My Computer has been Compromised, Again

That’s a log file.

What it means: there’s something in my laptop, that’s regularly taking screenshots of both my desktop, and login screen.

See the last entry, Saturday at midnight? Wasn’t even home, laptop had been closed for hours. Figure that one out.

Considering how careful I am, well, good to know I attract the best. I guess.

I can pretty much guarantee you will never again see a log like this.

If you want to see what’s happening inside your Mac, go > Applications > Utilities > Console

Logs for everything are found there.

 

 

The Scariest Type of Malware – Ransomware

Of all the types of malware, this one scares me the most.

Ransomware – a type of malicious software that locks, and sometimes encrypts, the victim’s entire computer. The victim is then informed that removal is only possible, when they pay a ransom fee to the creator of the malware. Basically, ALL your files get locked up, and someone else has the key. 

The Attack

On my other computer, I was catching up on celebrity gossip, and streaming TV from a sketchy Eastern European site, when this page overtook my browser.

1 – informs me all my files have been encrypted
2 – shows my IP address, which didn’t pinpoint my exact physical location, but was pretty close
3 – ransomware often uses this popular ‘police-theme’, to give the illusion of authenticity, and heighten fear
4 – a scary countdown timer; I have 24 hours to pay the ransom

The Defence

Ransomware is usually installed from clicking a bad link on social media, in a website or email, opening a malicious email attachment, or sometimes just visiting a malicious site.

closer investigation reveals this is mostly scareware. The English is poor, I’m on a Mac not a PC, the “Internet Police Department” uh-huh, and child p0rn phft as if, I don’t even really like kids.

Plus, 24 hours have passed, and my computer is fine.

Notice though, I said “my other computer“.

Because never would I visit those sites on my work computer. Which is why, had this actually happened, my solution would be to wipe the entire laptop, wouldn’t matter, there’s nothing on it. Opposite of this computer.

Keep your anti-virus software updated, your firewall on, and be careful what you click.

The Fix 

It’s up to you if you decide to pay the ransom.

F-Secure has removal instructions, as does Norton.  Or take you computer to your trusted IT repair place.

Regularly backup your files.

 

 

It’s a Good Idea to Monitor Connections

When you visit to a website, there are multiple connections happening behind the scenes, not only one connection, like it appears.

For an idea, some conservative estimates:

– a reasonably popular site – 25+ connections
– KeriBlog – 4
– Buzzfeed – 50+

It’s a good idea to monitor these, and approve / deny what you feel comfortable with connecting to your laptop.

Example:

Why, out of nowhere, is Celebuzz site trying to connect to my machine?

At the time of this connection request, I was not surfing gossip sites, but I have in the past, which is why the site is checking in on me.

Connection denied.

How I’m doing this

I use a program called Little Snitch.

(this is NOT an endorsement)

It installs deep in my operating system, so no matter which program I’m using (iTunes / internet browser / photo editing software), it halts all incoming connections, until I tell it how to proceed.

It looks like this:

You teach it rules (example: I accept all connections from Google.ca, I deny all connections to many ad serving URLs).

I deny everything with “track”, “metrics” or “ads” in the URL, and don’t much notice a decline in quality of browsing.

It’s free to try, and a licence is $35. I bought mine like, 4 years ago, still works.

How this helps

Keeping your computing environment as clean as possible helps. And monitoring software, while it doesn’t replace an anti-virus software, can help catch malicious connections.

A small example:

While streaming TV from one-of-those sites, the site asked to have some dedicated space on my hard drive…

Had I not stopped the connection, the website would have not only connected to my laptop,
but stored up to 1 MB of “something” on it!

The video played fine even after I denied it access.

They’re not posting free, timely TV episodes because of kindness, because they care if I’m up-to-date on The Office.  This is the price guys.