Category: information

The Virus Checker Website

The website VirusTotal at was created to help people identify computer viruses. It does this by analysing infected files or URLs supplied to it and it’s a free service.

VirusTotal inspects items by using 70+ antivirus scanners and URL/domain blacklisting services, plus a range of tools to extract signals from the studied content.

How to use the Website

You can select a file on your computer and upload it to VirusTotal in your browser.

There is also the option of desktop uploaders, browser extensions and a programmatic API if this is to become a regular practice.

As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API.

How Does the Virus Checker Work?

A submitted file or URL is scanned and the results shown on screen. The data and results are shared with VirusTotal partners who use the results to improve their own systems. As a result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level.

Scanning reports produced by VirusTotal are shared with the public VirusTotal community. Users can contribute comments and vote on whether particular content is harmful. In this way, users help to deepen the community’s collective understanding of potentially harmful content and identify false positives (i.e. harmless items detected as malicious by one or more scanners).

Commercial Service

The service provides qualified customers and anti-virus partners with tools to perform complex criteria-based searches to identify and access harmful files samples for further study. This helps organizations discover and analyse new threats and fashion new mitigations and defences.

VirusTotal not only tells you whether a given antivirus solution detected a submitted file as malicious, but also displays each engine’s detection label (e.g., I-Worm.Allaple.gen).

This is a valuable resource in the fight against computer viruses.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

How Common are Ransomware Attacks

“Ransomware threat on the rise as almost 40% of businesses are attacked”.

Security firm Malwarebytes surveyed companies and found one-third of victims lost revenue as a result of a ransomware attack.

The downtime caused by the ransomware rather than the cost of paying the ransom is what can kill a business.

Malwarebytes™ (software company selling anti-malware products) released its “Second Annual State of Ransomware Report”. The multi-country study surveyed 1,054 companies with no more than 1,000 employees across North America, France, U.K., Germany, Australia, and Singapore. More than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses had to cease operations immediately.

Key Findings

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.

The impact of ransomware on SMBs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMBs that experienced a ransomware attack, 22 percent reported that they had to cease business operations immediately, and 15 percent lost revenue.

For many, the source of ransomware is unknown and infections spread quickly. For 27 percent of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices.

The most common source of ransomware infections in U.S.-based organizations was related to email use. Thirty-seven percent of attacks on SMBs in the U.S. were reported as coming from a malicious email attachment and 27 percent were from a malicious link in an email.

Seventy-two percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

UK Government Phishing Attacks

A phishing attack is when criminals create fake websites that look like well-known websites such as Marks and Spencer or HMRC or British Gas etc.  They use the fake websites to get your confidential information.

The statistics below refer to sites that pretend to be government.

Top 10 Government ‘Brands’

Brand                                                  No of phishing sites     No of attack groups    Availability hours

HM Revenue & Customs                     16,064                         2,466                           10                                                   1,541                           241                            15

TV Licensing                                             172                            93                               5

DVLA                                                        107                             53                            11

Government Gateway                                46                              22                              6

Crown Prosecution Service                        43                               26                           15

Student Loans Company                           19                               11                            17

Student Finance Direct                              13                                 3                              3

British Broadcasting Corporation                8                                 7                             35

The availability (in hours) of an attack is the total amount of time the phishing site is available from when the Netcraft service  first becomes aware of the attack through to when it is  finally taken down.


When a phishing site is identified that is pretending to be a UK government brand, the hosting provider is asked  to take the site down.

For example:-  a fraudster using an email address onlinehmrctax @ and a matching website. That is intended to deceive the user into thinking this is a real HMRC site. Not all phishing sites use domains like this and many are hosted in areas of legitimate sites that have been compromised by the criminal.

A single attack can involve multiple spoof sites, hosted on the same server. If there are many phishing URLs in a single attack, they can easily skew statistics through the responsiveness or otherwise of the hosting provider.

Over the last calendar year, 18, 067 HMG-related phishing sites have been removed.

For comparison, in the previous 6 months , the volume was 19,443 sites.. It’s clear that here are fewer HMG-related phishing takedowns in 2017 and the trend is generally downward. Given how the service is driven, it’s reasonable to assume that it sees a relatively constant percentage of the global phishing and so this strongly suggests that there has been less HMG-related phishing this year than last.

However, it is very likely that this work has had a direct impact on the viability of criminal phishing targeting HMG brands, making them less lucrative and therefore less likely to be used.

It’s obvious from the table that the vast majority of HMG-related phishing attacks continue to use the HMRC brand. That’s unsurprising given that most adults have a relationship with them and everyone would welcome a tax refund.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature


How Common Are Data Breaches

The Proportion of Businesses That Have Had Breaches in 2017

  Overall Micro Firms Small Firms Medium Firms Large Firms Admin/ Real Estate
% experiencing a cyber security breach or attack in 2017 24 17 33 51 65 39


Businesses that invest more in cyber security have more breaches than businesses that invest less. This may seem counter intuitive but it’s partly due to businesses that realise they are more at risk such as finance operations then investing more whereas businesses where the online presence is minimal feel less at risk and invest less. There is also the assumption that businesses that invest more in cyber security will be better at identifying such breaches.

Types of Breaches/Attacks

Viruses, spyware or malware 68%
Other impersonating organisation in emails or online 32%
Denial of service attacks 15%
Hacking 13%
Money stolen electronically 13%
Breaches from personally owned devices 8
Personal information stolen 8
Breaches from externally hosted web services 8
Unlicensed or stolen software downloaded 8
Money stolen via fraud emails or websites 6
Software damaged or stolen 5
Breaches on social media 3
Intellectual property theft 1


You can see that attacks of various kinds are very common. All businesses must take steps to protect against data breaches and all common forms of cyber-attack

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

Google Project Zero

Project Zero is the name of a team of security analysts employed by Google, tasked with finding zero-day vulnerabilities in commercial software. This means bugs in other people’s software that can lead to security problems. They have no interest in everyday bugs that affect people’s work but not security.

After finding a number of flaws in software used by many end-users while researching other problems, Google decided to form a full-time team dedicated to finding such vulnerabilities, not only in Google software but any software used by its users. It’s establishment fits into the larger trend of Google’s counter-surveillance initiatives in the wake of the 2013 global surveillance disclosures by Edward Snowden.

Responsible Disclosure

When serious security bugs are found in software, should the world be informed or just the software maker?

Bugs found by the Project Zero team are reported to the manufacturer and only made publicly visible once a patch has been released or if 90 days have passed without a patch being released.

This is Google’s way of implementing responsible disclosure, giving software companies 90 days to fix a problem before informing the public so that users themselves can take necessary steps to avoid attacks.

Notable Discoveries

On 30 September 2014 Google detected a security flaw within Windows 8.1 which allows a normal user to gain administrative access. Microsoft was notified of the problem immediately but did not fix the problem within 90 days, so the information about the bug was made publicly available on 29 December 2014. Releasing the bug to the public brought a response from Microsoft that they were working on the problem.

On 19 February 2017 Google discovered a flaw within Cloudflare, which caused their edge servers to run past the end of a buffer and return memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data.

On 27 March 2017 Project Zero discovered a vulnerability in the popular password manager LastPass and four days later LastPass announced they had fixed the problem.

Project Zero was involved in discovering the Meltdown and Spectre vulnerabilities affecting many modern CPUs, which were discovered in mid-2017 and disclosed in early January 2018.

Keep up the good work!

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

How Scammers Make Their Offer Irresistible

Scammers use a set of psychological tricks to make you trust them then accept whatever they are offering.

These’ ‘tricks’ are well-known and used by Marketers and many others.

These include

  1. Create a sense of legitimacy
  • Lists of references from satisfied customers
  • ‘Professional’ reviews of the product or service
  • Celebrity endorsements
  • Ride on the back of well respected products2

2. Invoke emotion

  • Create excitement around a new release or a ‘first’ of some kind
  • Create fear that they may miss out on the product or service
  • Make them worry they may regret not taking the opportunity
  • Create anger that the product has been kept hidden away from the public until now

3. Create a sense of urgency

  • Fake deadline
  • Only a limited number/amount of the product remains
  • Be the first to get this product or service

4. Use social influence

  • Happy references from members of the public
  • 100,000 people have tried this and recommend it

Do think about how the scammer’s message affects you before making any decisions. This also applies to whenever someone is trying to sell you something  or to get you to do something.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Why You Need Double Opt-In Marketing

With single opt-in, you let people sign up to your newsletter, subscription or whatever by simply clicking once on a link or filling in a contact form etc.

But double opt-in takes this a stage further and you have to get the person to either return an email confirming their registration or  click on another link in an email to confirm.

Hence it is a two-step process to register.  This extra step will mean you lose some people, who would have otherwise registered with just the single opt-in, but there are advantages to double opt-in and it becomes law in May 2018 with the European Directive General Data Protection Regulation (GDPR).

From May 2018, consent for processing personal data and any Marketing communications must be freely given and unambiguous pre-ticked boxes, generic descriptions or over complicated terms and conditions.

GDPR also states that companies must keep a record of how and when the customer gave such consent. The double opt-in method is considered the easiest way to comply.

If you’re offering incentive to get people to sign up to your subscription or newsletter etc. then there are likely to be many people who sign up but with fake email addresses and spambots that try to sign up.  This means that many of the email addresses on your list will be bogus and hence you will be wasting your time sending out emails to them.

Double opt-in takes care of this as only people who give correct email addresses will sign up and if the second stage of confirmation has not put them off then you have a better quality email list.

So, double-opt-in as well as becoming a legal requirement may actually help you.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

The Danger of Internet Connected Gadgets in Your Home

Some homes are now filled with dozens of appliances, devices and children’s toys which can be connected to Wi-Fi and some are useful while others are just for fun, but if they are not fully secure the consequences can be unpleasant .

Often set with a default password or no password, these devices can  provide an easy route for cyber attackers to get into your systems and look for confidential information.

The Internet of Things

The “Internet of Things” is a name for the adoption of Internet enabled devices in the home. The idea being that more and more household objects will communicate over the Internet. Common such items now include thermostats controlled by an APP, smoke alarms that phone you, toys that access Internet stories and music, the Alexa and Google Home devices that you can say instructions to and they use WI-FI to control other devices or find information or translate something. This also includes Internet-connected “wearable” devices, such as fitness bands which upload your GPS co-ordinates and telemetry to the Internet so you can access the data on your PC.

Many companies are working on more of these Internet of things devices.

These devices can give out information to interlopers that you may not consider e.g. the recent case of American Special Forces soldier wearing fitness bands and their location being broadcast on Google.  OOPS.

How to Make Your Connected Home More Secure

  • Secure the wireless network. Use the WPA2 protocol if your broadband router allows that option.
  • Give your Wi-Fi network an unusual name that doesn’t identify your address e.g. General Electric.
  • If guest access is enabled on the network – disable it.
  • If your router is capable of creating two separate WI-FI networks then use one for computer devices and a separate one for household gadgets.
  • Always use strong passwords that cannot possibly be guessed by anyone e.g. a string of random words.
  • Login name is often admin or administrator by default – If you are able to change the login name then change it to something that cannot be guessed.
  • Disable any remote access for gadgets. If you ever need it for allowing the supplier to fix a fault then you can re-enable it temporarily.

Some of these gadgets have appropriate Internet security and insist on strong passwords etc.  but others have little or no thought of security, so you must take care to plug any holes in security.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

What If Your Business Has a Data Breach

If your business suffers a data breach i.e. hackers access your system and steal confidential information then you have a lot to do to deal with the breach, communicate with all affected parties and put in place better security to prevent another breach.

How well you deal with the breach often affects the total cost and the level of damage to your business reputation.

These four steps can help:-

1. Investigate the Breach

  1. How did it happen?
  2. What was stolen?
  3. Can the hackers regain entry to your systems?

You’ll need to know exactly what information was lost in the data breach.

Less sensitive information includes  name, address. phone number etc. This can be used by scammers and cold callers but that information is readily available for most people through the phone directory, social media and  the Electoral register.

More sensitive information includes date of birth, name, financial details, payment card details.  Combined with the less sensitive information this can be used for identity fraud.

If the stolen data includes names with login and passwords then you need to act fast to warn people to change their passwords.

2. Determine the Possible Damage

Once you know what data has been stolen, you need to understand how this can affect people i.e how this data can be used by criminals. Will they likely sell the information to a competitor or to other scammers or ransom it back to you?

3. Communicate with All Interested Parties

You need to inform all affected parties ASAP.  This may be customers, partners, staff, suppliers etc. If the breach is serious then you should inform the Information Commissioners Office.  If relevant inform the Police.

4. Increase Your Security

Unless you have security experts, you may need to hire experts to assess your systems and see how security can be improved. Start enacting those improvements straightaway and of course close off whatever method the hackers used to get into your systems.

A data breach can be very serious and must be dealt with quickly and efficiently to minimise damage to your reputation.

 Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

Is Your PC Mining Bitcoins for Someone

Criminals keep finding new ways to take advantage of us. Bitcoins and other cyber currencies are constantly in the news and this has led to endless scam offers of untold wealth from Bitcoins and other cyber currencies. But there’s also a new way for criminals to take advantage of you.

The Creation of New Bitcoins

This is through a process called ‘mining’ and it applies to all cyber currencies.

Mining uses huge amounts of computer processing power to keep the blockchains consistent, complete and unalterable. The “blockchain” is how the records of the Bitcoins are stored. Mining becomes progressively more difficult as more Bitcoins are created over time – requiring more and more processing power.

Bitcoin has been in circulation for some years and effective mining requires super computers.

However, hackers get around this by commandeering processing power from large numbers of other people’s computers – possibly your computer.

The hackers infect your computer with malware that lets them download data to be processed and upload the results back to themselves. If you find your computer is always slow and seems to be busy doing something you haven’t asked it to do – this can mean your computer has been infected and is busy working for someone else.

The same hacking tool that allowed the Wannacry ransomware to wreak destruction in 2017 has also been used by hackers to take over people’s computers and use them for mining.

Another similar one is called Smominru and makes infected computers mine for the cyber currency Monero. It is thought that up to half a million computers have been taken over for this purpose.

Make sure your computer is protected against these attacks through the use of anti-virus and anti-malware, take regular backups in case of data corruption or ransomware attacks.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature