General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsAnyone know if today's malware attack is hitting civilians?
I turned off my puter hoping to avoid it. From what I read, it's targeting businesses, not civilians. I'd feel better if I knew it wasn't just roaming around randomly.
Anyone know?
Abnredleg
(669 posts)so you can't assume you won't get it. The reason why it is particularly damaging to business is that it is a worm, and once a single user clicks on the malware email it spreads across a network and infects any computer that is not patched. A stand alone PC at home is at danger only if you open the malware email.
Baitball Blogger
(46,682 posts)read?
steve2470
(37,457 posts)QUOTE
Another way is to trick a user logged in as an admin or domain admin into running a booby-trapped email attachment that installs and runs the malware with high privileges.
UNQUOTE
In other words, DO NOT open any attachments like PDF files or EXE files or any files that you are not absolutely sure of. These kind of emails usually end up in your spam folder but occasionally in Gmail they outwit the spam filter and end up in Inbox. Easy enough to avoid. Do not download the attachments out of curiosity, to state the obvious.
politicat
(9,808 posts)If yes to both, you should be fine. Use sensible prophylaxis for the foreseeable future -- treat all spam like a dirty hypodermic and don't download it. Run heavy ad blockers and turn off JavaScript. Disable Flash. Don't run any executable. Make a backup and detach that drive from your running system between backups. Rotate between 2-3 drives until we know this one is contained.
If no to the first, and you are not running windows at all, you should be fine.
If no to the first and you're running an old version of windows, you are vulnerable if you're not up to date on patches. If no to the second, go run the patches and do nothing else until that's done. Never get behind on patches. Set the preferences to do automatic updates at your personal 3 AM - a time when you're reliably asleep. If you see a notification that a patch has failed or an update is incomplete, nothing else happens until you fix that problem.
This one is targeting systems that use a 100% uptime model. (which is stupid for a variety of reasons) Such systems are less likely to be patched. There are some unconfirmed reports that this has gotten into fully patched Win10 systems sharing a network with unpatched, 100up systems, but they're unconfirmed. There's also a strong correlation between systems using Outlook mail service and infection. (Probably because the spam filters on outlook aren't as good as most of the others.) In the reports of fully patched Win10 systems, there's also a correlation between McAfee AV and infection. (Defender seems to have survived.)
There's also a strong correlation between a Ukrainian accounting and tax software package called MeDoc (it looks like they got hit just before they pushed an update and unintentionally became a vector.) if you don't play with Ukrainian tax software, you're in better shape.
There is also a potential "vaccine". There's more here: http://www.bbc.co.uk/news/amp/40427907
steve2470
(37,457 posts)politicat
(9,808 posts)I should have added my standard caveat: what medicine may or will work for this attack may not be at all useful for future ones. It's like bacterial infections, viruses, fungal infections and parasites: antibiotics only work on one of those. Run a flavor of Linux or MacOS if patching is too much work. If that's also too intimidating, strongly consider the iOS universe exclusively, and get thee to a continuing ed class. Always engage in the security equivalent of hand-washing and covering your cough - be careful with email, don't run an .exe you didn't seek out, treat unsolicited or unexpected attachments like a flaming bag of dog poop on your doorstep.