The great "Wanna Cry" panic

It started on the morning of Friday May 12th  2017.  The media went wild. “World’s computers under attack from the deadly “WannaCry Ransomeware Crypto Worm”. Headlines and talking heads screamed, “British hospital turn away the sick and injured. India’s banking system shuts down. Spain’s telephone system in tatters, a hundred and fifty countries and hundreds of thousands of computers infected, America is next victim.”   The “WannaCry” hysteria conjured images of Godzilla wading ashore at “Battery Park” in New York City. Speculation as to who was to blame included Russia, China, North Korea and Donald Trump. One wag suggested that the source must be North Korea because the first three words of the North Korean National Anthem are “we wanna cry.” Then suddenly the media went silent. At first we assumed that they must have succumbed to the attack but by Wednesday it became apparent that the WannaCry threat had been vastly overdramatized by the press. It was a wimpy third rate malware attack that fizzled.

Outside of humiliating the press, the only other major impact was Microsoft’s opportunity to chastise Windows 7 PCs users who had shut off the automatic update feature in Windows to stop Microsoft from bombarding their PCs with “security updates” that really had nothing to do with security. Microsoft had released a security patch in March that plugged the hole in Windows 7 used by WannaCry.”

The WannaCry did very little damage and infected an infinitesimal percentage of the World’s PCs. The ransom actually paid to the perpetrators has been estimated at around $200,000, the amount needed to buy about 1.5 seconds of commercial time at the 2017 Super Bowl.

This virus was only capable of infecting XP PCs and Win 7 computers that had not updated in the last few months. In addition, the attack was stopped in its early hours by a stroke of bad luck (for the hackers). For reasons too lengthy to explain here, the hackers had set up a “’kill switch” so that they could stop “WannaCry” from spreading? This was accomplished by having the virus “call home” when it found a potential host. The virus was instructed to abort the infection if it made contact with “home” but continue the infection if it could not make contact with “home.” “Home” was an intentionally unregistered domain so it could not be contacted and the virus would continue infecting and spreading. In the event that the hackers wanted to stop the spread of the virus they would simply register the “home” domain. A technician working with MalwareTech on Friday afternoon noticed the unregistered domain in the virus coding and registered it to see what it was. That immediately stopped the spread of  "WannaCry." By the time the hackers recoded “WannaCry” potential victims had been able to take defensive measures. WannaCry was dead.

Interestingly, the Windows vulnerability that provided entry for this attack was in the SMB (Server Message Block) protocol which had been a part of Windows for over 20 years. Our own National Security Agency (Defense Dept) had discovered this vulnerability at some time in the past and had used it for their purposes until it was leaked earlier this year. Obviously NAS never told Microsoft about this useful vulnerability.

Phun with Phishing.

The practice of misrepresenting facts or identity in order to unlawfully gain information or money using electronic media (computers, smart phones, tablets) is called Phishing. When using voice communication (telephone) to initiate contact it is known as “vishing”. These exploits use “social engineering” to trick their victims into providing money or information. They typically falsely impersonate “trusted sources” like government agencies, utility companies,  banks or service providers (like Microsoft), your ISP or your Email service. Phishers use fear, greed, love, hate, loneliness, empathy, trust etc to get their victims to cooperate. Phishers broadcast their bait to thousands or even millions of potential victims. If only one person in a thousand takes the bait, a million casts will yield a thousand victims. Over the years we’ve repaired thousands of victimized computers. We get several a week. We do understand that it is never a fun experience for the user but in retrospect, some of these encounters do contain an element of gallows humor.

A gentleman brought his notebook PC in complaining that he had paid his fine but the FBI was still holding on to  his computer. We booted it up and sure enough, his computer was locked on an FBI wanted poster with his mug shot. The notice accused him of committing one or more crimes from a laundry list of infractions that included stealing copywrited material and downloading child porn. They stated that his infractions would be cleared, his computer released and his record purged if he paid a $300 fine by money card within 72 hours. If he did not comply, a federal warrant would be issued for his arrest and he would be subject to a $5000 fine and up to five years in federal prison. He bought the money card and gave them the authorization number but they never released his PC. By the time he brought it to us, he knew he’d been had. The “Phisherman” had used the web cam on his own PC to take his picture and create the wanted poster. They guy was still wearing the same shirt he had on when he unwittingly posed for his own wanted poster.

Last year a customer boasted that she had “fixed” the Vishers. She had responded to a warning that her PC was infected and she needed to call a Microsoft tech rep at the phone number provided. She called and let them into her computer. After an hour of holding the phone while watching them manipulate her PC they informed her that she must pay them $199 by credit card. She told them she thought this was a free Microsoft service. They told her that if she didn’t pay, she would not be able to use her PC. Reluctantly she authorized the payment on her Visa card. About 15 minutes later, as she watched the technicians continue to “work” on her PC, she got an incoming call. “This is Visa and we want to ask you about some unusual activity on your credit card.” They told her that her card was being used to make small purchases in several countries. She asked if there was a recent $199 charge and they said yes. The Visa representative recommended that she dispute the charges and immediately cancel the card. They would mail her a new one. She told them to do it.

“When those phony Microsoft techs finished with my computer it worked just fine. Those crooks had no idea that they weren’t getting paid that day,” she cackled. I asked her how long ago this all happened and she told me it was about a month. I asked her if she got her new Visa card and she said, “now that you mention it, I don’t think it has come yet.” I started to shake my head. She looked at me and turned pale. “Oh my god” she said putting both hands to her face, “that wasn’t really Visa was it, it was them.”  She bolted from the store to go take care of cancelling her card.  These clever crooks had figured out a way to keep their victims from actually cancelling the card and disputing the charges until they had safely stolen the money and had continued use of the card. Pretty clever.

Avoiding Malware 2.

Your Antivirus, Firewall and Spyware defense software do a great job stopping  3% of contemporary Internet “Malware” attacks but they won’t stop the other 97%.  That’s your job.

They are known as “Malware” but many of us still call them “viruses.” Strictly speaking, computer viruses are destructive programs that replicate themselves eventually filling the hard drive and killing the computer. Twenty years ago “viruses” were created for the purpose of sabotage mostly by twisted, smart ass “New Age” Luddites simply for the fun of seeing how much havoc they could wreak. Today the Luddites are history, “Malware” is all about money and you can’t make money by killing computers.

97% of all “malware” attacks are accomplished through “Social Engineering,” This is a broad term for the means that malware employs to con a user into performing some action that enables the malware to achieve its purpose. They get users to serve as a tool of their own destruction through a sophisticated understanding of human nature. They appeal to your personal likes, dislikes, fears, greed, sympathy, compassion, paranoia, lust or perversion.  

Teams of highly skilled criminals create these sophisticated “social engineering exploits.”   Once inside your PC the “malware” sets about achieving its assigned tasks using your OS (operating system) and hardware. Their tasks may be to make you a target for ads, guide you to unwanted sites, report your browsing habits, mine your keystrokes for passwords and other personal data, establish your PC as a “robot” in a criminal networkknown as a “botnet,” use your e-mail account, steal your identity or simply extort money from you. 

The way they get you to help them is often very clever. They may impersonate your bank, credit card issuer, E-mail service or a trusted source like Adobe or Microsoft. They may ask you to update your security information, click on a link or contact them by phone. They may contact you by mail or phone requesting that you return their call or click a link. They may contact you by an Email from a trusted friend or an official notice from the IRS, DOJ, FBI, DHS, ICE, CIA or any State or local law enforcement agency. They may contact you masquerading as your water, telephone or electric utility, cable or internet provider. You may get a notice by phone or on screen that “Windows” wants to help you with a computer problem. You may get an Email appeal from a dear friend who has been mugged in Istanbul or Timbuktu and needs money. Then there is the widow of a Nigerian prince who needs your help in getting $35 million out her low rent country. All she needs is your bank account number and password and you get to keep half the money.

Who falls for this kind of stuff? You would be amazed. Perhaps only one person out of a ten thousand will respond to a particular exploit, but if they send out a million copies they’ll get a hundred victims. There are thousands of different exploits, each one aimed at a particular human frailty and there are three and a quarter billion Internet users. No matter how narrow or esoteric the exploit and no matter how tiny the percentage of Internet users that might respond, there are thousands if not millions of potential victims.

They count on the hope that sooner or later your curiosity will outweigh your caution and you will click on a questionable link. It’s human nature. Later, when you bring your PC to us you’ll probably say “I knew I shouldn’t have clicked that link.” It just takes one click and your PC will need professional help. 

Our recommendation is to assume, when on the WWW, that any unsolicited invitation, update offer, warning or service offer is a criminal exploit. Never let any unsolicited service access your PC and never accept a link from an unknown source. If in doubt give us a call.  

Avoiding Malware 1.

“Malware”, short for “malicious software,” is the generic name for programs that infect devices for purposes other than those of the legitimate user. Malware is of no benefit to the user but seeks instead to accomplish some purpose for the perpetrator. Various types of malware include viruses, worms, Trojan horses, ransomware, spyware, adware, scareware etc. Today we will start with the basic malware defense strategies.

1. Anti-virus/malware software.  Whether you use a free Antivirus program or a paid version you must keep it up to date and check it regularly to be sure it is active and running. You should also activate your Window’s or anti-virus program’s firewall.

2. Keeping Your System Security Current. With Win 10 updates are no longer optional, they are mandatory. With Win 7/8 updates are optional and you may either enable the automatic update feature or run them selectively. In the past we have recommended enabling “automatic updates.” We no longer make this recommendation because Microsoft updates for Win 7/8 have become more trouble than they are worth. Their security and bug-fix potential is now far outweighed by the disruptiveness of these “updates” many of which have little or no constructive value to the user and are implemented to gain Microsoft more access to your browsing patterns and personal data.

3. Secure Your Network & Keep Your Personal Information Safe. Many PCs access files, printers, or the Internet via your home or business Wi-Fi “hot spot.” Make sure your passwords are strong. Never broadcast an open Wi-Fi connection. Don’t broadcast your SSID (the password to your Wi-Fi network. Hackers may compile your information and personal data from account to account until they have enough info to access your bank acct. or steal your identity. Be cautious on chats and social media. Lock down all your privacy settings, and avoid using your real name or identity on “chats.” Use multiple passwords. When using open Wi-Fi hot spots like Starbucks, McDonalds, the library, and airports, never access your  personal password protected sites. The bad guys are listening.

4. Think Before You Click. Avoid websites that provide pirated or questionable material. Do not open email attachments from unknown sources. Do not click on an unsolicited email links. Let your curser hover over suspicious links to see where it’s taking you before you click it. If you download a file from the Internet, an email, a file-sharing service or any FTP site (file transfer protocol), scan it before you run it. Your anti-virus software should do it automatically, but make sure it is being done.

5. Back Up Your Files. Files that are important to you should be backed up. Backing them up on an “always connected” storage device like external or internal hard drives is not sufficient. Malware that infects your PC will infect a back-up drive if it is connected. The safest back-up is one of the “cloud storage” services like Carbonite. Your files are safe and accessible, the cost is less than $60 a year and it is automatic. If you do use an external back-up, back it up frequently and disconnect it when you’re done. Don’t leave your back-up device connected.

These are basic practices everyone should follow but what do you do when you get that official looking screen that says your PC has a problem and you need to click on a link or dial a phone number for assistance? These are examples of “social engineering exploits”, next week’s topic.