Your On-Line Port'o'Call

Previous Thread
Next Thread
Print Thread
Rate This Thread
#569661 - 11/11/17 07:12 PM Had a hacker try to install ransomware  
Joined: Feb 2003
Posts: 11,654
Frantically Relaxing Online content
Admiral
Frantically Relaxing  Online Content
Admiral

Joined: Feb 2003
Posts: 11,654
Kind of a long story but I'll try for the short version, and I'll copy & paste actual emails, and change the name:

Received an email from a well known customer:

Jane Doe used DocuSign to share some confidential document files. Kindly press review document to access the file.

CLICK TO REVIEW DOCUMENT

Kindly let me know if you have any questions.

Regards.
Jane Doe


Knowing this may be bad, I right-clicked the link to save it and scan it. I got as far as right clicking when Security Essentials nabbed it. a-HA! It was a 'simple' trojan virus, for hackers to install and run programs...

So I emailed Jane, from my address book, NOT replying to this email:

Hi Jane,

first, you should get these plates tomorrow--

Second, did you send me any 'confidential' emails? Check the screenshot I sent, there's 2 identical emails to 2 different email addresses of mine-

The reason I ask is, because the email wanted me to 'click to review document', I tried to save the 'click' link and my virus scanner sprang to life--

If you did send it, something's not right, and you should check into it! But I'm guessing you didn't send it, if thats the case, then someone's doing a good job of spoofing your email address--

Thanks!


-- and now the fun part, this is the reply I got:

It's a business proposal, I thought you might be interested.

Let me know if there are any changes or if you want to discuss.

CLICK TO VIEW DOCUMENT


===============
Get that? I got a reply back, FROM THE HACKER -!?! -using a reply-to from and older email-! Since when do trojan viruses REPLY BACK? Too damn spooky....

My win8 computer is of no use to me, other than test purposes like this, so forwarded the email to my online server so I could download it and try to run it. What happened was, DocuSign did try to run it, but there's a final security code necessary that's supposed to be included in the email, which of course there wasn't one of. No matter, I'd done all I needed to do to by then!

--But plain old Defender nabbed it.

[Linked Image]


======================

I hate internet thieves gunner sunsabiches gunner2 --so beware of hacker mails that email you BACK! bug_eyes



Last edited by Frantically Relaxing; 11/11/17 07:37 PM.
A Word from Our Sponsors
#569662 - 11/11/17 09:52 PM Re: Had a hacker try to install ransomware [Re: Frantically Relaxing]  
Joined: Oct 2003
Posts: 7,215
captkevin Online content
Admiral
captkevin  Online Content
Admiral

Joined: Oct 2003
Posts: 7,215
Chicago, IL
Wow that is scary stuff.


2004 Rinker 232
2010 Dodge Ram Crew Cab Laramie 4x4
#569663 - 11/11/17 10:08 PM Re: Had a hacker try to install ransomware [Re: Frantically Relaxing]  
Joined: Sep 2006
Posts: 2,096
2Suns Offline
Admiral
2Suns  Offline
Admiral

Joined: Sep 2006
Posts: 2,096
Peoria,IL
There’s one going around that looks like an official “Jane doe has shared a file via dropbox”. Almost got me.


By the time they had diminished from 50 to 8, the other dwarves began to suspect "Hungry.-Gary Larson
#569664 - 11/12/17 06:07 AM Re: Had a hacker try to install ransomware [Re: Frantically Relaxing]  
Joined: Aug 2005
Posts: 2,284
tpenfield Offline
Admiral
tpenfield  Offline
Admiral

Joined: Aug 2005
Posts: 2,284
Cape Cod, MA
FR - I think you are fortunate that Windows Defender was able to catch it.

I'm not sure how expensive Sophos Endpoint protection would be for a small business, but we installed it a few years ago at my workplace and added the ransomware feature before the recent outbreaks. Good stuff.

We also have seen a lot of these phishing/hacking attempts with a similar M.O. but using Google Doc's as the bait, since so many people use Google. Typically, those attempts are to get you to enter your Google password into the hacker's 'fake' login screen. That might be how your 'well known customer' got compromised.

If you use MS Office 365 for email, you can add 'Advanced Threat Protection' (ATP) which scans links and attachments for malicious intent. We added that at my workplace, because of the amount of attempts like the fake Docusign and Google Doc's ploy.


Last edited by tpenfield; 11/12/17 06:11 AM.

Regards, Ted

Formula 330SS

My Boat Web Sites
#569666 - 11/13/17 01:12 AM Re: Had a hacker try to install ransomware [Re: Frantically Relaxing]  
Joined: Dec 2002
Posts: 12,325
KCook Offline
Admiral
KCook  Offline
Admiral

Joined: Dec 2002
Posts: 12,325
Phoenix
Yikes! I never get e-mails like that (guess my life is too simple), but one of my Wordpress blogs was hacked a couple of months ago. A blog that gets almost no visits! Spent a couple of weeks running every security plug-in under the sun trying to fix the hack myself. To no avail, huge waste of my time (me stupid). There are online security services that will de-louse a blog of hacks, but these charge $200 and up. For each instance. Come to find out there are also "managed" WP hosts that provide their own security, including fixing any hacks already evident in a blog being transferred to them. "Managed" means any future hacks are their problem, not your problem. So I signed up with one for $165/yr. The halcyon days of super cheap online web sites are rapidly coming to a close. Thank you Putin!

roadkill

#569667 - 11/13/17 01:42 AM Re: Had a hacker try to install ransomware [Re: Frantically Relaxing]  
Joined: Feb 2003
Posts: 11,654
Frantically Relaxing Online content
Admiral
Frantically Relaxing  Online Content
Admiral

Joined: Feb 2003
Posts: 11,654
There's a couple of reasons it didn't get me, first one is I'm well aware of what NOT to click on in emails smile

My email computer is running win7 with Security Essentials, and it found the first trojan when I right-clicked the link, "win32/Vigorf.A" which is a 'hacktool' to load and run programs. I did a full scan and clean, and SE has blocked my computer from linking from emails AT ALL now! Guess that makes it safer but it's a pain because I get a LOT of links from customers I know are safe, and now I have to figure out how to fix that...

When I purposely ran the virus on my win8 computer (since that's all it's good for), the computer was divorced from the internet and my network. I was actually hoping to see what it would do, but Defender saved it!

Does anyone know if ransomware hits a single computer or can it migrate to your networked computers?

#569669 - 11/13/17 08:27 AM Re: Had a hacker try to install ransomware [Re: Frantically Relaxing]  
Joined: Aug 2005
Posts: 2,284
tpenfield Offline
Admiral
tpenfield  Offline
Admiral

Joined: Aug 2005
Posts: 2,284
Cape Cod, MA
Ransomware usually migrates . . . that is why the outbreaks of about 6 months ago ('WannaCry', 'Petya', etc.) effected so many computers in a short period of time . . . so if you have one computer exposed, then you will want to check all of your computers.


Regards, Ted

Formula 330SS

My Boat Web Sites

Moderated by  Admin 

Sponsors
New Topics
New Company (Organic Dog Shampoo)
by Bowline. 11/21/17 01:22 PM
2 Diaries
by Jack T. 11/14/17 07:44 PM
Had a hacker try to install ransomware
by Frantically Relaxing. 11/11/17 07:12 PM
I guess it's time...
by Just Bob. 11/09/17 02:34 PM
Most recommended tire
by jetjack. 11/08/17 06:13 PM
Ship runs aground
by captkevin. 11/08/17 01:00 PM
Volvo Alarm
by Boatbottom. 11/03/17 12:25 PM
Massive Kidde Fire Extinguisher Recall
by GoFirstClass. 11/02/17 07:38 PM
Tire dilemma for truck.
by Silverbullet. 10/31/17 12:57 PM
Volvo penta 5.0 tstat o ring lost
by wijeff. 10/29/17 08:27 PM
Who's Online Now
1 registered members (captkevin), 51 guests, and 3 spiders.
Key: Admin, Global Mod, Mod
Newest Members
Lumpkins, shabubu22, cowboysfan, Adirondackboater, Lemar14
5428 Registered Users
Forum Statistics
Forums23
Topics37,062
Posts561,040
Members5,428
Most Online252
Aug 5th, 2017
Powered by UBB.threads™ PHP Forum Software 7.6.0