A few days ago, I got this message:
- Invitation reminders:
- From Jackie & James Bodnar (Software Engineer at BEA Systems, Inc.)
- PENDING MESSAGES
- There are a total of 3 messages awaiting your response. Go to In Box now.
Now I put my cursor over the URL link – it did say LinkedIn [dot] com. But I wasn’t taken to a browser window. I open my messages in the Mozilla Thunderbird client. While the URL showed LinkedIn, the bottom of Thunderbird showed something else entirely. I’ve been compromised.
Either one of two things happened:
- The culprits placed something into my system
- The culprits secured a vital piece of info – like a password.
Here’s the steps I took:
Check for something in the system
- I have WinPatrol running in the background. Nothing popped up that a program had changed and needed my approval. This is a good sign.
- It was time to run a quick scan with Norton Security Suite and Malwarebytes. Neither software package came up with anything.
- The fact that I run my computers behind a Linksys router and a Norton firewall gives me some added layers of protection.
Check that something was extracted
- I did a Google search for the stuff following the question mark, from the real URL. It appears to access an IP address, The solution was to reboot the router and cable modem. This insures a new dynamic IP is generated.
- It was also time to clean up any temporary files. In Windows, this can be done with either CCleaner or BleachBit.
- As a precaution, I do keep the latest stable application software loaded, as well as having Windows 7 up to date.
- The final thing I did was to contact the company where the malicious software was hosted. It was some pharmaceutical company in India. The Web of Trust broswer plug-ins gave them a bad rating. I don’t expect to hear back from them. But I did use their contact tab and explained the sistuation.,
What about Ubuntu?
What about it? Suppose this happened when I booted the Ubuntu software? I learned a few things since my Ubuntu post last week.
- For one thing, Ubuntu has a software updater. It pays to upgrade the software daily, so you have the latest and greatest stable offerings.
- If given a choice, it is probably better to run with a solid open source alternative. So I choose Chromium over Google Chrome, OpenJDK over Oracle JDK, ClamAV and associated software (i.e. daemon) over things like Avast or Bitdefender, etc.
If anything was really compromised – like my mail accounts – I would hear from the providers. This is especially true of companies like Microsoft, Yahoo or Google. So far, I have heard nothing.
Here are some take-aways or lessons learned
- Always run the latest version of WinPatrol
- Have a good anti-virus solution like Norton Security Suite. There are some good free alternatives like Avast, AVG, Avira or Windows Security Essentials
- Always look for the underlying URL of an “official looking” email.
- Use a mail client like Windows Live Mail or Mozilla Thunderbird
- Run your computers behind a good router, like Netgear or Linksys.
- Clean up temp files with tools like Ccleaner or Bleachbit
- Keep the Windows operating system up- to-date.
- Keep software up to date
- Keep software up to date. In Ubuntu, I use the software updater daily.
- Install a good, free anti-virus like ClamAV.
Saving the best for last
This should be obvious. All operating systems (i.e. Windows, Apple and Linux) have the potential for malware and viruses. Windows just happens to have more targeted towards them. Linus just has too many flavors out there, that makes it harder to target it generally. But if you do a weekly backup to an external hard drive – including an image copy – you can recover even if everything is destroyed.
As an added note, it’s always nice to use a good free PDF converter at Free PDF Creation Online