A short lesson on computer viruses

July 2017

There are two types of viruses making the rounds and the news right now. Ransomeware and what is called “the Microsoft 800 scam”. One is very, very serious. One is a minor annoyance unless you call the 800 number.

Ransomeware is just that, someone is holding all of the data on your computer for ransom. If you pay them, you get your files back. If you don’t, they are gone forever. Just that simple.

Sample of a ransomeware notice
Most ransomeware is spread by emails. The emails look like something you would click on. An Invoice, a resume, a notice from FedEx or UPS, a warning that your account will be turned off. The first thing to do is, “IS THIS FOR ME?” Does Bank of America have your work email? Do you have a Bank of America account? Do you normally receive resumes? If the answer is no, don’t click on it! This also goes with IRS notices are emails from Microsoft about a virus on your computer. Just don’t.

The next thing to look at is who is the email from. If you received an email from TAX@IRS.GOV (doseomd@anon.fi) who is it from?

First, Tax@irs.gov is not a normal name at the IRS although irs.gov is the web address for the IRS. But this was from doseomd@anon.fi. Anon.fi is an anonymous email server in Finland and that is probably who really sent the email. If you get an email and the subject looks legitimate, look at the sender. Computers read addresses right to left, so start on the right and read who it is really from. Finally, is there an attachment? Where you expecting an attachment? No? DON’T CLICK ON IT. Just get in the habit.
Don’t click.

Some ransomeware does not spread via email. It isn’t with a web page. It is just floating about in cyberspace looking for systems. WannaCry was this type of ransomeware. The only solution is to keep your system up to date. If you are running Windows XP, it is time for a new computer. It took Microsoft a long time to kill off XP, but WannaCry and some other ransomeware look for unpatched XP computers and infects them. So, now is that time.

Keep up with your updates. Run Windows update. There were several large updates for Windows 10 in June, 2017. They could take an hour to download and install. DO IT. The same for Windows 7. Run Windows Update. Then update your browser(s) and then update Flash and Java. Yes, Java has some serious security flaws. Yes, it needs updating every two weeks. There are still thousands of applications that you need Java to run, so live with it

There are several variants of the 800 scam. It could be the IRS, the FBI, or Microsoft, but they all have the same format. Something is seriously wrong. You need to call this number.

A sample of 'the 800' scam
The good news. The pop up notice is just that. A notice to call a number. Don’t call the number. The whole point is to get you to call, you then either give them a credit card number or grant them remote access to your computer. If you don’t call, they get nothing. Chances are nothing has been installed on your computer. Close your browser. The notice should go away. It is possible that it will pop back. Clear the notice from your web history.

Most anti-virus software will not stop either of these attacks. The current viruses simply don’t install any software on your computer. Most anti-virus software won't detect them because there is nothing to detect. They infect existing programs. But a good anti-virus will help.

There are ransomeware specific blocking software. I am currently investigating Cyberreason RansomFree https://ransomfree.cybereason.com/. It is free and probably works.

  • Get rid of XP computers. Really, it is time.
  • Patch Windows 7 and 10 and keep them patched.
  • If you are a Mac user, look up ransomeware and Mac. That most people don’t attack you doesn’t mean you are safe.
  • JUST DON’T CLICK