Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Tools for foiling malicious links and files




    TOP STORY


    Tools for foiling malicious links and files


    By Susan Bradley

    Every day, malicious websites and attachments try to trick you into downloading their dangerous payload.

    Fortunately, there are websites and tools to help you determine what's safe and what might be a trap designed to steal personal information and money.

    The full text of this column is posted at http://windowssecrets.com/top-story/...nks-and-files/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    Star Lounger
    Join Date
    Dec 2009
    Location
    NSW, Australia
    Posts
    67
    Thanks
    1
    Thanked 3 Times in 3 Posts
    Here is one that Susan didn't mention. Gmail is very good for spotting spam and bad emails. I run multiple email addresses through a Gmail account to clean them up before I read them. It isn't perfect but it is very good. It's also very flexible in that you can tag an email as spam and Gmail remembers it for next time. Also if you need to block an email sender it's very easy to create a filter to auto delete their emails.
    Bob
    Win 8.1 Pro - IE11, Office Pro 2013, Acronis TIH 2014
    Win 10 Pro preview 10162

  3. #3
    New Lounger
    Join Date
    Jul 2015
    Posts
    1
    Thanks
    0
    Thanked 2 Times in 1 Post
    Very thorough analysis, but for those of us that can't spend hours using the multitude of defenders listed, might it not be possible to mention/recommend one or two that together would do a good job. Such as, perhaps, MALWAREBYTES and Super Antispyware (Lifetime professional version) - (both of which were not mentioned in the column, strangely) - which would appear to have kept the bugs out of my computer up to now. Of course, those coming by email are a different story, but anyone who opens a ZIP file from some sender that he/she doesn't know for sure is OK is a bit of an idiot - a rather large bit, at that. By the way, I'm not being sponsored for mentioning those two, just reporting on experience.

  4. The Following 2 Users Say Thank You to alan@alanrogers.ch For This Useful Post:

    djohnson (2015-07-09),steveb116 (2015-07-09)

  5. #4
    Star Lounger
    Join Date
    Mar 2011
    Posts
    60
    Thanks
    0
    Thanked 0 Times in 0 Posts

    the hackers have won, this is impossible for the majority of users

    Susan,
    I read the newsletter faithfully.
    but I look at my family, friends, and we tech savvy people might as well throw our hands up in the air.
    MOST users have NO CLUE of what to do with such information as you provided.
    I can't even get my wife to NOT OVERLOAD DROPBOX and to NOT DuPLICATE the media files she shares with our daughter and son (rather than upload it once and share a link)

    This is not a criticism of your column.
    There HAS to be some way that software with better interfaces and directions gets created, to PROTECT the majority of users, AND THUS to also protect us (so the majority of users don't allow BOTS, MALWARE, etc, to infect their system and thus OURS)

    my 80 year old aunt still sends the FORWARDS of the pretty cards, images, etc, that she found, with NO CLUE to not forward such stuff, etc,

    ANYWAY, that is my two cents, from a frustrated family advisor

    nick

  6. #5
    3 Star Lounger djohnson's Avatar
    Join Date
    Dec 2009
    Location
    Delaware City, Delaware
    Posts
    323
    Thanks
    13
    Thanked 32 Times in 30 Posts
    When I or anyone else uses a computer we just prefer to use it. We do not need anything so complicated as what Susan Bradley indicates. Instead of listing endless links to subject everything to she should just give instructions to install Malwarebytes Antimalware Premium. This small program is head and shoulders above anything and everything in the article, and once installed you never need to worry again.

  7. #6
    4 Star Lounger
    Join Date
    Jul 2011
    Location
    Florida
    Posts
    403
    Thanks
    172
    Thanked 28 Times in 26 Posts
    Quote Originally Posted by djohnson View Post
    When I or anyone else uses a computer we just prefer to use it. We do not need anything so complicated as what Susan Bradley indicates. Instead of listing endless links to subject everything to she should just give instructions to install Malwarebytes Antimalware Premium. This small program is head and shoulders above anything and everything in the article, and once installed you never need to worry again.
    Malwarebytes was one of the 44 products which failed to detect Susan's bogus Zip file
    https://www.virustotal.com/en/file/2...is/1434847693/

  8. The Following User Says Thank You to Trev For This Useful Post:

    BruceR (2015-07-09)

  9. #7
    5 Star Lounger
    Join Date
    Nov 2010
    Posts
    665
    Thanks
    1
    Thanked 26 Times in 24 Posts
    First of all, if you ask me, you should always be using a Virtual Machine to browse with. There is no antivirus/malware program in existence that will protect you from all attacks. At least with a VM, it's both convenient to recover and quick to do so. Takes around 5 seconds (no joke) to recover from a set known pristine golden point. It can take around 45 minutes to do so from a disk image not to mention it's very inconvenient to create them. VMs the way to go; the supposed built in virtualization within current day browsers are a joke.

  10. The Following User Says Thank You to lylejk For This Useful Post:

    F.U.N. downtown (2015-07-10)

  11. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    This type of phishing attempt appears to be unique per attachment (designed to foil/bypass AV checks), first analysis will consist mainly of guesses (heur/sus/gen), from ~4 months ago: https://www.virustotal.com/en/file/3...e5ef/analysis/

    We can see the type of file content (Heur.Dual.Extensions/Archive.Malware.FakeExt.N@susp), it contains a dual extension file, designed to look like a 'normal' file (document) but the second extension is a script type (.js). A dual extension file should set off alarm bells (it certainly would with any experienced human looking at it) but it doesn't - the tools used do not detect any strings that indicate a known malware, it's too new.

    When the same file is uploaded again (today, in this instance), the results are likely to be different, hopefully, with a higher detection rating like we see now: https://www.virustotal.com/en/file/3...is/1436457559/

    Had the file been sent somewhere that included a few humans, those detection rates might have rapidly increased over relatively few hours, rather than weeks; here's such a report (of a related threat) which illustrates the detection rates evolving as the AV purveyors test it and react by releasing updates (note that even the much-maligned MSE/Defender has a very high detection rate within the day, once MS log and detect it, those detections are made available to all other AV companies): http://malwaretips.com/threads/js-tr...samples.45908/

    It's important that users try to help themselves by reporting anything suspicious to the vendors of the security software that they use, this will accelerate the detection of new threats; their forums are usually the place for those reports but note that they are strict on how you post - they don't want to make it easy for anyone to blindly download an infected file! Example for Malwarebytes users, their Research Center: https://forums.malwarebytes.org/inde...search-center/

    It's also important that you don't rely on one company for all your security, even with a 'full' suite, you really should have a backup software from a different vendor for second opinion scans.

    Important from the AV vendors point of view is a low 'false positive' status, increasing positive flagging of files that are only seen as suspicious/generic etc. is likely to lead to an increase in non-bootable computers...

  12. #9
    New Lounger
    Join Date
    Jul 2015
    Posts
    1
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Hi Alan,

    Are you running both the Super Antispyware and Malwarebytes at the same time? In testing, I found that Super Antispyware actually performed better by identifying 205 malware cookies that Malware bytes didn't. What is your experience with these tools?

    SteveB

  13. #10
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    Coon Rapids, Mn
    Posts
    199
    Thanks
    22
    Thanked 4 Times in 4 Posts
    If you use Fire Fox or Pale Moon or well, I guess all browsers, you can use Web of Trust too as an addon. It isn't perfect, but if you try to go to a site that is known bad, it will interpose a page telling you that and asking if you really want to go there or leave. It will also highlight links in your searches with Green for good, Purple for uncertain and Red for bad - makes using search engines a little safer too.

  14. #11
    Lounger
    Join Date
    Apr 2010
    Location
    Tucson, AZ
    Posts
    36
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Thunderbird flagged the paid Newsletter 488, 2015-07-09 as a possible scam. Anybody else have this happen?

  15. #12
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    259
    Thanks
    0
    Thanked 71 Times in 45 Posts
    Quote Originally Posted by aoz View Post
    Susan,
    I read the newsletter faithfully.
    but I look at my family, friends, and we tech savvy people might as well throw our hands up in the air.
    MOST users have NO CLUE of what to do with such information as you provided.
    I can't even get my wife to NOT OVERLOAD DROPBOX and to NOT DuPLICATE the media files she shares with our daughter and son (rather than upload it once and share a link)

    This is not a criticism of your column.
    There HAS to be some way that software with better interfaces and directions gets created, to PROTECT the majority of users, AND THUS to also protect us (so the majority of users don't allow BOTS, MALWARE, etc, to infect their system and thus OURS)

    my 80 year old aunt still sends the FORWARDS of the pretty cards, images, etc, that she found, with NO CLUE to not forward such stuff, etc,

    ANYWAY, that is my two cents, from a frustrated family advisor

    nick
    Anytime you get a file or link you are worried about send it to virustotal.com. See if at least ONE antivirus vendor has flagged it.

  16. #13
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    259
    Thanks
    0
    Thanked 71 Times in 45 Posts
    Quote Originally Posted by djohnson View Post
    When I or anyone else uses a computer we just prefer to use it. We do not need anything so complicated as what Susan Bradley indicates. Instead of listing endless links to subject everything to she should just give instructions to install Malwarebytes Antimalware Premium. This small program is head and shoulders above anything and everything in the article, and once installed you never need to worry again.
    But antivirus is always reactionary and doesn't flag everything. What if you get a file that you aren't sure about and Malwarebytes doesn't flag it. Now what? The point is use these sites to scan the file whenever you get something you aren't quite sure about. Chances are SOME antivirus vendor - just maybe not YOUR antivirus vendor will flag it.

    You can't just rely on malwarebytes. I still worry, I still see files it misses.

  17. #14
    New Lounger
    Join Date
    Sep 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Another approach

    I've used Mailwasher for many years. You get a look at your email message in ASCII form so links and other data are visible but don't execute a payload. See a problem, just mark the message for deletion. Pretty simple first line of defense. Then use antivirus/malware protection as a second line.

  18. #15
    4 Star Lounger
    Join Date
    Jul 2011
    Location
    Florida
    Posts
    403
    Thanks
    172
    Thanked 28 Times in 26 Posts
    Quote Originally Posted by satrow View Post
    When the same file is uploaded again (today, in this instance), the results are likely to be different, hopefully, with a higher detection rating like we see now: https://www.virustotal.com/en/file/3...is/1436457559/

    .
    Just tried it again and Malwarebytes still misses it...

    https://www.virustotal.com/en/file/3...e5ef/analysis/

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •