Pages in topic:   < [1 2 3 4] >
Nov 20 malware incident
Thread poster: Ty Kendall

Henry Dotterer
Local time: 09:01
SITE FOUNDER
An antivirus scan should definitely be run. Nov 23, 2012

Hi all,

It would appear that the member who reported irregularities with her online bank has gone offline; we have been unable to reach her by phone, skype, email or other means. However, based on her posting, and out of an abundance of caution, at this point we feel we have to change our recommendation from "it might be a good idea to run an antivirus scan" to "you should definitely run an antivirus scan".

If you do not have anti-virus software, there are several free
... See more
Hi all,

It would appear that the member who reported irregularities with her online bank has gone offline; we have been unable to reach her by phone, skype, email or other means. However, based on her posting, and out of an abundance of caution, at this point we feel we have to change our recommendation from "it might be a good idea to run an antivirus scan" to "you should definitely run an antivirus scan".

If you do not have anti-virus software, there are several free options:

* Avast - http://avast.com
* MalwareBytes - http://malwarebytes.org

Once again, I sincerely apologize for the inconvenience this may cause. Thank you for your understanding.

I tried to log into my online banking system and got a very suspicious message right after logging in. When I contacted my bank, they said that the problem was probably caused by a virus (at that time I didn't receive the mail from Proz yet) that tried to find out my banking details. They advised me to do a thorough scan of my computer to delete the virus. My normal antivirus program didn't indicate anything, but luckily my husband ran some other programs for me. There were indeed several threats and after deleting those, I was able to use my banking system again. So please, be very careful and take this message from Proz seriously!
Collapse


 

Steven Hanley (X)  Identity Verified
United States
Local time: 09:01
Spanish to English
+ ...
I'm the one who initially reported the incident Nov 23, 2012

So, FYI, it was an "Exploit Toolkit" attack, and you can find the details here:

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25708

Hope that helps.


 

Russell Jones  Identity Verified
United Kingdom
Local time: 14:01
Italian to English
No problem Nov 23, 2012

My screen jumped to the ISP pages mentioned in previous posts and I immediately closed them.
I have McAfee anti-virus software pre-installed on my PC.
In the light of the updated recommendations, I ran a full scan today with MalwareBytes and am pleased to report that no threats were detected.


 

Evonymus (Ewa Kazmierczak)  Identity Verified
Poland
Local time: 15:01
Member (2010)
English to Polish
+ ...
???? Nov 24, 2012

Jason Grimes wrote:

At this time, the only reported problem that is known to be consequence of this issue is that some users were redirected to another site when viewing a banner ad during that 4-hour time period.

Jason


Which ad exactly?
And if I didn't click any ad banner, is my computer safe? Of course I ran my ESET Smart Security and no problem was detected, but how do I know for sure?
Ewa

[Edited at 2012-11-24 00:10 GMT]


 

Neil Coffey  Identity Verified
United Kingdom
Local time: 14:01
French to English
+ ...
Also run a *vulnerability* scan Nov 24, 2012

Remember that in principle, for your computer to be infected with malware via a web page, either you have to specifically take some action that allows this, or else the malware in question needs to exploit some security loophole in your browser/plugins, or in the software (PDF reader etc) that you use to open files in commonly downloaded formats.

So, it is a good idea to take preventive action against the latter case. Many antivirus programs, in addition to allowing you to scan for
... See more
Remember that in principle, for your computer to be infected with malware via a web page, either you have to specifically take some action that allows this, or else the malware in question needs to exploit some security loophole in your browser/plugins, or in the software (PDF reader etc) that you use to open files in commonly downloaded formats.

So, it is a good idea to take preventive action against the latter case. Many antivirus programs, in addition to allowing you to scan for actual infections, allow you to perform a scan for *Vulnerabilities*. This is designed to alert you to outdated components installed on your computer for which known updates with security fixes are available.

If you don't have an antivirus with such a facility (or indeed, in any case) it's a good idea to regularly check that you have the latest version of your browser and major plugins and software that opens common file formats. Frequent culprits are Java, Flash and PDF Reader. In principle, these should automatically alert you if an update is available. But it does no harm to run the scan or do a manual check every few weeks.

As I think it was Henry who said above, the unfortunate need to battle against security threats is a joint effort: with legitimate web site owners doing all they can on their end-- in terms of installing the latest server patches etc-- and users doing all they can-- in terms of using antivirus tools and updating their software-- at their end.


[Edited at 2012-11-24 02:06 GMT]
Collapse


 

Neil Coffey  Identity Verified
United Kingdom
Local time: 14:01
French to English
+ ...
And get a *paid* antivirus suite if you possibly can Nov 24, 2012

And... without wishing to sound like a proponent of naked capitalism, I would differ slightly from some of the advice given here in that I am slightly suspicious of free antivirus software.

It's fantastic idea in principle.

But in practice, for an antivirus company to keep on top of the latest threats requires significant resources. So if you opt for a "free" product, make sure you have a satisfactory answer on where their revenue stream actually comes from and how they
... See more
And... without wishing to sound like a proponent of naked capitalism, I would differ slightly from some of the advice given here in that I am slightly suspicious of free antivirus software.

It's fantastic idea in principle.

But in practice, for an antivirus company to keep on top of the latest threats requires significant resources. So if you opt for a "free" product, make sure you have a satisfactory answer on where their revenue stream actually comes from and how they can provide the same level of service as the major labs.
Collapse


 

Giunia Totaro  Identity Verified
Local time: 15:01
French to Italian
+ ...
[OT] Nov 24, 2012

I honestly doubt that such a verbose OS as Windows has always been could ever be virus-free...


Tom in London wrote:

juliette_K wrote:

All my solidarity to PC users having hard times : (


As a Mac user, I don't get infected. In 10+ years of using Macs I've never had any form of virus. And I hear that Windows 8 is virus-free too (although I don't know if that's true).

[Edited at 2012-11-23 13:41 GMT]


 

Jennifer Forbes  Identity Verified
Local time: 14:01
Member (2006)
French to English
+ ...
96 threats! Nov 24, 2012

Thanks to this thread and the emailed warnings from Proz, yesterday I ran a full anti-virus scan (using AVG free). The scan took about an hour and, according to the final report, found 96 "threats" (all with two orange asterisks assigned to them, not the three red asterisks assigned to "serious threats"). It sent all of them to the "vault".
This morning, I received what I think was a suspicious email in a language I don't speak - possibly Turkish - which I deleted at once without opening
... See more
Thanks to this thread and the emailed warnings from Proz, yesterday I ran a full anti-virus scan (using AVG free). The scan took about an hour and, according to the final report, found 96 "threats" (all with two orange asterisks assigned to them, not the three red asterisks assigned to "serious threats"). It sent all of them to the "vault".
This morning, I received what I think was a suspicious email in a language I don't speak - possibly Turkish - which I deleted at once without opening it. Are 96 threats an abnormally high amount? I don't know.
AVG does an automatic scan every day (taking about 10 minutes) and I don't normally try to find out how many threats it identifies.
Of course I don't know whether the 96 threats and the suspicious email message had anything to do with the malware incident of 20th November.
Anyway, I'm grateful to Proz and colleagues for the warnings.
Trusting I'm now as clean as a whistle ... but am I?
Jenny
Collapse


 

Tom in London
United Kingdom
Local time: 14:01
Member (2008)
Italian to English
DIdn't get it Nov 24, 2012

Ty Kendall wrote:

has anyone else received this message:(etc)


No. I never received any such message.


 

XXXphxxx (X)  Identity Verified
United Kingdom
Local time: 14:01
Portuguese to English
+ ...
Macs Nov 24, 2012

juliette_K wrote:

I honestly doubt that such a verbose OS as Windows has always been could ever be virus-free...


Tom in London wrote:

juliette_K wrote:

All my solidarity to PC users having hard times : (


As a Mac user, I don't get infected. In 10+ years of using Macs I've never had any form of virus. And I hear that Windows 8 is virus-free too (although I don't know if that's true).

[Edited at 2012-11-23 13:41 GMT]


I would still play safe. After this recent incident I moved the only PC I have not running on ESET from McAfee (which came pre-installed on a new machine) to ESET. We have 4 PCs and 1 Mac and the Mac has had anti-virus software on it for the past year or so. The threats are increasing and the ESET technician I spoke to yesterday evening said they had a Mac attack just the other day; someone's operating system had got completely fried.


 

Tom in London
United Kingdom
Local time: 14:01
Member (2008)
Italian to English
Well.... Nov 24, 2012

Lisa Simpson, MCIL wrote:

......the ESET technician I spoke to yesterday evening said they had a Mac attack just the other day; someone's operating system had got completely fried.


Well, 'e would say that, wouldn't 'e?



 

XXXphxxx (X)  Identity Verified
United Kingdom
Local time: 14:01
Portuguese to English
+ ...
Google it Nov 24, 2012

Tom in London wrote:

Lisa Simpson, MCIL wrote:

......the ESET technician I spoke to yesterday evening said they had a Mac attack just the other day; someone's operating system had got completely fried.


Well, 'e would say that, wouldn't 'e?



As I understand, Apple have had to withdraw any claims that they are virus-proof in view of the number of recent incidents. Personally, I wouldn't risk it.


 

Shai Navé  Identity Verified
Israel
Local time: 16:01
Member
English to Hebrew
+ ...
Some thoughts Nov 24, 2012

Jenny Forbes wrote:
The scan took about an hour and, according to the final report, found 96 "threats" (all with two orange asterisks assigned to them, not the three red asterisks assigned to "serious threats").

Those are possibly Cookies or other web-related elements that are saved to the cache. They might not even be related to this incident, but it is possible that they are. Either way, they are probably not an immediate threat to the integrity of your system (but it is good to remove them anyway, like you did).

Are 96 threats an abnormally high amount?

There isn't a single determinate answer to this question. It is more about the nature of the malware rather than the number of files infected or occurances. Many times hundreds and even thousands (depending on the amount of data in the drive) of files get infected, but it is a "minor" infection; it causes disruption to normal work (programs don't start, the web traffic gets redirected, AV gets disables and so on), but it is fairly easy to clean up and usually no permanent damage to the system or data occurs. Other times (though less common), the infection is more deeply embedded, harder to identify and get rid of (short of wiping the drive and losing some or all the data), and it carries higher risk to the system integrity and the security of the user's personal information and identity).
There is some misconception about malwares. The common belief is that malwares are malicious softwares that aim to wipe one's data. However, in reality they are more of an annoyance that disrupts work by disabling some functionality, referring web traffic (sometimes by taking over the system's hosts file), opening "tunnels" in the systems firewall system and call home to download more malware of this sort or to allow someone from the outside to use the computing resources for, usually, malicious activity (for sending spam for example), etc. The common malware does not delete anything directly nor tries to. The biggest threat of modern malware is identity theft by means of keyloggers and/or Phishing, and or specifically exposing your system to someone from the outside. Granted, sometimes the system gets corrupt indirectly as a result of the cleaning process. This is more typical to an aggressive approach because when dealing with infected systems some finesse and systematic approach are required. Just dropping the hammer, sort of speak, usually causes more damage to the system than the malware.

I recommend (again) everyone who suspect foul play or just want to err on the side of caution to:
1) Run an AV scan outside of the system.
2) Run a scan with a dedicated malware removal tool such as Malwarebytes Anti-Malware and SuperantiSpyware.
3) Run an Hijackthis scan.
4) If possible, check the firewall logs for any suspicious activity in the relevant time period.
5) If infected or experiencing some system instability: those running Windows, open a command prompt (elevated in Vista and above) and type "sfc /scannow" (note, it might require the installation media). This will check the integrity of core system files and attempt to replace them if any of them got corrupt.

As a side note; this is another reason why it is so important to backup the important data. I know of too many people who neglect doing so, or doing it wrong (typically by copying the data to another drive and remove it from the first drive - back means 2 or more copies of the data). So, like all other incident of this kind, it is a good opportunity for anyone who doesn't back up like they should to catch up on things and start doing so to avoid any future data loss.


And get a *paid* antivirus suite if you possibly can

I agree. Most free AVs (with the exception of MSE from all the more common brands in this market, at least as far as I know) are intended for personal use only. Using them in a professional capacity (on a system that is used to make revenue) is in violation of the user agreement. I also think that it is important to support the developer (exactly like we like to get paid for our work and not spread it for free for others to capitalize on it), and in the process one is eligible for support and, usually, gets priority updates over the free version.
There are nice selection of good AVs, so one probably can find a reliable solution within their budget. If, for whatever reason, one cannot afford an AV, I recommend using MSE (Microsoft Security Essentials; now comes pre-installed in Windows 8). This way one does not abuse the developer's offering and MSE is a very good AV in its own, so this is not a compromise on quality.
However, from a technical stand point there is nothing wrong with the free AVs. They perform (except for the disabled features in comparison to the "Pro" version) just the same.


 

Jennifer Forbes  Identity Verified
Local time: 14:01
Member (2006)
French to English
+ ...
Thank you, Shai Nov 25, 2012

Thank you, Shai, for your helpful explanation and interesting thoughts. My ignorance on the matter is now slightly less encyclopaedic!
Best wishes,
Jenny


 

Tom in London
United Kingdom
Local time: 14:01
Member (2008)
Italian to English
I wouldn't worry too much Nov 27, 2012

Lisa Simpson, MCIL wrote:

As I understand, Apple have had to withdraw any claims that they are virus-proof in view of the number of recent incidents. Personally, I wouldn't risk it.


There haven't been any incidents. Here's an interesting discussion: "Mac OS X forum: Is it true that MacOS is Virus-free?"

http://forums.cnet.com/7723-6126_102-284276/is-it-true-that-macos-is-virus-free/


 
Pages in topic:   < [1 2 3 4] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Nov 20 malware incident

Advanced search






WordFinder Unlimited
For clarity and excellence

WordFinder is the leading dictionary service that gives you the words you want anywhere, anytime. Access 260+ dictionaries from the world's leading dictionary publishers in virtually any device. Find the right word anywhere, anytime - online or offline.

More info »
SDL Trados Business Manager Lite
Create customer quotes and invoices from within SDL Trados Studio

SDL Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search