Re: Wow - Now Even COL.M - No Posts For DAYS

Skip to first unread message


Nov 20, 2021, 12:14:13 AM11/20/21
On 11/17/21 12:28 PM, Charlie Gibbs wrote:
> On 2021-11-17, 166p1 <> wrote:
>> On 11/16/21 4:19 PM, Andreas Kohlbach wrote:
>>> On Tue, 16 Nov 2021 12:02:26 +0000, Eric Pozharski wrote:
>>>> Yup, just today got another .xlsb (what .xlsb is anyway?) to check with
>>>> Virustotal. Not to be proud or something but this year I was first to
>>>> upload twice.
>>> Those in my opinion are not malicious but contain information how to
>>> contact the scammer. Am interested. If you still have it, could you put
>>> it into an encrypted ZIP file (that the mail ISP cannot check against a
>>> database of scammy files), email it to me (address is valid) and tell me
>>> the password you gave the ZIP file? I'll have a look what's inside then.
>> Is there a usenet group dedicated to e-mail scams and how
>> to spot them ? If not, there OUGHT to be.
>> This has become a PLAGUE of late. How to spot the tricks
>> and, most importantly, how to keep Joe User from just
>> automatically clicking those links ........
>> I'd far rather check 100 iffy e-mails than have to restore
>> dozens of PCs after a ransomware attack. Been there ....
> Yup. It's amazing how much a little bit of common sense can
> avoid these mishaps.
> If I see a message claiming to be from a long-lost friend,
> or one that promises the world if I just click on this button
> here, the first thing I do is to check the from address.
> A lot of scammers don't even try to disguise it, and seeing
> a suffix like .ru or .tw is a dead giveaway. Also, I'll hover
> my mouse over the magic button and see what URL comes up on
> the status line; again, anything funny here signals danger.

Every time I find a bad one, I mail everybody THAT it's
bad AND include a non-preachy little summary of WHY it's
bad ... including things like links to Russia or mystery
foreign addresses, non-existent companies, really vague
and general content, odd spelling and grammar. The last
bunch had South African links. By not getting preachy it's
possible to EDUCATE - give them more clues to look for in
the NEXT scam mail.

> Plus there's the message text itself. If the message were
> really from a friend, youy'd recognize the style. But even
> with strangers, the kinds of broken English in many scam
> messages should set off alarm bells.
> Worst case, I'll use Thunderbird's "view source" option
> to look at the actual contents of the message. There
> can be lots of interesting goodies on display there.
> If someone claims to be using your webcam to spy on you,
> are his threats really credible if your machine doesn't
> even have a webcam to begin with?
> The trouble with all these techniques is that they require
> time and care to use. In a world where convenience trumps
> everything, most people would rather risk being compromised
> than take the few seconds it needs to check things out.
> Too bad "common sense" is such a misnomer...

The IMPULSE is to just click the inviting link, BELIEVE
what's in the mail. Despite contrarians, humans ARE
generally optimistic and trusting. The scammers KNOW
this, it's how they make their money .....

Anyway, within a small/medium environment is IS possible
to inject some skepticism and educate about the signs of
a scam mail. Really BIG orgs though - yer screwed. For
sure SOMEBODY will be fooled.

LibreOffice and Linux VMs are REALLY valuable tools.
You can open weird mails in a protected environment,
with ClamAV, plus open MS files and PDFs with non
MS apps that won't automatically run all the macros
and aren't binary-compatible with Winders. Once in
a while you even need to use GHex or equiv to put a
microscope on things.

Meanwhile, on the Winders boxes, Norton IS pretty
good and I'd rec ZoneAlarm Anti-Ransomware thrown
in underneath as well. Won't save you against all
stupidity but it's better than nothing. Layered,
detailed, daily backups - online, offline and
layered - are the other half of the equation. Oh,
and those backups should be done on Linux/BSD boxes :-)


Nov 20, 2021, 1:17:24 AM11/20/21
On 11/17/21 8:25 AM, Nomen Nescio wrote:
> 166p1 <>:
> 166p1> The PROBLEM is not the Informed ... it' that Average User who
> 166p1> is both credulous and clicks on those links without a second
> 166p1> thought. Any one of them can bring down a whole org.
> Only if the org has incompetent admins (or no admins at all)
> and uses insecure-by-design windows PCs that are not properly
> locked.

And IF you try to lock them down THAT tight - emulating
Vista or worse - they won't put up with it. Daily tasks
become almost un-doable. Valuable people QUIT over such
shit. Bosses wonder why productivity has plummeted.

And no, you are NOT going to get everybody to switch
to Linux or OpenBSD. Not nearly enough "world standard"
apps for them, plus users might have to KNOW something
about computers too ....

In short, a fantasy world.

95% ARE going to be Winders forever and always,
that's the truth of it. 95% of the users WILL be
click-pretty-link stupid at least once in a while
(or All The Time). This is the truth the bad actors
are WELL aware of.

So, ASSUME bad things ARE gonna happen.

Here's what I've done of late :

For the important boxes, install Macrium Reflect Free.
Write a Python script or just a batch file to open
a shared backup drive (on a Linux box of course) just
before it's needed, and then close it again after.
Keep at least two backups of each box. Lunch hour
has proven best.

Then, on the Linux box, make dupes of the backups
to at least one other place. A DropBox Pro account
that keeps layered copies is good and not very

Encourage, indeed try to coerce, users to store their
working files on a network drive rather than C: ...
then you can backup those at night, again in
multiple places/ways. Always pre-encrypt any data
going to any 'cloud' storage site no matter WHAT
they claim about security or promises about never
selling your data.

In this way you can mitigate the damage that IS
going to happen, have the core of the org back
up and running pretty damned quick.

This is the reality. You will NEVER be able to
impose enough "systemic" security on Winders
boxes - they're just not designed for it and/or
will be such a pain they'll hire a more mellow
IT guru.

Small/medium biz just ain't the DOD's nuclear
weapons lab. THERE you might get away with the
hyper-anal security measures (actually there
should be NO Winders boxes in such an org).
But Mom & Pop org and other smaller biz/govt
sorts, you need to take the "quick recovery"
tact forwards instead.

Reply all
Reply to author
0 new messages