Equation Group – Malware team went undetected for nearly 15 years

Kaspersky Labs – the one that says over and over that 20xx is “The Year of the Mac Virus” where xx=(03-15 so far) has released a study about a piece of malware that they have recently uncovered that is groundbreaking in many ways.  It is ALMOST undetectable, and they have been infecting machines for over 14 years.

If you like reading an analysis that reads more like a spy novel, the actual report is here.  A more accessible article was posted to Ars Technica on Feb 16, 2015.

“The discovery of the Equation Group is significant because this omnipotent cyber espionage entity managed to stay under the radar for almost 15 years, if not more,” Raiu said. “Their incredible skills and high tech abilities, such as infecting hard drive firmware on a dozen different brands, are unique across all the actors we have seen and second to none. As we discover more and more advanced threat actors, we understand just how little we know. It also makes us reflect about how many other things remain hidden or unknown.”

Kaspersky also claims that iOS and MacOS systems have been infected:

Redirects that sent iPhone users to unique exploit Web pages. In addition, infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices.

It will be interesting to see if this discovery of Kaspersky Labs turns out to be something more than the active imagination of a FUD dealing protection peddler.

Linux Viruses?

HelpMeClayton:

“About a year ago, my friend set me up with a netbook with Linux Mint on it for my mother.  It does all she needs to do with browsing the internet, watching videos, reading email.

Lately she has been complaining that her machine has a virus.  What do I use to clean a virus off Linux Mint?”

The fact of the matter is that Linux itself is not going to get a virus or malware, at least nothing is in the wild as of this writing.  However, the video watching and web browsing can expose her machine to cross-platform malware.  Adobe Flash and Java are the two main targets here.  To the non-techie user, it just feels like their machine has a virus.

So What do I do?

Make sure you install any updates to Flash or Java as soon as you find out about them.  Google Chrome will update itself as soon as it needs to.  For other browsers see the following page on WikiHow.

If you still want to do SOMETHING to make you feel better about the virus free status of your machine, you can use the free antivirus CLAMAV.  Look for it in your app store.  The thing is….you might get false positives instead of detecting any real problems, so you are better off just checking to make sure you are up to date, and then leaning back and enjoying computing

I just got a call…..

from geeksupportlive, a very nice man called to tell me that he was calling from geeksupportlive and that they are getting reports from my computer that I have a lot of viruses.  That due to the agreement that they have with Microsoft, they are contacting people who have infected machines and offering to scan them for free…..

Luckily there were a few things going for me:

1 – My Mac was definitely not reporting back to their servers that my windows was infected

2 – the words computer virus and infection do not scare me

3 – ooops their call was answered by someone who probably knows more about the computers than they do in their sweatshop call center in India

How did I get so lucky to get this call the day after I started this blog?  After putting the gentleman on hold while I went to my computer and started it up (amazing how the computer can report viruses to their server when it is not on) and then a few more minutes while I “took another call from my son” I then was directed to go to a site to download a remote management tool.

Kudos to the website administrators of ammyy.com – a free remote administration tool for putting a warning up on their website that reads:  Screen Shot 2015-01-18 at 12.06.42 PM

 

http://www.ammyy.com/en/admin_mu.html

Remote management tools are very powerful tools, and in the hands of the wrong person, can do a great deal of damage to your computer and your privacy.

NEVER give access to someone that you don’t know..

But wait, I don’t know you

well if you call me then you are the one who initiated the contact, if I ask you to load a remote administration tool it is because you have asked me for help.  Beware the unsolicited caller bearing gifts…..they might just be a big wooden horse.

Well after I read them that disclaimer, Tyson told me that I was seeing that because my computer was clearly infected because his screen was not showing that link.  He transferred me to his Senior Support Technician who assured me that I had one of the worst cases of infection that he had encountered, and that I needed to do something IMMEDIATELY!  He then directed me to showmypc – another remote admin tool – this time without the warnings…..

ooops hold on I got another call……

21 minutes later …. click

Don’t be taken in by the scammers.  I have a long list of people that I can refer you to for testimonials.