Jump to content
 

Forum malware attack - 29 Dec 2018

Andy Y

By Andy Y,
in Forum Rules, Notices, Faults & Help

 Share

Recommended Posts

  • RMweb Premium
Clive Mortimore

Clive Mortimore

Posted
  • RMweb Premium
Posted

...or a day off in the loo after having to sort out all the Eartha Kitt caused by this attack.

 

Echo everyone else's thanks for the hard work.  Bizarre that RMWeb even got on the Ukrainian hackersphere. 

This was possibly an attack on a busy website by a crook who could be based anywhere in the world using a proxy Ukrainian URL. 

Link to post
Share on other sites
sharris

sharris

Posted
Posted

I heard on the news that some US newspapers were affected by a virus (only their print run apparently).

 

It would be interesting to know if only RMWeb was hit, or whether it was more widespread across Warners Group.

Not that the US and RMWeb incidents were necessarily linked but it's interesting that two publishing operations were hit the same day.

Link to post
Share on other sites
Andy Y

Andy Y

Posted
  • Author
Posted

It would be interesting to know if only RMWeb was hit, or whether it was more widespread across Warners Group.

RMweb is hosted on a completely separate server and database from the rest of the business.

Link to post
Share on other sites
Dick Turpin

Dick Turpin

Posted
Posted

What I was most grateful for in the wake of this malicious attack, was the quality and speed of feedback. A little info doesn't half go a long way at times like these, so thanks again from me. A positive here is that a lot of us have woken up to our own computer security, and taken a fresh look for the better.

 

Also, can I naively ask whether having moved over to https protocol might have helped in this instance? 

  • Like 1
Link to post
Share on other sites
Andy Y

Andy Y

Posted
  • Author
Posted

 

Also, can I naively ask whether having moved over to https protocol might have helped in this instance?

 

I was trying to get that completed a few weeks ago but it caused the chronic slowdown of performance. It is, however, completely unconnected and use of https would not have been of any benefit in this instance.

Link to post
Share on other sites
Suzie

Suzie

Posted
Posted

I got the fake Microsoft critical alert page and the log-in box, cannot close either and neither Avast, which I'd already got installed, and Malwarebytes, which I've installed since, can shift either.

Suggestions, anyone?

Uninstall Avast - it is unlikely to stop anything other than windows defender from doing its job!

Link to post
Share on other sites
  • RMweb Gold
Oldddudders

Oldddudders

Posted
  • RMweb Gold
Posted

Uninstall Avast - it is unlikely to stop anything other than windows defender from doing its job!

It remains a mystery to me how other brands continue to flourish, when Windows Defender is free - and supplied by Microsoft itself. Microsoft has every motivation to make Defender the best of the best, while others just make money.

Link to post
Share on other sites
  • RMweb Gold
beast66606

beast66606

Posted
  • RMweb Gold
Posted

It remains a mystery to me how other brands continue to flourish, when Windows Defender is free - and supplied by Microsoft itself. Microsoft has every motivation to make Defender the best of the best, while others just make money.

 

They might have the  motivation to do so Ian, but the practice is not the case - I use Kaspersky

Link to post
Share on other sites
Guest

Guest

Posted
Posted (edited)

Isn’t Kaspersky a possible security risk? The Government did issue warnings about Russian anti-virus software a while back.

Edited by Guest
Link to post
Share on other sites
Guest

Guest

Posted
Posted

A quote from the BBC in December 2017:

 

The British government has issued a fresh warning about the security risks of using Russian anti-virus software.

 

The National Cyber Security Centre is to write to all government departments warning against using the products for systems related to national security.

 

The UK cyber-security agency will say the software could be exploited by the Russian government.

 

Security firm Kaspersky Labs, accused in the US of being used by the Russian state for espionage, denied wrongdoing.

Link to post
Share on other sites
  • RMweb Premium
Nile

Nile

Posted
  • RMweb Premium
Posted

Another thanks to Andy for sorting this out, especially on the weekend / Christmas Holidays. The office never closes for some people.

 

For anyone who missed out on the fun, I took a snapshot of my screen before pulling the Ethernet cable (yeah, I know, damage probably already done if it was good attack, but it couldn't hurt) and giving the laptop the three-finger salute (Ctrl-Alt-Del).

 

It was nice of them to give me a freephone 0800 number, really helpful touch.

 

attachicon.gifMalware.JPG

 

Thanks for that, I could only see it in a small window. Getting a Windows defender alert on a Linux PC was a bit of a give away it was fake. The 0800 number is interesting, there must be lots to be made from scamming. Did anyone call that number?

  • Like 1
Link to post
Share on other sites
Phil Parker

Phil Parker

Posted
Posted

For what it's worth, I use Kaspersky because my British bank supplies it for free. Out of interest, I ran Malwarebytes and it found no problems on my computer.

 

Talking to Andy, he has been in touch with the Kremlin and suggested a crack BRM team go into Ukraine to find the perpetrators and lecture them on underframe differences in GWR carriage stock, but Vladimir thought it seemed a bit cruel.

  • Like 1
Link to post
Share on other sites
  • RMweb Gold
Harlequin

Harlequin

Posted
  • RMweb Gold
Posted (edited)

Did anyone else have the malware speak to them?

 

When I closed the popup window a synthesized female voice with a mid-Atlantic accent started reciting the ransom demand to me...

 

All good fun (kinda).

 

Edit: BTW: @Phil Parker: Have a look at this: https://www.bbc.co.uk/news/uk-42209489 (What The Snapper said above.)

Edited by Harlequin
  • Like 1
Link to post
Share on other sites
Phil Parker

Phil Parker

Posted
Posted

Did anyone else have the malware speak to them?

 

When I closed the popup window a synthesized female voice with a mid-Atlantic accent started reciting the ransom demand to me...

 

All good fun (kinda).

 

Edit: BTW: @Phil Parker: Have a look at this: https://www.bbc.co.uk/news/uk-42209489 (What The Snapper said above.)

 

Barclays might have dropped the product, but they haven't replaced it, which makes me wonder if this was much a commercial decision as a security one. A bank that lies to you? Hmmm.

 

I guess it all comes down to who you want looking at your hard drive, Putin or Trump? Can we really trust Malwarebytes? Who CAN you trust? Did Andy Y just put up those pop-ups to get out of seeing some relatives at Christmas?

  • Like 1
Link to post
Share on other sites
sharris

sharris

Posted
Posted

It remains a mystery to me how other brands continue to flourish, when Windows Defender is free - and supplied by Microsoft itself. Microsoft has every motivation to make Defender the best of the best, while others just make money.

I've used AVG on my home machines since about 2004 or so. That's always had a free and a paid version. It used to sit quietly in the background doing its job, but the last couple of years the free one has started to get a bit intrusive, telling me things I didn't really need to know (primarily to tell me that the paid version would fix those 'non problems').

Link to post
Share on other sites
Suzie

Suzie

Posted
Posted

I've used AVG on my home machines since about 2004 or so. That's always had a free and a paid version. It used to sit quietly in the background doing its job, but the last couple of years the free one has started to get a bit intrusive, telling me things I didn't really need to know (primarily to tell me that the paid version would fix those 'non problems').

AVG is no better than Avast and far worse than doing nothing.

Link to post
Share on other sites
  • RMweb Gold
4630

4630

Posted
  • RMweb Gold
Posted

 

Did Andy Y just put up those pop-ups to get out of seeing some relatives at Christmas?

 

 

Unfortunately the lack of RMweb at a critical time meant that I had little choice but to spend the time seeing relatives.  Thanks a bunch for that!

 

Joking aside, I'll add my thanks to Andy and others as well no doubt, for the hard work to get the forum back up again pretty quickly.  Echoing what others have said, the communication of what was happening was first rate and really appreciated. 

Link to post
Share on other sites
wombatofludham

wombatofludham

Posted
Posted

Isn’t Kaspersky a possible security risk? The Government did issue warnings about Russian anti-virus software a while back.

 

I figure that if the Russian Mafia can't protect my computer then no-one can.  Personally I've found Kaspersky to be the best AV software I've used and when, like others have said, I did a Malwarebytes sweep yesterday as a belt and braces it found nothing amiss.  Doing it's job seemingly without the holes of Micro$oft's string vest security.

 

There again I'm not a Government agency so all Vlad's techie farties can get hold of is my collection of bus porn and the Teledu Mawddach advertising department's production archive.  Don't think that will compromise National Security.

Link to post
Share on other sites
  • RMweb Gold
beast66606

beast66606

Posted
  • RMweb Gold
Posted

Did anyone else have the malware speak to them?

 

When I closed the popup window a synthesized female voice with a mid-Atlantic accent started reciting the ransom demand to me...

 

All good fun (kinda).

 

Edit: BTW: @Phil Parker: Have a look at this: https://www.bbc.co.uk/news/uk-42209489 (What The Snapper said above.)

 

I don't trust much the BBC say these days - there's nearly always an angle to their articles, they are no longer the bastian of good quality independent reporting (imho)

 

If Putin want's a picture of 57303 dragging a GA set through Eccles this morning at 07:25 he can have one - now where did the company who were involved in dodgy practice with Facebook come from ....

 

I've used Kaspersky for years and never felt the need to visit a cathedral

Link to post
Share on other sites
Phil Parker

Phil Parker

Posted
Posted

I don't trust much the BBC say these days - there's nearly always an angle to their articles, they are no longer the bastian of good quality independent reporting (imho)

 

If Putin want's a picture of 57303 dragging a GA set through Eccles this morning at 07:25 he can have one - now where did the company who were involved in dodgy practice with Facebook come from ....

 

I've used Kaspersky for years and never felt the need to visit a cathedral

 

You can ditch your tin-foil hat. A quick search found that the BBC was merely regurgitating a press release. The Kaspersky website confirms it:

 

The UK Government has been advised by the National Cyber Security Centre (NCSC) to cease using Russian anti-virus products for systems with a national security purpose.

Following this guidance, Barclays took the precautionary decision to no longer offer Kaspersky Lab software to new users or renewing users.

We are disappointed Barclays has decided to discontinue offering Kaspersky Lab anti-virus.

 

That said, I use it and Malwarebytes found no problems so even if Putin is looking at my PC, I don't seem to be suffering.  And I defy anyone to find a news outlet that doesn't have an angle on the news (IMHO) the BBC is less bad than most. Only BRM is a bastion of independence and fairness. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...