It's hard to tell people though never to click on an email link. Sometimes sending an email is the best way to get your point across, so there's always a balance. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of vic.pereira@ssc-spc.gc.ca Sent: Monday, May 15, 2017 9:51 AM To: blind-sysadmins@lists.hodgsonfamily.org Subject: Re: [Blind-sysadmins] Windows machines, new nagware We try very hard to get people not to click on anything even if it looks like it is coming from a credible source. But as any communications strategy goes, just when you think you have it right something happens that ends up biting you in the bum. A short time ago, I was about to send an all staff email message complementing everyone on the great job they did by following all of our recommendations, because we dodged a major incident. Wouldn't you know it, our helpdesk got a call, because one of our directors clicked on a link in the body of a message that, yes of course, didn't come from a creditable source. Although we try to let people know that financial institutions and even our helpdesk will never send a message asking to verify information or to run activate the link to update information or systems, the message will never reach at least one person. To top it all off, this person was with our finance department. One would think that if any area is overly cautious it would be them. Vic Pereira Project Manager, Intra-Building Networks Real Property Projects | Networks and End-Users Branch Shared Services Canada | Government of Canada vic.pereira@ssc-spc.gc.ca | Tel: 204-781-5046 Gestionnaire de Projet, Réseau Intra-Immeubles Projets biens immobiliers | Direction générale des Réseaux et utilisateurs finaux Services partagés Canada | Gouvernement du Canada vic.pereira@ssc-spc.gc.ca | Tél: 204-781-5046 -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Simon Eigeldinger Sent: Saturday, May 13, 2017 13:26 To: David Mehler Cc: Blind sysadmins list Subject: Re: [Blind-sysadmins] Windows machines, new nagware Hi, there is loads of info online on the net. according to some texts its you just look that you have all patches added and don't open stuff you don't know. well the default stuff what you always should do but some people pretty often forget. its all over the news over here and i guess the rest of the world as well. greetings, simon Am 13.05.2017 um 20:09 schrieb David Mehler:
Hello,
I did not hear about this. Can you provide more information? What happened and what was hit? How do you detect this on a machine?
Thanks. Dave.
On 5/13/17, Simon Eigeldinger <simon.eigeldinger@vol.at> wrote:
Hi David,
Maybe no nagware. maybe it has something to do with the worldwide hacker attack that happened on friday.
greetings, simon
Am 13.05.2017 um 18:24 schrieb David Mehler:
Hello,
Is there any new "nagware" out lately like in the last week or so? Nagware is what I call those virus fakes that pop up and read out with a tts "Your computer is infected, call this number etc etc etc".
I've got a machine that has it, it was a low priority until that owner got another machine infected, which is a high priority. Things we've tried, this is on win10 1607, Windows defender, Malware bytes (version unknown), (is v3 really accessible last time I tried it no joy), and a disk cleanup giving emphasis to deleting the temporary files. Also, a ccleaner.
The issue is nothing is detecting this malware, not defender or malware bytes, and cleaning the temporary files didn't stop it.
Browser used, firefox, (version unknown).
Last item one machine user was visiting the site www.watchfree.to
I also replaced the system's hosts file with one specifically designed to block a lot of ad sites, can't remember where I got it from, no joy.
Any help appreciated.
Thanks. Dave.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- Simon Eigeldinger Follow me on Twitter: http://www.twitter.com/domasofan/ E-Mail: simon.eigeldinger@vol.at MSN: simon_eigeldinger@hotmail.com ICQ: 121823966 Jabber: domasofan@andrelouis.com
--- Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. https://www.avast.com/antivirus
-- Simon Eigeldinger Follow me on Twitter: http://www.twitter.com/domasofan/ E-Mail: simon.eigeldinger@vol.at MSN: simon_eigeldinger@hotmail.com ICQ: 121823966 Jabber: domasofan@andrelouis.com _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins