Lloyds Bank fake email “FW: Incoming BACs Documents”

Just received the email below – proporting to be from Lloyds Bank – looks genuine enough but clearly it is just another phishing email looking to grab some details off you or drop some malware or Virus on your PC. If you receive this email – delete it. Do not click on the PDF link in the email

If you have already done so – contact me and I can clean your PC for you. If you don’t have a decent anti-virus – I can help you there too as I resell BitDefender GravityZone – one of the best on the market.

Is Antivirus Necessary in the World of Mac?

credit : https://www.macworld.com/article/3230164/antivirus-software/is-antivirus-necessary-in-the-world-of-mac.html

The misconception that only Windows OS computers need antivirus protection is just that—a misconception.

The last decade has served up plenty of lessons around taking digital security too lightly. For years, threats targeting the Windows operating system have grabbed the headlines, leaving the impression that other operating systems are immune to commercial, opportunistic threats.

The modern Mac OS is based on a solid architecture, with built-in security features that do a pretty good job fending off malware. But the explosive growth of the web and our dependence on cloud services has changed the security landscape completely. Platform-focused threats are now complemented by web-borne attacks trying to gain control of your cloud services.

On the malware side, while it’s true that Windows computers are more susceptible to attacks due to their popularity, the increase in malware families specifically designed for Mac is higher in 2017 than in the previous five years combined. Security experts – and sometimes Apple – warn Mac users not to rely on the operating system for security alone, as prevention is always the wiser approach.

Cyber criminals are getting better at hiding malware from users and security agents. They’re not in it for the notoriety, like they used to be in the good old days. Now they are in it for the money. Hackers are no longer writing poor-quality malware, but instead designing hostile, complex, malicious software programs which takes advantage of users’ blind spots to sneak in, by either working around the operating system defenses, or by tricking the user into voluntarily installing them.

Some of the notorious threats that have taken Mac users by surprise are CoinThief, a Mac Trojan that goes for Bitcoin wallets after infiltrating computers, or the devastating Flashback Trojan that infected more than 600,000 devices worldwide. And new threats, such as ransomware, are being perfected as we speak, designed to extort money from victims all over the globe. In March 2016 Apple had to fight KeRanger, the first ransomware designed for Mac.

Before you hit the road, fasten your digital seatbelt

When talking about online security, one of the most important misconceptions is that anti-virus programs only protect against known viruses, and the number of such viruses is so small that you should hardly bother. In reality, an anti-malware solution designed for Macs cover all the attack avenues: They include anti-phishing, anti-adware, anti-spyware, anti-ransomware, and other layers of security to keep your Mac running only the software or apps that you have authorized.

Modern threats targeting Macs are silent: they can run in the background for years without showing any sign of trouble. Aggressive adware that stealthily profiles you and casually serves banners might not look like a big deal for the uninformed—but they leak out your private information, from browser habits to contacts or browsing history, without you even knowing. Other websites take advantage of your processing power and silently use it to mine digital currency at the expense of your computer’s performance and reliability. This, in turn, wears down your hardware and increases your electricity bill.

Are all security solutions made equal?

If you’re concerned about the security of your Mac device and want to get an anti-malware solution installed, make sure you don’t fall into a trap. Fake malware protection applications are out there for all platforms, from Android to Windows to Mac.

Choose a security solution that provides certified 100% detection, such as  the BitDefender GravityZone .

Speak to me about a quote for BitDefender GravityZone for all your Mac or Windows devices.

Vaccine, not Killswitch, Found for Petya (NotPetya) Ransomware Outbreak

By Catalin Cimpanu at www.bleepingcomputer.com
June 27, 2017 05:46 PM 63

Cybereason security researcher Amit Serper has found a way to prevent the Petya (NotPetya/SortaPetya/Petna) ransomware from infecting computers.

The ransomware has been wreaking havoc across the globe today, locking hard drive MFT and MBR sections and preventing computers from booting. Unless victims opted to pay a ransom (which is now pointless and not recommended), there was no way to recover their systems.

In the first hours of the attack, researchers believed this new ransomware was a new version of an older threat called Petya, but they later discovered that this was a new strain altogether, which borrowed some code from Petya, hence the reason why they recently started it calling it NotPetya, Petna, or as we like to call it SortaPetya.

Researchers flocked to find killswitch mechanism

Because of the ransomware’s global outreach, many researchers flocked to analyze it, hoping to find a loophole in its encryption or a killswitch domain that would stop it from spreading, similar to WannaCry.

While analyzing the ransomware’s inner workings, Serper was the first to discover that NotPetya would search for a local file and would exit its encryption routine if that file already existed on disk.

The researcher’s initial findings have been later confirmed by other security researchers, such as PT Security, TrustedSec, and Emsisoft.

This means victims can create that file on their PCs, set it to read-only, and block the NotPetya ransomware from executing.

While this does prevent the ransomware from running, this method is more of a vaccination than a kill switch. This is because each computer user must independently create this file, compared to a “switch” that the ransomware developer could turn on to globally prevent all ransomware infections.

How to Enable the NotPetya/Petna/Petya Vaccine

To vaccinate your computer so that you are unable to get infected with the current strain of NotPetya/Petya/Petna (yeah, this naming is annoying), simply create a file called perfc in the C:\Windows folder and make it read only. For those who want a quick and easy way to perform this task, Lawrence Abrams has created a batch file that performs this step for you.

Please note that he batch file will also create two addition vaccination files called perfc.dat and perfc.dll. While my tests did not indicate that these additional files are needed, I added them for thoroughness based on the replies to this tweet.

This batch file can be found at: https://download.bleepingcomputer.com/bats/nopetyavac.bat (PR PC Support takes no responsibility for use of this batch file – although it has been checked out )

For those who wish to vaccinate their computer manually, you can do so using the following steps. Please note that these steps are being created to make it as easy as possible for those with little computer experience. For those who have greater experience, you can do it in quite a few, and probably better, ways.

First, configure Windows to show file extensions. For those who do not know how to do this, you can use this guide. Just make sure the Folder Options setting for Hide extensions for known file types is unchecked like below.

Once you have enabled the viewing of extensions, which you should always have enabled, open up the C:\Windows folder. Once the folder is open, scroll down till you see the notepad.exe program.

Once you see the notepad.exe program, left-click on it once so it is highlighted. Then press the Ctrl+C ( Ctrl+C Button) to copy and then Ctrl+V ( Ctrl+V Button) to paste it. When you paste it, you will receive a prompt asking you to grant permission to copy the file.

Press the Continue button and the file will be created as notepad – Copy.exe. Left click on this file and press the F2 key on your keyboard and now erase the notepad – Copy.exe file name and type perfc as shown below.

Once the filename has been changed to perfc, press Enter on your keyboard. You will now receive a prompt asking if you are sure you wish to rename it.

Click on the Yes button. Windows will once again ask for permission to rename a file in that folder. Click on the Continue button.

Now that the perfc file has been created, we now need to make it read only. To do that, right-click on the file and select Properties as shown below.

The properties menu for this file will now open. At the bottom will be a checkbox labeled Read-only. Put a checkmark in it as shown in the image below.

Now click on the Apply button and then the OK button. The properties Window should now close. While in my tests, the C:\windows\perfc file is all I needed to vaccinate my computer, it has also been suggested that you create C:\Windows\perfc.dat and C:\Windows\perfc.dll to be thorough. You can redo these steps for those vaccination files as well.

Your computer should now be vaccinated against the NotPetya/SortaPetya/Petya Ransomware.

Phishing email that knows your address

Something you need to be aware of, posted on the BBC ( http://www.bbc.co.uk/news/technology-35977227 )

emailscam

A new type of phishing email that includes the recipient’s home address has been received by thousands of people, the BBC has learned.
Members of the BBC Radio 4’s You and Yours team were among those who received the scam emails, claiming they owed hundreds of pounds to UK firms.
The firms involved have been inundated with phone calls from worried members of the public.
One security expert warned clicking on the link would install malware. You and Yours reporter Shari Vahl was one of the first on the team to receive an email. “The email has good spelling and grammar and my exact home address…when I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address. “My tummy did a bit of a somersault when I read that, because I wondered who on earth I could owe £800 to and what was about to land on my doormat.” She quickly realised it was a scam and did not click on the link. “Then, a couple of minutes later, You and Yours producer Jon Douglas piped up as he’d received one and then another colleague said he’d received one too, but to his home email address,” she added.
The You and Yours team decided to contact the companies that were listed in the emails as being owed money.
A spokesman for British Millerain Co Ltd, a waxed cotton fabric manufacturer, told the programme that the firm “had more than 150 calls from people who don’t owe us money”.

And a spokeswoman for Manchester shelving firm Greenoaks said: “My colleague took a call from an elderly gentleman and he was very distressed because his wife had had one of these emails.”

Dr Steven Murdoch, principal research fellow at the department of computer science at University College London, told You and Yours: “Most likely it was a retailer or other internet site that had been hacked into and the database stolen, it then could have been sold or passed through several different people and then eventually it got to the person who sent out these emails.” He said that the email bore the hallmark of previous phishing attempts from gangs in Eastern Europe and Russia. He said that clicking on the link would install malware such as Cryptolocker, which is a form of ransomware that will encrypt files on Windows-based computers and then demand a fee to unlock them.
Anyone receiving such an email is advised to delete it and report it to the national fraud and cybercrime reporting centre Action Fraud.

Beware Crypto Ransomware

Last week one of our staff opened a zip attachment that squirmed it’s way through the mail filters. Boom – queue a host of fileservers with files infected by cryptoware – it encrypts your files and renames them to the extension .locky – you can pay to have them unlocked! Nice – luckily I found the offending machines, re-imaged them and deleted all files and restored from backup. Problem solved – well apart from blocking zip attachments (probably something I should have done ages ago!)

Here’s so more info, found on Neowin.net

We already know that ransomware has become a growing threat to users around the world. Last week, Mac users saw their first such attack on Apple’s operating system. By encrypting a user’s local files and holding them ransom for payment in the hundreds of dollars, the perpetrators have become increasingly sophisticated in their methods to extract money. The software is so difficult to deal with that the FBI advises people and businesses to just pay up to unlock their files.

Now, according to Trend Micro, the past 24 hours have seen a rash of new crypto-ransomware spreading through popular websites. The attack, dubbed Angler Exploit Kit, is taking advantage of vulnerabilities in Adobe Flash and Microsoft Silverlight, among others, to feed the malware through compromised ad networks.

Malwarebytes is reporting that the “malvertising” is hitting the BBC, MSN, nfl.com, The New York Times, my.xfinity.com and many others in the form of clickable banners. The anti-malware company provided lots of detail around the exploit, reporting a number of suspicious domains through which the ads are apparently served. Google’s ad network carried trackmytraffic[.]biz, while the AOL, Rubicon and AppNexus ad networks carried talk915[.]pw as well. Other suspicious domains include brentsmedia[.]com, evangmedia[.]com and shangjiamedia[.]com.

According to a blog post by SpiderLabs at Trustwave, as reported by Ars Technica, the team inspected a JSON-based file and wrote the following:

If the code doesn’t find any of these programs, it continues with the flow and appends an iframe to the body of the html that leads to Angler EK [exploit kit] landing page. Upon successful exploitation, Angler infects the poor victim with both the Bedep trojan and the TeslaCrypt ransomware–double the trouble. Google’s ad network was compromised in this attack, according to MalwareBytes. Last year, Google reported to have made progress in filtering ad injectors and malicious sources across the ad networks it manages. However, it would appear that the ad network still has work to do.

Credit John Devon – neowin.net