Author: admin

The Virus Checker Website

The website VirusTotal at was created to help people identify computer viruses. It does this by analysing infected files or URLs supplied to it and it’s a free service.

VirusTotal inspects items by using 70+ antivirus scanners and URL/domain blacklisting services, plus a range of tools to extract signals from the studied content.

How to use the Website

You can select a file on your computer and upload it to VirusTotal in your browser.

There is also the option of desktop uploaders, browser extensions and a programmatic API if this is to become a regular practice.

As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API.

How Does the Virus Checker Work?

A submitted file or URL is scanned and the results shown on screen. The data and results are shared with VirusTotal partners who use the results to improve their own systems. As a result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level.

Scanning reports produced by VirusTotal are shared with the public VirusTotal community. Users can contribute comments and vote on whether particular content is harmful. In this way, users help to deepen the community’s collective understanding of potentially harmful content and identify false positives (i.e. harmless items detected as malicious by one or more scanners).

Commercial Service

The service provides qualified customers and anti-virus partners with tools to perform complex criteria-based searches to identify and access harmful files samples for further study. This helps organizations discover and analyse new threats and fashion new mitigations and defences.

VirusTotal not only tells you whether a given antivirus solution detected a submitted file as malicious, but also displays each engine’s detection label (e.g., I-Worm.Allaple.gen).

This is a valuable resource in the fight against computer viruses.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

How Common are Ransomware Attacks

“Ransomware threat on the rise as almost 40% of businesses are attacked”.

Security firm Malwarebytes surveyed companies and found one-third of victims lost revenue as a result of a ransomware attack.

The downtime caused by the ransomware rather than the cost of paying the ransom is what can kill a business.

Malwarebytes™ (software company selling anti-malware products) released its “Second Annual State of Ransomware Report”. The multi-country study surveyed 1,054 companies with no more than 1,000 employees across North America, France, U.K., Germany, Australia, and Singapore. More than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses had to cease operations immediately.

Key Findings

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.

The impact of ransomware on SMBs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMBs that experienced a ransomware attack, 22 percent reported that they had to cease business operations immediately, and 15 percent lost revenue.

For many, the source of ransomware is unknown and infections spread quickly. For 27 percent of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices.

The most common source of ransomware infections in U.S.-based organizations was related to email use. Thirty-seven percent of attacks on SMBs in the U.S. were reported as coming from a malicious email attachment and 27 percent were from a malicious link in an email.

Seventy-two percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

UK Government Cyber Essentials 10 Step Plan


This is a summary of the UK Government 10 step plan for Cyber Essentials, which is designed for organisations looking to protect themselves in cyberspace.

1.     Risk Management

Embed an appropriate risk management regime across the organisation. This should be supported by an empowered governance structure, which is actively supported by the board and senior managers. These should aim to ensure that all employees, contractors and suppliers are aware of the approach, how decisions are made, and any applicable risk boundaries.

2.     Secure Configuration

Identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. Develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities.

3.     Network Security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding. Your organisation’s networks may use of mobile or remote working, and cloud services, makes defining a fixed network boundary difficult.

4.     Managing User Privileges

All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed.

5.     User Education and Awareness

It’s important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well as helping to establish a security-conscious culture.

6.     Incident Management

Invest in establishing effective incident management policies and processes to help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.

7.     Malware Prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. The risk may be reduced by developing and implementing appropriate anti-malware policies as part of an overall ‘defence in depth’ approach.

8.     Monitoring

System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies.

9.     Removable Media Controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

10.Home and Mobile Working

Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers. has further information.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

UK Government Phishing Attacks

A phishing attack is when criminals create fake websites that look like well-known websites such as Marks and Spencer or HMRC or British Gas etc.  They use the fake websites to get your confidential information.

The statistics below refer to sites that pretend to be government.

Top 10 Government ‘Brands’

Brand                                                  No of phishing sites     No of attack groups    Availability hours

HM Revenue & Customs                     16,064                         2,466                           10                                                   1,541                           241                            15

TV Licensing                                             172                            93                               5

DVLA                                                        107                             53                            11

Government Gateway                                46                              22                              6

Crown Prosecution Service                        43                               26                           15

Student Loans Company                           19                               11                            17

Student Finance Direct                              13                                 3                              3

British Broadcasting Corporation                8                                 7                             35

The availability (in hours) of an attack is the total amount of time the phishing site is available from when the Netcraft service  first becomes aware of the attack through to when it is  finally taken down.


When a phishing site is identified that is pretending to be a UK government brand, the hosting provider is asked  to take the site down.

For example:-  a fraudster using an email address onlinehmrctax @ and a matching website. That is intended to deceive the user into thinking this is a real HMRC site. Not all phishing sites use domains like this and many are hosted in areas of legitimate sites that have been compromised by the criminal.

A single attack can involve multiple spoof sites, hosted on the same server. If there are many phishing URLs in a single attack, they can easily skew statistics through the responsiveness or otherwise of the hosting provider.

Over the last calendar year, 18, 067 HMG-related phishing sites have been removed.

For comparison, in the previous 6 months , the volume was 19,443 sites.. It’s clear that here are fewer HMG-related phishing takedowns in 2017 and the trend is generally downward. Given how the service is driven, it’s reasonable to assume that it sees a relatively constant percentage of the global phishing and so this strongly suggests that there has been less HMG-related phishing this year than last.

However, it is very likely that this work has had a direct impact on the viability of criminal phishing targeting HMG brands, making them less lucrative and therefore less likely to be used.

It’s obvious from the table that the vast majority of HMG-related phishing attacks continue to use the HMRC brand. That’s unsurprising given that most adults have a relationship with them and everyone would welcome a tax refund.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature


Cold Call Surveys

Many companies use surveys of the public – stopping people in shopping centres etc. phoning two weeks after you bought a product from them and asking you to help them fill it in or by email request or cold call and so on.

Often, these are genuine surveys and the person standing in front of you or the caller is paid to get you to reply to their questions and sometimes there is a small reward such as a product tester.

But many cold call surveys are to get information that can be sold on – e.g. if you say you have pets then your name, address, contact details etc. can be sold to any number of pet insurance companies.

So, after the survey you may find yourself bombarded with calls from businesses you don’t want to deal with.

But there are other reasons they call e.g.

  1. They use the information you provide to trick you e.g. with a list of which magazines you subscribe to you may a call claiming one of the magazines subscriptions will end unless you pay immediately.
  2. Giving someone your name, phone number and birthdate can be enough for the scammer to make charges against your phone number
  3. The scammer starts asking survey questions then switches to a hard sell thereby bypassing the laws on cold calling for sales purposes
  4. A reward of some kind e.g. a discount cruise but where you need to pay a small delivery charge and once the scammer has your credit card details they can make any charges against your card they want.

Cold caller surveys may not be what they seem so be careful or just refuse to answer any questions.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

How Common Are Data Breaches

The Proportion of Businesses That Have Had Breaches in 2017

  Overall Micro Firms Small Firms Medium Firms Large Firms Admin/ Real Estate
% experiencing a cyber security breach or attack in 2017 24 17 33 51 65 39


Businesses that invest more in cyber security have more breaches than businesses that invest less. This may seem counter intuitive but it’s partly due to businesses that realise they are more at risk such as finance operations then investing more whereas businesses where the online presence is minimal feel less at risk and invest less. There is also the assumption that businesses that invest more in cyber security will be better at identifying such breaches.

Types of Breaches/Attacks

Viruses, spyware or malware 68%
Other impersonating organisation in emails or online 32%
Denial of service attacks 15%
Hacking 13%
Money stolen electronically 13%
Breaches from personally owned devices 8
Personal information stolen 8
Breaches from externally hosted web services 8
Unlicensed or stolen software downloaded 8
Money stolen via fraud emails or websites 6
Software damaged or stolen 5
Breaches on social media 3
Intellectual property theft 1


You can see that attacks of various kinds are very common. All businesses must take steps to protect against data breaches and all common forms of cyber-attack

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature