How do you know if you've got malware?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • jean
    Late member
    • Nov 2010
    • 7100

    How do you know if you've got malware?

    On another board we were discussing the word fandom. A post of mine containing a quote of someone else using the word was blocked (by Chrome but not by Firefox, and by some people's anti-virus software) on the grounds that I was posting 'content' from fangoria.com which, as far as I can tell, is a legitimate site that's been hijacked in order to transmit bad things.

    I'd never visited that site or even heard of it, but when I reposted my post without the quoted fandom, there was no problem, and none of my other posts were blocked.

    I think the software is recognising the word fandom and making a spurious connexion between me and fangoria.com.

    Or could it be something much, much worse?
  • Don Petter

    #2
    Perhaps it's Mr Cameron's new internet filter in action?

    (And who knows what terrible words it thought you might have meant.)

    Comment

    • Frances_iom
      Full Member
      • Mar 2007
      • 2414

      #3
      Originally posted by Don Petter View Post
      Perhaps it's Mr Cameron's new internet filter in action?
      I thought that was the Daily Wail ? - mass lunacy whipped up by the true gutter press;

      Comment

      • OldTechie
        Full Member
        • Jul 2011
        • 181

        #4
        Originally posted by jean View Post
        I think the software is recognising the word fandom and making a spurious connexion between me and fangoria-dot-com.

        Or could it be something much, much worse?
        Why it should make the spurious connection, I cannot imagine, but I'd keep well away from the site.

        VirusTotal thought the site was OK. Virus Total gave me a link to the Sucuri Site checker. Initially it showed a previous cached scan warning that fangoria ran some dubious javascript from a blacklisted site I will not quote because its name might trigger spam checkers. When I asked Securi Site to rescan fangoria, it no longer had the javascript warning, but said the site was blacklisted by Google Safe Browsing and Yandex. Yandex said it downloaded some malware which Sophos identifies as Mal/ExpJS-BE. Google's report at http://safebrowsing.clients.google.c...e=fangoria.com suggests it has been badly behaved for a bit.

        Provided you have not visited the fangoria site, I doubt it indicates anything wrong on your machine.

        A lot of current malware works by using vulnerabilities in the Java runtime. Confusingly Java has nothing to do with JavaScript. Oracle seem not to be able to keep up with patches for Java which is why Apple stopped including it in their standard MAC OS installations and Microsoft made IE10 warn you every time a site tries to run a Java program. There are very few web sites that need Java for legitimate operation. With the latest version of Java installed, you can have it for running local Java programs, but disable it from all browsers. The instructions are on the Java site. I have been running for months in this state without finding a web site that was upset by the absence of Java in the browser (except for the odd university scientific site with a specific Java program to demonstrate some effect.)

        If you don't need Java, uninstall it (not always easy - go to the Java site for instructions.) If, like me, you need it locally make sure you have the latest version and disable it in all your browsers (via the Java control panel in Windows - one checkbox for all browsers.)

        Comment

        • jean
          Late member
          • Nov 2010
          • 7100

          #5
          Thanks, that's very helpful.

          Comment

          • An_Inspector_Calls

            #6
            OldTechie

            Jean will just love me intruding(!) but I think you're being over cautious with Java. There was certainly a problem, potentially a very serious problem, with Java assisting malware. However, Java is Oracle's baby now and they seem to have acted to close this vulnerability. There's a statement to this effect on the Nortin website
            Get award-winning antivirus protection. Download your free Norton trial now. Help protect your devices against viruses, malware, ransomware and other online threats.

            Note also that Norton claim to have this loophole covered.

            Comment

            • PJPJ
              Full Member
              • Nov 2010
              • 1461

              #7
              Apologies if this is off topic. I've just received an email from an old friend's BT account informing me she's trapped abroad and asking me to send £2080 via her BT email address as funds to get her home.

              I assume her email account has been hacked, rather her computer; does anyone here have experience of this?

              PS I see this has been an ongoing problem and was under the impression wrongly that yahoo had been dispensed with from the end of July.

              Comment

              • OldTechie
                Full Member
                • Jul 2011
                • 181

                #8
                PJPJ

                A contact of mine has just had this problem with a BT account. They had obtained her password (probably from the Yahoo password list that was stolen a year or two ago). They set up a Hotmail account in her name and then sent out the "send money now" letters from the Yahoo account but with the Hotmail reply address which looked legitimate because it had her name. They also set a divert in the hacked account to divert all her emails to the Hotmail account, to which, of course she had no access.

                As A-I-C says maybe I'm a bit over concerned about the Java issue - but I've gone to a number of innocuous-looking sites recently, only to have them download a JavaScript script that would have tried to run a possibly malicious Java program except that my virus checker caught the script and I have Java disabled. If I had turned off the AV network monitoring to speed up browsing, maybe I could have been caught out. This might have depended on which browser I happened to be using at the time.

                Comment

                • PJPJ
                  Full Member
                  • Nov 2010
                  • 1461

                  #9
                  OldTechie, many thanks for your reply. I noticed the email link was to the BT account and guess she's locked out. Hotmail/Outlook has recently upgraded its security protocols but it seems not to cover situations like this. As yet I don't know whether they're aware of the problem (I emailed them on another non-BT email address) and some friends in their address book may well have sent an alert to the hacked address.

                  Comment

                  • PJPJ
                    Full Member
                    • Nov 2010
                    • 1461

                    #10
                    I don't think it's a coincidence I've just now had a couple of emails purporting to be from BT mail with all the appropriate graphics, telling me to upgrade my classic mail account as the service is closing shortly. A complete phishing trip.

                    If you have a BT mail account, do be careful.

                    Comment

                    • Forget It (U2079353)
                      Full Member
                      • Nov 2010
                      • 132

                      #11
                      First off download & install SlimCleaner

                      then click on the HiJack-log menu item - it should show you any easy beaties on your windows PC

                      Comment

                      Working...
                      X