Consumer Alert: Microsoft warns of an email that gives cyber thieves control of your computer

Discussion in 'Headline News' started by RickAgresta, May 23, 2021.

  1. RickAgresta

    RickAgresta General Peanut, leader of the Peanutty Forces

    Messages:
    22,384
    Likes Received:
    21,050
    Trophy Points:
    288
    ROCHESTER, N.Y. (WHEC) -- This consumer alert concerns crooks controlling your computer. Microsoft sent out a warning this week about one doozy of a malware attack.


    The latest version of the Java-based STRRAT malware (1.5) was seen being distributed in a massive email campaign last week. This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them. pic.twitter.com/mGow2sJupN
    -- Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021
    Cyber thieves sent out hundreds of thousands of dangerous emails last week. Each had an attachment that looked like a PDF. But it's malware, an especially dangerous kind of malware called a RAT, remote access trojan. The name is apropos because when you click on that attachment, you unwittingly unleash malware into your computer, giving cyber thieves remote access to all your passwords and accounts as they monitor your every keystroke. The name given to this specific malware is 'STRRAT.'

    So... here's what you need to look out for. The dangerous email has an attachment that looks like a PDF. It may have the words 'outgoing payments' in the subject line or the message makes a reference to 'accounts payable.'

    Another of the dangerous emails addresses the message to 'supplier' and reads 'Your payment has been released as per attached payment advice.' Then it asks you to click on the attachment to verify your payment.

    But the emails were sent last week. You may have opened that attachment long before Microsoft warned us about the threat this week. You need to get the malware off your computer. And you can do that with anti-virus software. The IT experts at PC Magazine evaluated more than 40 different types.

    Link to article:
    https://news.google.com/articles/CB...WstNjExNzE3Ni5odG1s?hl=en-US&gl=US&ceid=US:en
     
  2. lelisa13p

    lelisa13p Your Super Moderator Super Moderator

    Messages:
    23,850
    Likes Received:
    9,897
    Trophy Points:
    288
    As if Life wasn't hard enough. :vbmad:
     
  3. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    14,629
    Likes Received:
    6,906
    Trophy Points:
    113
    Not so much an email, but an attachment. Most business email systems should block executable files delivered by email. If your business IT department isn't doing this, questions about their ability to do their jobs should cross your mind.

    Consumers are left hanging. No such tools exist for the end user, and they have to rely on their own intuition and / or 3rd party AV tools. :mad:
     
  4. Hook

    Hook Hookette says 'Tis the season!

    Messages:
    20,168
    Likes Received:
    13,233
    Trophy Points:
    288
    When I lived in Arizona at the edge of the world (in the mountains 25 miles from Mexico), I was put in charge of IT because our small shop of 5 people were given no IT support by the company on the East Coast. I was completely untrained and unqualified, by the way, but I knew more about computers than any of the others. After some research, I instituted two simple precautions for email (this was the early 2000s and we used Outlook). 1. No opening of any attachment, trusted or not, in email-- download it to let the virus scanner check it out. 2. No HTML formatting in email. Set send and receive to text only. They grumbled but there were only four other people and I could be annoying, so I got a high compliance rate. When the infamous Melissa worm hit and the company on the East Coast sent out real IT folks to analyze our network, they were astonished to find out our computers weren't compromised at all. Of course, the downside is they came to the conclusion they really didn't need to provide us with IT support. :vbrolleyes:
     
    Last edited: May 25, 2021
  5. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    14,629
    Likes Received:
    6,906
    Trophy Points:
    113
    *HC slinks off to make adjustments to their email service* *cough* ;) I'm not that restrictive. I've banned all forms of executables, as well as compressed files. I got a lot of grumbling when I did so, but that was multiple years ago. Things are also a bit different now that email is all web based, not client based for us. So far... I've managed to hold the line. That is one of the many things that keep me awake at night. *shudder*
     
  6. jigwashere

    jigwashere Mobile Deity

    Messages:
    18,089
    Likes Received:
    15,451
    Trophy Points:
    288
    Our office not only monitors and filters our emails, they provide training and periodically send fake emails to us as a test us to ensure we are following protocols. When I receive a suspicious email, I click a button in Outlook to report it and it disappears. At the end of the year, our managers get a scorecard to see how successful we were at avoiding various forms of email attacks. Fortunately, I've always gotten a perfect score. I'm careful at home too, but should improve.
     

Share This Page