Common troubles and precautions
Adwares, Malwares, Botnets, Ransomware, Malmining/ CryptoJacking.
Internet lives on Ads. While a lot of good sites rely on the revenue from Ads to give you the content for free, others wants to hijack your machine and turn it into their slaves and miners.
Ads and impressions provide a lot of data to the research firms to target you with more ads. yes, that is a vicious circle of internet Ads. Did you search in your favorite search engine about that new pair of shoes or the gadget? chances are you will see the ads for it anywhere you look for the next several days. It is like that perky young sales guy who watches the styles and type of stuff you are picking for a bit before coming out of nowhere with a charming style to get your business. Don’t get me wrong, I fully support allowing legit and good sites to show me some ads for the content, but some take it a bit too far to cause me to turn it off.
Malware, Botnets, Ransomware and Malmining/CryptoJacking stuff takes it a bit further. they want to live on your machine and use your machine at your expense(yep, you dont get electricity and a computer for free, do you?) for their advantage. They want to live in your machine, watch your moves around the Web, grab your passwords, mess with your bitcoin addresses, mine crypto currencies and at times use your machine to do a coordinated DDoS attacks against someone else.
Historically, they are known to hide within the site that serve the Adults only contents and illegal software distributions, but off late, the attackers are also trying to hide them within well known software distributions by clickjacking a user to accidentally download an infected version or breaking into the main sites distribution servers and placing their own infected copies for people to download. Earlier days were full of attempts from Viruses, Trojans, Worms etc to be an inconvenience than a money making tool. That changed when ransomware came into play, which tried to extort money by encrypting your stuff (WannaCry?). New trend points to the Malmining/ Cryptojacking wares wanting to setup shop for long term paybacks.
What do I do?
- Use protection (yea baby!) – No seriously, get a good Anti Virus / Network security suite. At least use the free ones like Windows Defender.
- Understand that nothing is perfect and any system can be broken into by using the right method(s). You can make it harder for the attacks to get in.
- Use tools and techniques to blacklist the known adware / Malware IPs from talking to me
- Avoid being in the net as a system administrator.
- Turn on default System Firewall and periodically review what gets caught.
- Do not click on the links I am not absolutely sure of.
- Do not download software from questionable sources.
- Use a virtual machine or a Live CD (try ubuntu, or OpenBSD if you are paranoid). VirtualBox is free and it isn’t hard to setup a virtual machine just for questionable stuff. Alternatively just boot from a Live CD.
- I prefer a Unix based operating system over Windows due to the security philosophy and the number of attack vectors available for the Windows platform. While it is still possible to get nasty things on a Unix based operating system, it is more due to me being stupid than the attacker being clever.
- If you are windows, try using the snapshots and backup facilities. It can help you recover from a tight situation.
- Have a good continuous online and offline backups. WannaCry? Nope – System restore.
- Some modern browsers – Chrome / Firefox/ Safari for example – can warn you about potential troubles. Pay attention.
So, you got that email urging you to open the file or got to a site and enter your credentials to verify something. This is a good time to hit the pause and ask.
- Are you truly expecting that mail to come from the source it is claiming to be?
- Is that really from your bank or the person you think it is coming from?
- Does the URL it is trying to take to is really what it says it is?
- Does the link say yourbankingsite.com or is it yourbankingsite.somethingrandom.somethingelse.somethingelse.com ?
- If you are technically savvy, does the header information makes sense and matches that of a legitimate mail you got?
What do I do?
- Avoid clicking on anything that is on the email – login to the site directly the usual way you do and if it is a legit ask, there should be a notification waiting for you in there.
- Even if you accidentally clicked on it, look closely where you are on the browser’s URL.
- Contact the company or individual via the publicly known methods – phone number on the back of your card or chat on their own site or company directory and ask them about it.
- If it is proven to be a phishing attempt, report it to your mail service provider and the support team in the company. All major personal and corporate mail service providers would be happy to get that report to safeguard other users.