans to check for any problems.
Important files should also be backed up, said the UK's National Crime Agency (NCA).
The malware typically infects a computer via attachments or links in emails.
Click to expand...

http://news.sky.com/story/1273922/two-weeks-to-prepare-for-cyber-attack
 
neil_g said:
Stuff people should be doing aleady.
Click to expand...

True and I've been getting numerous of these emails, purporting to have voicemails, invoices, etc as attachments ... however there are many people out there (you have only got to think of some threads on here) who haven't a clue about the risks and take no or minimal action to prevent it.
I know of at least one person who has been caught out by cyberlocker - clearly if these bots can infect and replicate as suggested then the more people alerted to the need for protective action the better.
 
gramps said:
True and I've been getting numerous of these emails, purporting to have voicemails, invoices, etc as attachments ... however there are many people out there (you have only got to think of some threads on here) who haven't a clue about the risks and take no or minimal action to prevent it.
I know of at least one person who has been caught out by cyberlocker - clearly if these bots can infect and replicate as suggested then the more people alerted to the need for protective action the better.
Click to expand...

exactly, been getting them for months, emails claiming to be from HMRC, the POst Office, etc etc... my Macs Sophos AV picks most of them up anyway, and even if it didn't, you would have to be pretty guliible, or greedy, or very technophobic to download the attachments. Mind you, we did just remind our 'blond' daughter about it and got the exasperated 'I KNOOOOOOOW' response :rolleyes:
 
Easier just to drop any emails with a zip or embedded exe. No one sends zip files these days. Not sure about what malicious PDFs can do on a mac either.

I know I've got lion set to not run any unsigned software so its a right pain to run anything outside the App Store. Does crypto locker get around this silently?
 
Last edited:
Only a couple of days ago I downloaded some (legit) texture files that were zipped - some still use it.
 
The malware typically infects a computer via attachments or links in emails.
Click to expand...

Well I have been protecting my system for just such an attack for 20 yrs now.. I dont use virus software of malware checks... I just use common sense... my email reader has always been text only and I never open attachments...

Not overly worried to be honest :)
 
KIPAX said:
Well I have been protecting my system for just such an attack for 20 yrs now.. I dont use virus software of malware checks... I just use common sense... my email reader has always been text only and I never open attachments...

Not overly worried to be honest :)
Click to expand...
Unfortunately that's just not practical for most.

And email isn't the only infection method.

But I guess I haven't had a car accident for a few years, I guess I can stop using my seat belt. :)
 
Last edited:
neil_g said:
But I guess I haven't had a car accident for a few years, I guess I can stop using my seat belt. :)
Click to expand...

over 20 years......the proof is in the puddng... or are you suggesting I am just lucky and common sense isnt enough ? maybe you just like making sarcastic comments to try and look clever ?
 
I know I'm going to regret asking this.......but is there any evidence that Macs can be infected by these? That's a genuine question, not an attempt to start a flame war.
 
JonathanRyan said:
I know I'm going to regret asking this.......but is there any evidence that Macs can be infected by these? That's a genuine question, not an attempt to start a flame war.
Click to expand...
Mac's 'can' be affected, however, they are very rarely targeted due to market share. There are more PC's than Mac's out there, and therefore the virus writers target the more captive audience.
 
boyfalldown said:
surprise attack then?
Click to expand...

No one expects....
Our chief weapon is surprise...surprise and fear...fear and surprise.... Our two weapons are fear and surprise...and ruthless efficiency.... Our *three* weapons are fear, surprise, and ruthless efficiency...and an almost fanatical devotion to the Pope.... Our *four*...no... *Amongst* our weapons.... Amongst our weaponry...are such elements as fear, surprise.... I'll come in again.
 
One article I read claimed they could be but didn't say how.

I did see in another they mention using a virtual machine which suggests macs without parallels or similar could be immune.

I don't have java installed anymore so that is another trojan door shut.

If you have set application privileges so that you can't run anything that's not from the app store without arsing around I can see that would make it quite difficult for it to work on a mac, especially if you aren't running as admin user on normal day to day.

There's quite a useful article about software restriction policies on PCs that would kybosh it:

http://www.computerworld.com/s/arti...to_do_if_you_are_?taxonomyId=125&pageNumber=1
 
Last edited:
DiggerDave said:
Mac's 'can' be affected, however, they are very rarely targeted due to market share. There are more PC's than Mac's out there, and therefore the virus writers target the more captive audience.
Click to expand...

Thanks Dave - I understand the theoretical risk and that there simply aren't currently any viable viruses for recent Mac operating systems. But it seems that this malware is well understood. A chap on R4 this morning said basically that we have about a 2 week window to disinfect machines. I'd love there to be a well researched article somewhere that has a checklist that goes something like

1. Are you running OS X 10.x or up? Then you're fine.
2. Are you running Linus? Ditto
3. Are you running Win8 with all latest patches? also good.

Etc.

ATM the "news" articles are laying us all right open to phishing emails and Indian call centres offering to fix "the well known problem".

And yeah, my main machine is locked down fairly tight. But I'd like to know things were good without having to worry.
 
Not worried the girl at the nat west said i should start on line banking as there system is 100% safe,i suggested they let the Pentagon use it :),when will people learn nothing on line is safe so dont use it as though it is,as some one said common sense
 
I find it quite ironic that one part of the government (NCA) is suggesting that we all tighten up on our PC security, whilst another (Basingstoke and Deane council) are merrily giving away personal and private information, including address, DOB and NI number, for free, after receiving a freedom of information request. http://www.bbc.co.uk/news/uk-england-hampshire-27661517
 
JonathanRyan said:
.
Click to expand...

I think, generally, the Mac community get's a little forgotten about in the usual mainline articles, as they are not targeted as frequently, however as srichards, above eluded to, I would certainly avoid Parallels machines having internet access, and also make sure Java is secured. Other than that, this is the policy I put in place at a recent place of work (Not all relevant to Cyber attack, but good advice):

1. No admin accounts! - If you need to perform an Admin task, use SuDo or log in as the root user for that purpose only.
2. No Email associated with root account, and restricted browsing.
3. Use 'Sandbox' (App in app store) to limit the run-time ability of Malicious code.
4. Use iCloud allow iCloud Remote Wiping.
5. Use a firewall (On your internet connection if necessary), and close ports, not many people need telnet, ftp, etc...
6. Kids! Don't let them download their favourite Facebook games, the code maybe rife with advertising (see Phishing) subroutines.

That's a starting point, on top of the usual good AV, and password Security and your Mac should be quite safe.
 
neil_g said:
Why now though. Crypto locker has been around for a fair while now. All mainstream AV had that patched way back.
Click to expand...
What I find worrying is that the NCA have just made the security announcement as if this is a new discovery. Have they just woken up ?

Les
 
arclight said:
What I find worrying is that the NCA have just made the security announcement as if this is a new discovery. Have they just woken up ?

Les
Click to expand...
The latest release version of CryptoLocker...

Discovered: February 6, 2014
Updated: March 7, 2014 8:48:52 AM
Type: Trojan
Systems Affected: Windows XP, Windows Server 2008, Windows 7, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Seems they are a little late ;)
 
There is, in fact, an even greater threat to anyone running a computer with a Microsoft operating system ... Bill Gates!
 
KIPAX said:
over 20 years......the proof is in the puddng... or are you suggesting I am just lucky and common sense isnt enough ? maybe you just like making sarcastic comments to try and look clever ?
Click to expand...
but how do you know without having a checker installed? or do you run an online scanner every now and again.

serious question, my sarcasm feature is firmly disabled presently.
 
JonathanRyan said:
I know I'm going to regret asking this.......but is there any evidence that Macs can be infected by these? That's a genuine question, not an attempt to start a flame war.
Click to expand...

A similar question... what about PCs running Linux?


Steve.
 
Steve Smith said:
A similar question... what about PCs running Linux?


Steve.
Click to expand...
As Mac's run a "flavour" of the *nix (Unix) OS, and Linux is a derivation of Unix, I would say the risks are very similar. Of course because of the Open Source nature of Linux, there is a chance for malicious code to be shipped with the magnitudes of open software that is available.

Generally, I would stick roughly to the steps above (relevant ones), especially using a non-privileged (non-root) user for everything, and NEVER run a web browser or mail browser under SuDo.
 
If you have a router then that can be your first line of defence - a good router should give no indication to anyone trying to access your PC that you even exist - you can check your router here:

https://www.grc.com/intro.htm

go to Services then "Shields UP" after disabling all anti-viruses etc so it can simply access your raw router.

It should show all green which means you have a good router.

Nowadays I run the pro version of malwarebytes on my real machine and a free copy of Avast in the VMs I use to surf the Net and feel reasonably secure that not much will get me (and fingers crossed).

But even if something did attack it could only attack the SSDs I use on my machines since everything else is now on external HDDs which are only plugged in when needed and never left permanently connected.

so hopefully I have mitigated the chances of any attacks either getting through or causing major damage or loss to my data.
.
 
Last edited:
Stuart M said:
There is, in fact, an even greater threat to anyone running a computer with a Microsoft operating system ... Bill Gates!
Click to expand...

Hah hah hah hah hah hah hah hah hah hah hah hah. No.

About Linux, you'd need to write your malware for each version of Linux (Gentoo, Debian, Ubuntu etc). Also most applications are downloaded through the community repository, so unless you deliberately installed applications from outside the repos or the repos were hacked then you'd likely be safe. It is not normal for Linux machines to run as root, and any software installing would need root priviledges to enable install. *Hopefully* most people would realise something was wrong before entering their password and giving carte blanche.
 
Stuart M said:
There is, in fact, an even greater threat to anyone running a computer with a Microsoft operating system ... Bill Gates!
Click to expand...

You mean, Bill "The Greatest Philanthropist the world has ever known" Gates? The same chap who hasn't actually worked at M$ this century? That Bill Gates? Srsly, it's time to get over Windows ME.
 
Remedy looks simple:-
OS up to date, Yep Win8
Malware and Antivirus up to date, Yeah, Advanced System Care Ultimate
Browser up to date, sure thing, Comodo Ice Dragon
E-mail, yes, Mozilla Thunderbird, all precautions taken, Trash and Junk deleted regularly.
Occasional Regular sweeps, Ccleaner, Spy-Bot, PriviZer, Malwarebites. etc.

Router, Firewall on Max. setting.

Have I missed anything, and should`nt you all be doing this?
 
Byker28i said:
No one expects....
Our chief weapon is surprise...surprise and fear...fear and surprise.... Our two weapons are fear and surprise...and ruthless efficiency.... Our *three* weapons are fear, surprise, and ruthless efficiency...and an almost fanatical devotion to the Pope.... Our *four*...no... *Amongst* our weapons.... Amongst our weaponry...are such elements as fear, surprise.... I'll come in again.
Click to expand...


i didnt expect a kind of spanish inquisition !
 
The fact that we have 2 weeks to clean up our act suggests whoeer has been looking at the virus has found something in the code which will cause havoc in 2 weeks time if it is still on your PC.
 
arad85 said:
The fact that we have 2 weeks to clean up our act suggests whoeer has been looking at the virus has found something in the code which will cause havoc in 2 weeks time if it is still on your PC.
Click to expand...

I only heard part of the interview and they were dumbing it down a lot....but it sounded like the autoupdate facility on the botnet has somehow been disabled for 2 weeks. So if you uninstall right now, it won't immediately reinstall (or frustrate your attempts to uninstall). It's just possible the 2 week thing is a deliberate lie to get people to do stuff now rather than leave it until, well, never.
 
arad85 said:
The fact that we have 2 weeks to clean up our act suggests whoeer has been looking at the virus has found something in the code which will cause havoc in 2 weeks time if it is still on your PC.
Click to expand...

I doubt that a "fact" enters into the equation!
 
when in two weeks time jack s*** happens they'll be telling us that it was their villigilance that stopped 'the chaos' being worse - theres always threats on the interweb , remember all the 'I love you' stuff a few years back

the first line of defence isn't your router, or your AV system (or using Mac/ Linux etc) the first line of defence is your brain - don't download attachments you weren't expecting, don't respond to phishing scams , don't use the same passwords for everything , don't use leave your password set to password 01 , don't go on holiday leaving all your doors and windows open with a big sign on the front door saying please burgle me

and whats this cobblers about the vfBI having disrupted the network and taken it over ? - say what , surely 'the network' the criminals use to 'talk' to infected computers is called 'the internet' :shrug:
 
Last edited:
arad85 said:
The fact that we have 2 weeks to clean up our act suggests whoeer has been looking at the virus has found something in the code which will cause havoc in 2 weeks time if it is still on your PC.
Click to expand...
What has happened is that they've thrown a bit of a spanner in the botnet's works and they estimate it will take around two weeks for it to become effective again. There's no specific threat after two weeks and nothing is going to necessarily cause havoc after two weeks.

Also, if we were to be pedantic, it's not a virus.
 
There are currently no known versions or methods of infection for OSX or other nix variants. The spreading had been going on for a long time though.

I still would run antivirus and outbound firewall software like little snitch or hands off on your mac so to not infect others and keep an eye on your outgoing network connections.
 
You must log in or register to reply here.
Back
Top