Virus

by craig on May 9, 2013 2:20 pm in Uncategorized

A computer virus is sending out emails from me – don’t open if you get one.
I am puzzled how this happened, as I have not received or opened any suspicious emails today or visited any dubious websites. I have Norton on fully and it automatically both updated and scanned last night. As soon as I started getting back a rash of auto-replies, I started scan again and it has immediately detecting and started eliminating threats.
I am not the most technology savvy of people – does anyone know how this can happen without an apparent triggering event such as opening an infected email?

Tweet this post

85 Comments

  1. Most certainly not an expert, but it could be a ‘drive by’ infection from visiting a compromised website.

  2. Hi Craig,

    This is quite common and happened to me recently.

    Do you have the sent emails in your sent box?

    I had nothing in my sent mail but hundreds of emails saying the address I was emailing was incorrect. I dread to think how many I sent successfully.

    I changed my password and the problem stopped. A full virus scan and a scan for Malware (Malware Bytes) came up with no problem on my computer.

  3. Stephen Morgan

    9 May, 2013 - 2:44 pm

    When Windows XP first shipping it had a security hole that allowed anyone to gain remote root access, and therefore do anything they liked on the machine. Lots of software has so-called “zero day” flaws like that.

  4. For crying out loud. Just buy a Mac. Not trying to start a fight, but that’s the simple way to protect yourself online. Do it.

  5. Nick Barron

    9 May, 2013 - 2:46 pm

    Typically you can get infected by a malicious advert served up on a legitimate site. It would be a good idea to check that Flash, Java etc are all up to date (if installed); http://secunia.com/vulnerability_scanning/personal/ is a free tool to do this for you. Likewise running a “second opinion” virus scanner such as PrevX (http://info.prevx.com/downloadcsi.asp?prevx=Y, click the “Download a randomised filename” link to be on the safe side) or Sophos (http://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx) is worth a try.

    Changing your email password is also a good idea, ideally from a separate machine (you can usually do this via the vendors’ email web site).

    Hope this helps, if you get stuck drop me an email.

  6. It is ridiculously easy to send email with a fake senders address – these emails need not have come from your PC (Wikipedia: Joe Job).

    A clue to whether or not they are originating from your PC is if the recipients match entries in your contact list.

    No AV package can guarantee 100% protection from malware and they are always planning catchup.

    One area where AV packages are weak is in targeted malware (Wikipedia: spearphishing). Have you seen a copy of the outbound messages? Is there anything in there that might discredit you personally?

  7. What operating system are you on, Craig? If it’s still Windows XP, then maybe Windows 7 or Windows 8 would be an improvement – they are still getting security updates, whereas XP is dead now. Macs certainly are good, but bloomin’ expensive.

    I’ve often wondered how email gets hacked – maybe they have gotten your password somehow. Try changing the password on your email account, if your ISP permits that – make it long and complicated so it cannot easily be guessed. You’ll need to then update it in your email program (e.g Outlook).

  8. It may not be your computer that is infected.

    A closer look at the headers of the email will usually show that the email originated from a completely different computer. It is trivially easy to send out emails impersonating any email address. They do not have to break into your computer to do it.

    The spammers obtain your email address either by crawling over the internet looking for valid addresses, or when a virus infects someone elses computer it will harvest all the addresses it finds in the address book.

    If this is the case there is nothing you can do to stop it. They will stop eventually when the spammers move on to impersonating someone else.

  9. In addition to an antivirus one must use an ‘antimalware’ as well.

    Antivirus does not effectively prevent malware or spyware.

    I suggest you download something like Spybot Search and Destroy and run it. Or Malwarebytes.

    You might be surprised at what they find in terms of Trojan horses and the like.

  10. Hi Craig,

    Windows is a security disaster.

    A mac is a step in the right direction, but the most secure option is Linux – in practice it is virus-free (although it is still possible to pass on virus sent to you by a windows user).

    You can download and install *for free* to your existing PC – this would eliminate any existing security breech on your PC (but not on your email server) and significantly improve your defenses in the future.
    No need for expensive and slow anti-virus software.

    There are different versions – the most popular and my personal choice is Ubuntu;
    http://www.ubuntu.com/
    It does everything and more that windows can do.
    Includes many free programmes installed with tens of thousands more just a free click or two away.

    Open Source software rules – Get away from the corporate offering.
    (Mac OSX runs Linux underneath the bonnet, which is why it’s more secure than windows, but its an expensive choice.)

    I hope this helps.

    Best,
    Rich.

  11. Agree with Ron on Mac. Also i’ve seen fewer gmail a/c’s being hacked as compared with say, hotmail and yahoo.

    Good to see you around Jon.

    Btw, my last laptop was a state-of-the art expensive Vaio. Recall it being a lemon in every aspect, as compared with an Apple. And i’m not one of those who must have an iphone or every latest thing that Apple has to offer. Just a good solid Macbook and relatively easy and worry-free use.

  12. As others have said, there are drive-by attacks which exploit issues with your browser and/or plugins. These are often unwittingly served up by legitimate websites who use third party ad providers (who may not know they are serving up malware either).

    Another possibility is that you’re running an OS with vulnerabilities.

    Best thing to do is to make sure you’re running AV software (AVG is pretty good and free), make sure everything is up to date, disable Java unless you really need it and use an ad blocker (AdBlock+ is my choice – it will also show non-irritating ads if you want, so you can support websites which are not irritating) and/or use your browser’s ‘click to play’ feature to prevent auto-playing of flash.

    An Apple computer is not inherently more secure (there have been several severe security flaws and Apple havn’t always been very good at providing fixes). They may seem more secure due to lower usage so less malware is targetted at them, but there is an increasing amount targetting Macs (including cross-platform malware).
    Linux is in the same position, but with even less malware (although security holes still occur – distributions tend to fix them ASAP though).

    If you’re doing anything sensitive then you want to take more precautions. NoScript to manage the use of javascript, possibly encrypt sensitive files, use private browsing mode, use Tor, disable add-ons… there’s lots of things you can do, but usually they come with a downside of making the computer harder to use…

    Unfortunately there’s no such thing as a secure computer, there will always be issues, either with hardware, software or users.

  13. The most “secure” computer right now is the Google Chromebook… so far it has survived several of the hack-for-cash competitions.

    It is based on Linux but bolts down the filesystem so tight that the user cannot change anything. Only Google can push out updates.

    It does assume that you’re going do do everything through Google… documents, spreadsheets, email etc.

    I bought one for my daughter after her laptop died. She’d got fed up with the general hassle of keeping a Windows PC up & running. Took a bit of getting used but now she takes it everywhere with her (she 20 and at university).

    @Rich – OSX is based on BSD not Linux – although they share a common heritage the BSD license means Apple are not obliged to hand back their enhancements to the BSD community).

    @Villager – I hate Sony laptops with a passion, so much so that I’ve told my clients that if they ever buy one I’ll not touch it. I’ve encountered many Vaios over the years and they have some of the quirkiest hardware going, and the worst customer support I’ve encountered from a big business.

  14. The chances are that it’s not your machine that has been compromised, but rather the machine belonging to one of your contacts (to whom you sent out email once upon a time). The virus then read that person’s address book, and used various addresses (including yours) as the sender.

    Email works entirely on trust… there is NO authentication of the sender. It’s really easy to spoof the sender of messages. (There are also some legitimate uses of this, eg greeting card websites, or “tell a friend” systems).

    There is a technical fix, known as SPF (Sender Policy Framework), but it’s complex.

  15. Flint, i can tell you know your onions, whereas i’m just a lay-person. You’re right to forewarn everyone about those darned Sony machines — and yes, its to do with weird sub-standard hardware.

    Thanks for the tip on the google chrome book — didn’t even know it existed!

    Good luck!

  16. April Showers

    9 May, 2013 - 6:30 pm

  17. LastBlueBell

    9 May, 2013 - 7:10 pm

    “A computer virus is sending out emails from me – don’t open if you get one.”

    That is always frustrating and distressing. Some general thoughts that i don’t think have been tuched upon yet,

    a.) There exist (to my mind) no way/method/system that eliminates the risk of being infected, either by chance or by intention.

    b.) It is an (ever) ongoing arms race between malware writers/hackers and software/hardware security development. You can reduce the risks, but never eliminate it, by following “good” practices.

    c.) To first learn and then follow “good” practices requires both time and dedicated effort, and it is always worth remembering that security is very much a tradeoff, between the time and resources you are ready to invest and what restrictions you are prepared to set for yourself.

    But at a bare minimum, make sure to always have regularly made physical backups of your data, both at home, and, preferably in a second external secure place, for example in a bank vault.

  18. LastBlueBell

    9 May, 2013 - 7:22 pm

    Some insights into the darker side of information technology, and why you should not ever steal a hacker’s computer,

    http://www.tomshardware.com/news/def-con-hacker-mac-stolen,11849.html

    From a presentation held at DEF CON a couple of years back now, (for those who have not seen it). The presentation starts around 3:20 into the film…

  19. Lube for you

    9 May, 2013 - 8:03 pm

    I work in the industry (Oracle DBA and Developer), and I do a lot of security work these days. When I started I used to do network admin and desktop support.

    I’m curious to know what virus, if any, you scan turned up (name)? If there was nothing named, did it give you any indication as to what it found in what area after a full scan (like say suspicious cookies from the web)? Also did you try scanning with say another online security scan (like House Calls by Trend Micro: http://housecall.trendmicro.com/)? I used to have machines with viruses that Trend Micro would detect and McAfee or Symantec would not detect. Much of it depended upon who updated their virus definitions first. I would use all three to detect, and to manually remove, I would usually have to use Symantec’s instructions….

  20. I’d say Norton is your problem. McAfee much better IMHO.

  21. Have never ran a scan on my macbook since i’ve had it for the last year and a half…wonder if it even exists? Why can’t other makers get to that standard, or are there too many vested interests?

  22. Ben Franklin -Machine Gun Preacher (unleaded version)

    9 May, 2013 - 9:03 pm

    I dunno about MACs. My spouse and I both have Macbook Air and smartphones and we both have had hacked email.

    I suspect using data feature on phone creates the window of opportunity.

  23. Craig,

    Very old hand here, decades, but I work with today’s start-ups, so bleeding edge enabled. I run multiple servers, blah, etc.

    Very surprised, considering what you do, that you are still on Windows. No axe to grind with Microsoft — I even have an eary day Bill Gates story — but get off of it. It’s a large and unnnecssary risk for you.

    I’m a Linux guy, but Apple is fine by me too. Apple did recently have a virus scare, though, but it’s in no way as insecure as Windows.

    I’m clearly not a personal friend — a personal friend would never let you run Windows — but I do care for your safety and want for you to continue doing what you do, so please, bite the bullet and make the change. I’m sure you have better contacts, but drop me a line if you want assistance.

    Cheers,
    Marc

  24. Probably not an ‘infection’ on your machine but the result of a problem with Yahoo’s mail service.

    The headers in the spam message I received suggest that.

    Check the links from “April Showers” above.

  25. After your computer geek friends have purged your machine of anything malicious, you may find it worthwhile to install AVG (free version).

  26. PS. If there appears to be any ‘damage’ that won’t go away (I don’t mean activity from a virus like sending spam), you might also try using System Restore (under System Tools). That should restore your system back to where it was before the problem happened. But by all means consult your geek friends about when to use this particular utility.

  27. Craig before you do something drastic like wiping your machine or installing unwanted software, please speak to someone who you know is expert.

    In my opinion, (and I received one of the offending emails), it is the result of a problem with Yahoo’s WebMail service.

    But don’t trust me… I am, after all, just some bloke on the the Internet.

  28. Michael Stephenson

    9 May, 2013 - 10:51 pm

    I have been using Ubuntu for over 6 years now, never had a single security issue, with the machine.

    I have however had my Gmail account password hacked somehow and send out spam, Gmail picked it up, locked my account and forced a password reset before I knew anything about it. Which was pretty good going.

    One of the ways your passwords can get hacked is that a website you use gets hacked (often via sql injection) and that website has stored your password insecurely, either in plain text or has been crytographicly hashed securely enough.

    The less entropy in your password the easier it is to crack the hashed version, and if your password is the same to another password that has already been cracked, whether it is because it is a dictionary word, or something stupid like qwerty or 1234657, then your password is as good as being stored in plain text.

    Once these password are cracked they are shared and sold to other hackers online.

    The way to combat this is to use a unique complex password on every site you visit. The easiest way to do this is to use LastPass or similar that will remember your password for you and log you in automatically.

    There are also techniques of carrying around a unique cipher on a bit of paper in your wallet that you apply to the domain name of the website in question to generate a unique password from the domain name. So each website has a different password, and you can use your cipher to work out what the password was when you come to log back in.

    https://www.grc.com/otg/operation.htm

  29. Michael Stephenson

    9 May, 2013 - 11:03 pm

    In many ways although LastPass is very convenient, it does require some technical knowledge to use it correctly occasionally when things don’t just automatically work, and you need to manually edit things to go to the correct login url etc.

    So I think I would actually recommend “Off the Grid” the paper cipher option based on the websites domain name for you Craig, it’s a very secure and low tech, old world kind of cold-war-esque secret squirrel way to do it, and I think it suits your style very well.

    You really should give the technique a read https://www.grc.com/otg/operation.htm

  30. Craig,

    Don’t worry about the fact that You Banned Me. You were Probably Doing Us Both a Favour.

    I recall writing That My Uncle Was a Diplomat – Very Posh….

    And I Kind of Fell In Love With What You Wrote in Your Book Murder in Samarkand..which I Shamelessly Read when it was Pissing Down In The Indian Ocean…

    A Real Page Turner in Between The Showers…

    I Just Didn’t Realise That My Son Read Your Book Too… or maybe he just inherited it…

    Have a Nice Day,

    Tony

  31. > I am puzzled how this happened …

    … I’m not. The elephant in the room is of course MS Windows. As a proprietary, closed and partially undocumented OS, Windows is and always will be inherently unsafe. If you look around on the web pages of “Black Viper” or “The elder Geek” you’ll find that even competent people are racking their brains trying to figure out which Windows services do what, which Windows services establish network connections without asking and without giving any indication, which Windows services can be turned off and which can’t, etc. etc. Microsoft as well as Apple keep users deliberately in the dark about such matters because secretiveness is part of their business model. It is beyond me, why people are still using closed and inherently insecure operating systems like these. Standard GNU/Linux distributions have no dark corners because they are free, open and fully documented.

    Maybe there’s someone in your family or among your friends who can help you to get rid of MS Windows and install Linux Mint, Debian, Ubuntu or one of the many other GNU/Linux distributions on your computer? This is child’s play, really.

  32. Hi, this problems are very rare and happening to most of the people who are not much aware of systems and technology, i would say just change your password, this would help you, after that run a full scan with the security software you use for your system , if that don’t help then you can try Comodo Internet Security which is very powerful in detecting and protecting your PC from any kinds of malware internet attacks!
    Hope this helps you!

  33. Defenestrator

    10 May, 2013 - 8:42 am

    First step in securing your system is to backup your data and replace Windows with Linux. That is the only way to keep the infections from coming back. Otherwise, you’ll keep getting hit by each small variant and permutation of the same Windows Viruses and Worms. It hurts some people to hear that, but that’s how it is and has been for years and years.

    Debian is the best choice, but if you need hand-holding and extra polish on the installer, go with Linux Mint. If nothing else, at least give the Live CD a try. Linux passed Windows a long time ago in ease of use and has always been ahead in choice of applications and functionality.

  34. If you are on Windows these are common vectors:

    * Old version of Adobe Flash Player (http://www.adobe.com/software/flash/about/)
    * Old version of Adobe Reader (help – check for updated. Rinse. Repeat)
    * Old version of Java (goto oracle’s java site)
    * Old version of Internet Explorer – there is currently a zero day on IE8
    * Use Chrome etc instead.

    You can get infected by a drive-by download – from an infected advert

  35. Groan. Tony,
    sorry, but please, I don’t want to age any faster than I have to.

  36. Without grudge and tip toeing, I agree with Defenestrator, linux is just so much better evolved. I’m still running on a Ubuntu 10.4, but 12.4 is coming along an d getting better, evolving.

    Windows OS are thrown at us half finished, with patches and updates required all the time, each and everyone offering an entry passway for a virus or other.

    Debian is the top system, according to many and I’m sure Clark, once he gets to read this will agree. Contemplate a wholesale move over to a linux based system.
    If I can work with it, so can you. Ask Clark.

  37. Jesuit Atheist

    10 May, 2013 - 10:01 am

    Everyone can protect themselves from viruses and malicious attacks but someone with a high public profile who may, say for example, attract the attention of the security services will have their online activity intercepted and monitored on a daily basis as a matter of routine and, if done correctly, will be none the wiser. It’s just a fact of life in this age of quasi-governmental companies like Google data farming the entire online population and selling the information to intelligence service around the world.

  38. It’s happened to me. It is often a trojan type infection which hasn’t actually breached your security passwords and formally hijacked your account, but it resides on your pc and sends out emails when you’re on line.

    A second factor is your anti-virus protection. Often a virus or trojan can get around one layer of anti-virus protection, so it’s often a good idea to double up and have two.

    I’d recommend you download some new software; Malwarebytes was recommended to me, and Trojankiller too. I installed both and the problem stopped immediately.

    I’m not an expert, but as i say, it happened to my Hotmail account and I got good advice to correct it. It doesn’t matter about your AV cover, the ‘best’ is only the best until someone get’s around it. At the moment, I was told Malwarebytes is very well thought of.

    Couple of downloads and a couple of scans, and you’ll be good to go.

  39. Jesuit Atheist

    10 May, 2013 - 10:09 am

    Also, this talk about Linux and Mac being more secure is irrelevant. The more aware the user is the more secure they are. Has anyone seen the amount of security updates sent out for a standard Linux distro? The difference between Windoze and Linux is that Linux gets the Security Patches out in a matter of days whereas MS take months unless it is very critical.

    BTW Chrome is a disaster for personal privacy, instead use the opensource ‘Chromium’ which has had the Google spyware removed.

  40. Oh, and just to add, I emailed all in my address book just to alert them and warn them my email had been attacked, – it gives them a ‘Don’t read me’ dilemma, but most people twigged there was something weird about the bogus emails anyway. I also told them the steps I’d taken to purge my PC, and asked to be warned if they received any more dodgy emails from me. Thankfully nobody did.

    http://www.malwarebytes.org/

    http://trojan-killer.net/

    Spybot was also recommended to me, but it took me a couple of downloads to find the correct source which wasn’t filtered through adverts and guff, which put me off it a little, but got there in the end and the true Spybot Search and Destroy is good too. And free for full version.

    Both Malwarebytes and Trojankiller have free trial versions which worked, but I registered them when the trial expired.

  41. Michael Stephenson

    10 May, 2013 - 11:10 am

    “Also, this talk about Linux and Mac being more secure is irrelevant. The more aware the user is the more secure they are. Has anyone seen the amount of security updates sent out for a standard Linux distro? The difference between Windoze and Linux is that Linux gets the Security Patches out in a matter of days whereas MS take months unless it is very critical.

    BTW Chrome is a disaster for personal privacy, instead use the opensource ‘Chromium’ which has had the Google spyware removed.”

    Using Linux is irrelevant apart from it is relevant, also use a browser that has no compiled binaries available for Windows or OSX… right OK.

  42. April Showers

    10 May, 2013 - 11:44 am

    O/T Thought that this would be of interest to Craig. The offshore oil boom in Ghana which doesn’t seem to have benefitted the local people directly so far. They appear to be very much disaffected. Sinopec seem be painted as the baddies for not using local labour.

    Boom time? Back to Takoradi, Ghana’s oil city
    http://www.bbc.co.uk/news/world-africa-22366150

  43. Debian is the top system, according to many and I’m sure Clark, once he gets to read this will agree. Contemplate a wholesale move over to a linux based system.
    If I can work with it, so can you. Ask Clark.
    (Nevermind)

    Komodo approved this message…using Ubuntu 10.10 and have been since it came out. (Ubuntu = Debian variant, uses same repositories). Unfortunately I now have to use Windoze 7 at work, with pain-in-the-arse, ugly, counterintuitive Office 2010*. XP was much better, and I’m afraid it’s going to be downhill all the way for ‘Doze. But I digress, sorry.

    * and in particular, the Tellytubbies-oriented-everythings-in-pictures-but-nothing’s-in-its-logical-place-and-there’s-no-bloody-menus-to-give-you-a-clue-and help-is-several-clicks-away-on-an-external-site-ffs…Excel. Cure: Open Office.

  44. I agree with everyone who recomends you switch to Linux, having said that, there is a bit of a learning curve getting used to a new operating system though, if you know someone who can show you how it works and can help you through that initial learning phase you will not want to use anything else.
    Probably most, if not all of the programs you use now on Windows have an equivilent that is available for free on Linux. Also, even the programs you might want to buy seem to be rediculously cheap.
    “Libre Office” comes with a number of the Linux packages, its a free sophisticated word processor, spreadsheet package and power point style display system.
    On Linux I have yet to find a file that the system cannot deal with, it is also possible to set up the system to ”Duel Boot” so that Linux and Windows can co-exist on the same hard drive and you can choose which one you wish to use at start up, depending on your requirements….
    Best Wishes

  45. Komodo. Do you know if Open office have VBA capability? and is it Excel compatible?
    I’m thinking: dynamic data I/O using the serial/USB port, microcontroller and a spreadsheet.

  46. (Is the potential ‘Open Office VBA’ compatible I mean)

  47. Lwtc -I think the Windows version of OO does have VB capability, though the Linux version doesn’t.. And VB has, I think been ported to ‘nix platforms – look around. However, for a similar application to yours, I have an old box running XP with Office 97…lol…and Termite (freeware) terminal emulator for Windows is a handy download, too.

    In Linux, you’d probably find it easier and more robust to write a C++ program for your specific application. C++, Python, and other languages are well supported by Debian, and most Linuxes have a C compiler somewhere in the system. Or, as Unix/Linux was designed for this sort of thing, you might try using its own abilities to do the job. It would involve opening a terminal and doing a lot of typing, though…

  48. @ Rich Horn OS X (the Mac operating system) has free BSD under the bonnet not Linux, but what they both have in common is that they are Unix variants and a great deal more secure than Windows.

    /pedant

    nothing to add to the good advice… :)

  49. Craig,

    What’s the virus/malware Norton is finding?

    Do you use Yahoo email as others have wondered?

    Are Flash and Java up to date (see links)?

    http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html

    https://www.java.com/en/download/installed.jsp?detect=jre

    Make sure both Flash and Java (if installed) are at latest version. Check Adobe Reader as well.

    If using Internet Explorer make sure on IE8 if ox XP. Or use Firefox.

    Make sure PC is set for auto Microsoft critical updates.

    Problems due to Flash, Java, old Internet Explorer and or un-patched XP and Yahoo email hacks are all too common at the moment.

    Also Yahoo admitted to losing some encrypted passwords last year and they seem to have ongoing problems with an attack or two so if you have Yahoo email make the password as complex as possible as you can’t have faith in Yahoo not “losing” the encrypted version.

    Bottom line is Yahoo has major problems (Google: Yahoo email hack). If you are not with Yahoo then that’s not the problem but even if you are you need to get the machine checked out.

  50. Jon,

    Just a minor correction. WIndows XP is still getting security updates and will do until April 8th 2014. The current Zero Day Vulnerability mentioned upthread in IE8 is addressed at http://support.microsoft.com/kb/2847140 – A full patch they say will come later but you should be able to apply the temp fix from that link.

  51. LibreOffice is major fork of OpenOffice, which improves upon it by implementing fixes and improvements which the OO management neglected for little reason. Its a bit smaller, more portable, better looking, etc.

    Hitman Pro is one of the best “second opinion” rootkit and virus scanners and is very easy and quick to run with no registration necessary.

  52. Craig, 55 posts giving advice from self-ordained “computer experts” but your virus problem has yet to be solved?

    Surely you have friends with connections to real experts that can sort out your computer virus.

    What is going on?

  53. Craig, let me guess; it’s your btinternet account, right? What you describe above has been happening to loads of people with BT and Yahoo! e-mail accounts, and people with accounts with other companies associated with AT&T. I reckon AT&T and/or Yahoo! got cracked, and probably tens of thousands of their customers’ e-mail accounts are occasionally being abused for sending these spam e-mails.

    The spams I’ve seen don’t do anything particularly bad; they are blank except for a link to a commercial website; most of the ones I saw linked to a US site called “Make Money at Home” or some such.

    You should probably change your e-mail password, but these spammers seem to have ranged freely within Yahoo!’s servers for several weeks now; if your e-mail provider is unable or unwilling to secure their system, your own password makes little difference, really.

    Craig, has Norton actually detected a virus on your machine? These Yahoo! spam e-mails are coming from Yahoo!’s system; the customer’s system does NOT need to be “infected” in order for these spams to be sent.

  54. Sophie Habbercake

    10 May, 2013 - 11:26 pm

    Uncle Craig, you old Neanderthal! Just use Linux.

    Get some tech savy kid to show you how to partition you hard drive. Set aside a day, feed and water him/her and I guarantee you will get the bones of it inside 6hrs(generous), more likely 4. This will save you the weeks/months of life you will otherwise throw away on future Windows problems.

    Partition 1. Debian (minimalist and very functional) or Ubuntu Linux. Both free open source.
    Use this for everyday safe internet connections. For word-processing, music, photos and just about everything else there is good free open source software.

    Once installed this will be trouble-free.

    http://www.debian.org/

    Partition 2. Windows.
    Use this only when you have to. For example your printer may be hard to work with Linux. The contrast will have you wondering why you ever used it. Like the difference between driving an old 1960s Cadillac and a modern Porsche.

    You can use Clonezilla to copy an image of your new clean Operating System plus all the programmes you use and save it on your Data Drive. Then whenever it acts strange you can reboot with the Clonezilla disk and restore to your clean new OS and programmes in about 15 minutes. Magic!

    http://clonezilla.org/

    Partition 3. Data.
    Keep all your data on here, safe in the event of problem either operating system.

    Keep physical copy of most important data on disc, stick ot external HD, but be sure to keepit someplace else.

    You might also want to keep important data on Encrypted cloud storage. Take a look at SpiderOak. Data you keep here can be shared and synchronized with any computer you want to use, whether it uses Linux, Mac, or Windows. Free data storage up to 2GB then good rates for extra. You can share any data with whoever you please.

    Because all data is evcrypted your end even Spider\oak don’t know what it is. But don’t lose you password because they can’t decrypt that either!

    Good luck. And thanks for the best of blogs. You may be a fossil, but just the most inspiringest kind!

  55. Sophie Habbercake

    11 May, 2013 - 12:08 am

    I forgot link to SpiderOak…

    https://spideroak.com/

  56. @Sophie Habbercake — Except it happened to me too recently, twice, and I was using Linux to go online. E-mail account was Yahoo. I’ve changed my password and it hasn’t happened since. Still, what Clark said above is depressing, about it coming from Yahoo servers and they’ve got the password so it doesn’t matter what I do. Also, @Breeks, one of the times it spammed I wasn’t home, wasn’t on line. So that matches what Clark said. Miserable.

  57. April Showers

    11 May, 2013 - 7:26 am

    Sophie However did your silly daddy produce such a clever girl like you? I am in awe of you and full of admiration.

    Clark Good to hear from you. Glad you are OK. I had the BT Yahoo special treatment and all my e-mail contacts (in batches) got the spam messages. Some of them thought they were actually from me! To make matters worse, BT or Yahoo did not help and even disabled the password to my e-mail account as it had been ‘compromised’ (in their words) without even telling me. I was unable to get into my account or to change the password without a long and thankfully free 0800 call to the BT call centre in India where the staff are extremely patient and helpful. It must be a horrendous job and I bet they are paid peanuts.

    Thanks for assisting Nevermind in his council candidacy. I hope that his disappointment has been short lived and that he is looking forward to new ventures. I thought of him recently when I heard that there is a plan to transport the waste from six London boroughs to an incinerator in Bristol. Apart from the pollution from the incineration, think of the fossil fuel that will be consumed for the transport along the M4. What a world!

    Welcome back to the world for that brave girl Reshma rescued from the collapsed clothing factory after 17 days. 1,000 of her work colleagues have died. ‘May Allah have mercy on them’.

    Bangladesh survivor Reshma Begum: I never dreamed I’d see daylight again
    Rescue workers had given up hope of finding anyone else alive in the rubble of the Rana Plaza. Then they heard a faint tapping
    http://www.guardian.co.uk/world/2013/may/10/bangladesh-survivor-reshma-begum

  58. April Showers

    11 May, 2013 - 7:51 am

    [..]Windows 8, the new operating system introduced late last year to correct this state of affairs, looks like being a spectacular example of matching the wrong interface to the wrong screen. It is not too late to reverse course – though less easy to see how Microsoft can overcome the bigger strategic problem that Windows 8 was meant to solve.

    The company’s latest PC operating system was designed with tablets and other touchscreen gadgets in mind. This is a market in which it has been completely outflanked by Apple and Google, so using the ubiquitous Windows to fight back was an obvious move. And once people start to use the new system on tablets, so the Microsoft thinking goes, they are more likely to use the version of Windows designed for smartphones.

    There is just one small problem: the software is not so intuitive to use for people on traditional PCs. Sales of new machines have fallen hard since the latest operating system was launched, and anyone using the software with a keyboard and mouse has faced a steep learning curve, the company now admits. That is unfortunate, given that this encompasses the vast majority of Windows 8 users. Changes to the interface are now in the works.

    It is tempting to write Microsoft’s slip off as the last hurrah of a struggling former monopolist. But the blunder was not an isolated case of tech hubris. Far from it: most of the big names in consumer technology have shown a similar tendency. If they have been blind to the needs of their customers, it has often been because they choose to see the world in a way that reflects their own corporate biases.'[..]

    Microsoft’s broken Windows is lesson for Apple
    By Richard Waters
    Tech hubris comes from superinposing the new on top of the old http://www.ft.com/cms/s/0/5711eb04-b89c-11e2-869f-00144feabdc0.html#axzz2SxqBQpUD

  59. April Showers, 9 May, 6:30 pm; thanks for the links:

    “… the criminal sent an email containing a single web address to a handful of the victim’s contacts – seemingly chosen at random from emails they have sent or received.

    The links appear to lead to a legitimate website, but in fact, those legitimate websites have themselves been hacked. The spam link leads to a hidden page on the legitimate website, which immediately redirects to the hacker’s website – a get-rich-quick scheme which promises thousands of dollars of income before asking for a credit card payment.”

    Yes, this matches my own observations. I didn’t mention the redirect in order to keep my comment brief, and I wouldn’t have noticed any “trojan” as it is probably implemented through JavaScript and targeted at Windows, whereas I was using a GNU/Linux Knoppix system protected with a JavaScript blocker.

    Regarding computer security in general, the increasing popularity of smartphones is changing the way malware is targeted. More and more malware is being designed to exploit JavaScript, the Adobe Flash Player, Java, web browsers, etc; all application level software, rather than trying to exploit the underlying operating system.

    Currently, the best defence is to install a selective JavaScript blocker (such as the NoScript extension for Firefox), and learn how to use it. Sorry, this is a hassle, I know, but the best security comes from good understanding by the users. It’s much like the real world – it’s all very well paying for expensive locks and window catches, but you still have to know how and when to use them, and it’s no good handing out copies of the keys to everyone who claims to be trustworthy. You’re better off with basic locks and a decent understanding of when and why you should lock them.

  60. April Showers, 11 May, 7:26 am

    “To make matters worse, BT or Yahoo did not help and even disabled the password to my e-mail account as it had been ‘compromised’ (in their words) without even telling me.”

    The arrogance of these big companies is stunning. Their own lax security permits their customers’ accounts to be abused, so of course they just blame their customers and lock them out of their own accounts!

    Sorry to have come so late to this thread. Funnily enough, I’m in Wales, installing Debian GNU/Linux for a friend, this upgrade being prompted by the very same security breach at AT&T/Yahoo! and subsequent spamming from my friend’s btinternet e-mail account.

  61. P.S. – the upgrade I’m performing won’t make any difference to the spamming from my friend’s btinternet account; the security breach is at Yahoo!, and my friend’s system was not “infected”. I’d been meaning to do this upgrade for a year or more; the spam e-mails just brought the matter back up.

  62. Ben Franklin -Machine Gun Preacher (unleaded version)

    11 May, 2013 - 5:04 pm

    Clark; Howzit Dood?

    Don’t get many chances to talk with you these days. Have you any good news?

  63. Sophie Habbercake

    11 May, 2013 - 7:07 pm

    Craig: On second thoughts Ubuntu perhaps easier for a grown-up to use than Debian. There’s less for those old neurones to learn.

    April: Dad gets pretty bothered with having me calling him “Dad” all the time. Without DNA test I can’t swear about my paternity. I might have a clever dad after all.

  64. @ Komodo, 10 May, 2013 – 4:14 pm
    Much appreciated. Thanks.

  65. Ben Franklin -Machine Gun Preacher (unleaded version)

    11 May, 2013 - 9:49 pm

    Clark; This Wiki piece…….

    29 of 50 Democratic senators (58%) voted for the resolution. Those voting against the Democratic majority include: Sens. Akaka (D-HI), Bingaman (D-NM), Boxer (D-CA), Byrd (D-WV), Conrad (D-ND), Corzine (D-NJ), Dayton (D-MN), Durbin (D-IL), Feingold (D-WI), Graham (D-FL), Inouye (D-HI), Kennedy (D-MA), Leahy (D-VT), Levin (D-MI), Mikulski (D-MD), Murray (D-WA), Reed (D-RI), Sarbanes (D-MD), Stabenow (D-MI), Wellstone (D-MN), and Wyden (D-OR).
    1 (2%) of 49 Republican senators voted against the resolution: Sen. Chafee (R-RI).
    The only Independent senator voted against the resolution: Sen. Jeffords (I-VT)

    http://en.wikipedia.org/wiki/Iraq_Resolution#Passage

    ………omits hillary Clinton and Joe Biden as voting for the resolution, along with 8 others. 2016 advance scrubbing?

    Thoughts?

  66. Ben Franklin -Machine Gun Preacher (unleaded version)

    11 May, 2013 - 10:27 pm

    Clark; I thought; ‘what the Hell’ and registered for edit at Wiki. Made the entry….Huzzaaaahh!!

  67. Hello Ben; I’m away from home, rushed off my feet, gotta get finished so I can head home tomorrow…

  68. Craig,

    Without in any way wishing to be alarmist you ought consider an anti-Establishment blog-such as this-is gonna attract all the spooks you like…from MI5/6,MOSSAD,NSA,CIA etc…

    Are you,then,really suprised you might experience some online weirdness?

    I think not.

  69. Buddies Microsoft and Roxio enjoy a close relationship with the NSA. Avoiding Roxio if possible will make it difficult for government ‘terrorists’ to cause you headaches from an unrecoverable Windows; one that requires a clean install(you lose files!) unless you are smart and have a back-up or restore snapshot.

    Just that one furtive act (an automated script) has silenced many an on-line dissident or cyber-hacker.

  70. I heard there is some good tech support at the Ecuadorean Embassy. Cost of standard consultation is a pizza and bottle of red.

    Happy Mother’s Day Mrs Murray.

  71. @ Jives :

    “Craig,

    Without in any way wishing to be alarmist you ought consider an anti-Establishment blog-such as this-is gonna attract all the spooks you like…from MI5/6,MOSSAD,NSA,CIA etc…”
    ——–

    Was it not my good friend Jives who not so long ago castigated me for starting a post with something like “Without wishing in any way to compare myself to Craig..”?

    BTW – the thread is starting to go off-topic. Moderator please note + time for a new thread, please!

  72. Habbabkuk,

    Completely dfferent verbs.

    I am not your friend.

  73. April Showers

    12 May, 2013 - 6:23 pm

    GCHQ’s seal of approval for Royal Holloway.

    Cyber security grant for Royal Holloway to increase PhD students
    http://www.bbc.co.uk/news/uk-england-surrey-22492930

  74. Plenty of techies on this thread to do some testing for me! I have installed a “Facebook share” button above, under the article: would a handful of Facebook users let me know here if it works?

    (Facebook Share apparently offers more options than Facebook Like, even though FB is trying to get everyone onto the latter, as it’s easier for beginner users – it’s one-click I think. We’ll see if this works out, and switch if not).

  75. Hi Jon,
    not a techy, not on Facebook, but since I’ve come across your appeal and so far no-one else has replied, here’s a little encouragement for you to be going on with:

    I clicked the ‘share’ button and transferred through to my other half’s Facebook page, so although I didn’t (dare without herself’s permission) click the actual Facebook ‘share link’ button, I can confidently say that it works on Firefox 17.0 running on Linux Mint.

  76. Habbabkuk (La vita è bella!)

    13 May, 2013 - 11:51 am

    @ Jives :

    Actually, the key words I was pointing to were “Without wishing in any way…”.

    And I am your friend, you just don’t realise it.

  77. Craig, I got home last night and I’ve been catching up on my e-mail; I’ve just found a spam e-mail from your btinternet account, and I can confirm that it is just like all the others I have seen.

    Your system did NOT need to be infected in any way for these e-mails to have been sent.

    But you (and everyone) should still upgrade to GNU/Linux for other reasons, both practical and ethical. Support GPL software, because GPL software supports the freedom of users and gives them back control of their own systems:

    http://www.gnu.org/philosophy/free-sw.html

  78. @A Node, thanks. No need to be a techie to test, but if anyone would share a post on Facebook (one they actually want to share, I guess!) then please let me know in this thread if it worked.

  79. April Showers

    14 May, 2013 - 2:57 pm

    Greedy Mr Zuckerberg is annoying many people.

    Network Against KXL
    Zuckerberg Gets an Earful After Promoting Keystone XL
    by DAVID SWANSON
    http://www.counterpunch.org/2013/05/14/zuckerberg-gets-an-earful-after-promoting-keystone-xl/

    and

    Zuckerberg’s lobby group losing top donors over Keystone XL support
    http://rt.com/usa/facebook-lobby-group-loses-donors-232/

  80. I heartily recommend dual-booting with Ubuntu. In fact, I always carry a bootable Ubuntu micro-SD, so I can install it on the spot for users who are fed up with Windows. I make 4 partitions (Windows, Files, Ubuntu & Swap), and give them a choice of operating system every time they boot the machine. Even skeptics gravitate towards Ubuntu over time. It’s a lot less clunky (and vulnerable) than Windoze.

    There is no doubt that Linux has caught up with Windows on the desktop and is now racing ahead. With Windows 8, Micro$oft pinched lots of ideas that have been integral to Linux distros for years, and for the most part implemented them poorly.

    That said, there are some things that Windows is much better for – particularly sophisticated office integration. And it’s often easier to customise and troubleshoot. Most small businesses rely on certain MS products and would be stuck if they migrated wholesale, not just because the migration and learning curve are prohibitive, but because the advanced business software isn’t (yet) available. So I strongly recommend dual boot systems (or perhaps virtualisation).

    It’s different with servers, though. Linux servers had the edge until quite recently, but MS now offers certain advantages. Having spent the last few days wrestling with installing and configuring Linux systems via SSH command shells, eventually discovering undocumented incompatibilities between various releases, elements and platforms that required wiping and reinstalling and going through the whole charade again, I’m thoroughly scunnered. Installations usually require intricate script editing (in various languages), and the web forums are full of conflicting (and frequently erroneous) advice. It can take days to do things that should be very straightforward – like they were on Unix many moons ago. My next task is to install to two enterprise-grade servers on a large corporate network, and I ain’t looking forward to it. Windows Server management is much easier by comparison – and in my experience, relatively trouble-free.

  81. A Node, thanks – though I should be much more thrilled if Dana were to pop in to try it too!

  82. Ben Franklin, 11 May, 10:27 pm: at Wikipedia, were you, or are you, “Semanticleo”? 21:22 and 21:26, 11 May 2013‎, here:

    http://en.wikipedia.org/w/index.php?title=Iraq_Resolution&action=history&year=2013&month=5

    I think Semanticleo’s contribution should go in this section:

    http://en.wikipedia.org/w/index.php?title=Iraq_Resolution&diff=554647602&oldid=554429514#Passage

    I’m Clark42. Log in to Wikipedia, and then go here:

    http://en.wikipedia.org/wiki/Talk:Iraq_Resolution#Move_.22which_Senators_voted_.27YES.27.22_to_.22Passage.22:

    To discuss, click the “Edit” link and add to the talk page. When you’re finished, “sign” your post by typing four tildes, and then click the “Save Page” button.

  83. It is ridiculously easy to send email with a fake senders address. I could do it. Anyone could do it.

Powered By Wordpress | Designed By Ridgey | Produced by Tim Ireland | Hosted by Expathos