Category: Fight Back

Identify a Virus

The website VirusTotal at https://www.virustotal.com was created to help people identify computer viruses. It does this by analysing infected files or URLs supplied to it and it’s a free service.

VirusTotal inspects items by using 70+ antivirus scanners and URL/domain blacklisting services, plus a range of tools to extract signals from the studied content.

How to use the Website

You can select a file on your computer and upload it to VirusTotal in your browser.

There is also the option of desktop uploaders, browser extensions and a programmatic API if this is to become a regular practice.

As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API.

How Does the Virus Checker Work?

A submitted file or URL is scanned and the results shown on screen. The data and results are shared with VirusTotal partners who use the results to improve their own systems. As a result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level.

Scanning reports produced by VirusTotal are shared with the public VirusTotal community. Users can contribute comments and vote on whether particular content is harmful. In this way, users help to deepen the community’s collective understanding of potentially harmful content and identify false positives (i.e. harmless items detected as malicious by one or more scanners).

Commercial Service

The service provides qualified customers and anti-virus partners with tools to perform complex criteria-based searches to identify and access harmful files samples for further study. This helps organizations discover and analyse new threats and fashion new mitigations and defences.

VirusTotal not only tells you whether a given antivirus solution detected a submitted file as malicious, but also displays each engine’s detection label (e.g., I-Worm.Allaple.gen).

This is a valuable resource in the fight against computer viruses.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

The UK Online Safety Bill Makes Progress

https://www.gov.uk/government/news/world-first-online-safety-laws-introduced-in-pa

The UK Online Safety Bill marks a milestone in the fight for a new digital age which is safer for users and holds tech giants to account. It will protect children from harmful content such as pornography and limit people’s exposure to illegal content, while protecting freedom of speech.

At least that’s the intention, but these matters are very difficult to codify into law and the online world keeps changing at an ever faster pace.

Key points include:

  • It will require social media platforms, search engines and other apps and websites allowing people to post their own content to protect children, tackle illegal activity and uphold their stated terms and conditions.
  • The regulator Ofcom will have the power to fine companies failing to comply with the laws up to ten per cent of their annual global turnover, force them to improve their practices and block non-compliant sites.
  • Executives whose companies fail to cooperate with Ofcom’s information requests could now face prosecution or jail time within two months of the Bill becoming law, instead of two years as it was previously drafted.

The government significantly strengthened the Bill since it was first published in draft in May 2021. Changes since the draft Bill include:

  • Making sure all websites which publish or host pornography, including commercial sites, put robust checks in place to ensure users are 18 years old or over.
  • Adding new measures to clamp down on anonymous trolls to give people more control over who can contact them and what they see online.
  • Making companies proactively tackle the most harmful illegal content and criminal activity quicker.
  • Criminalising the sending of unsolicited sexual images to people using social media, known as cyber-flashing
  • Giving people the right to appeal if they feel their social media posts were removed unfairly
  • Preventing online scams, such as paid-for fraudulent adverts, investment fraud and romance scammers
  • Requiring pornography websites to verify their users’ ages

Any firm breaching the rules would face a fine of up to 10% of its turnover, while non-compliant websites could be blocked entirely.

If you have any experiences with these scams do let me know, by email.

Surrey Scammer Caught

Thomas Proudfoot 21, of Leatherhead in Surrey pleaded guilty to computer misuse, money laundering and several counts of fraud following an investigation by the Dedicated Card and Payment Crime Unit (DCPCU), a specialist police unit funded by the banking and finance industry.

He was sentenced to 4 years and 8 months in prison and also received a Criminal Behaviour Order to prevent further fraud offences.

Proudfoot had been conducting scams based around Covid business grants.

He would send out scam text messages that offered victims Covid-19 grants and asked them to click a link to a fake website.

The website asked for the victim’s personal and financial details which he could then use to steal from them.

Proudfoot also designed software which he sold as a service to other fraudsters, the court heard.

He also admitted to hacking a private business website and providing other individuals with software to help them commit fraud offences.

The Police found that he was selling methods to complete smishing and phishing fraud, including possessing copies of fake web pages relating to Covid-19 and other organisations.

Detective Sergeant Ben Hobbs at the DCPCU, said: “This sentencing is a warning to those who believe they can benefit financially from fraud that they will be caught and punished. The DCPCU will continue to clamp down on the criminal gangs seeking to use the pandemic to defraud people.

Good riddance, at least for a while, to a thief targeting vulnerable people during the pandemic.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Don’t Give In to Ransomware Attackers


Ransomware is an attack that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless perhaps by paying a ransom.

Paying the ransom is never recommended, mainly because it does not guarantee you will be able to decrypt your files plus it encourages the criminals and gives them funding for further criminal activities.

There are also a number of issues that can go wrong accidentally. For example, there could be bugs in the malware that makes the encrypted data unrecoverable even with the right key.

A ransomware attack is typically as a spam email attachment. Opening the attached file releases the malware onto the user’s system and it goes about it’s business of encrypting the files and deleting the originals. When complete, it puts up warning messages or screens demanding payment or the files will be lost forever.

The Nomoreransom Website

The website is at https://www.nomoreransom.org

“No More Ransom” is a public-private cooperation to tackle serious action cybercrime. The main aim is to share knowledge and educate users across the world on how to prevent ransomware attacks.

Plus, they believe that by restoring access to their systems where possible, it will empower users to take action and avoid rewarding criminals with a ransom payment.

The website contains four decryption tools for different types of malware. These are freely available and  will work for any user infected with the threats listed on the website.

Nomoreransom is associated with and works with various law enforcement agencies and anti-virus companies including Kaspersky, McAfee, Avast and Bitdefender

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

The End of Keurboom Communications

Keurboom Communications was created by Gregory Rudd for the purpose of making cold calls – illegally.

He had no interest in respecting people’s wishes not to be cold called, he ignored the Telephone Preference Service and he ignored the law.

As a result, his company was handed the highest ever fine for nuisance calling after more than 1,000 people complained about automated calls.

The calls, made during an 18

month period, including road traffic accident claims and PPI compensation. Some people received repeat calls, even on the same day and during unsociable hours. The company also hid 

its identity, making it harder for people to complain.

It is thought the company made up to 99.5 million such calls.

The law says that companies can only make automated marketing calls to people if they have given consent. Keurboom ignored this and called without consideration.

Following the ICO’s investigation, Keurboom Communications Ltd was placed in voluntary liquidation and Gregory Rudd banned for 6 years from being a company director.

How to Block Nuisance Callers

  1. Register with the Telephone Preference Service (TPS) then reputable companies will no longer make sales and Marketing calls to your number.
  2. Use your phone to block repeated unwanted callers and caller ID withheld numbers. Some phones allow you to do this and some services such as BT Call Protect enable this.
  3. Use the magic phone number when a website demands your number. (More information at https://fightback.ninja/a-magic-phone-number-and-call-blocking/)

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

How to Use Multiple Email Addresses

There are many reasons why having multiple email addresses can be useful, although it does mean more passwords to remember, more logins to lose track of etc. unless you use a password manager to keep track of them.

First of all, many people have separate business and personal email addresses as using one email address for both could be very confusing. If you work or volunteer for multiple organisations then you may have multiple ‘work’ email addresses.

Your personal email address is probably used for communicating with family, friends, colleagues and numerous people you don’t really know but have some dealings with.

Plus, it’s probably used for social media accounts, online shopping, financial transactions and a myriad of other purposes.

Your personal email address is also a security measure – if you forget your password on a website then it will have a ‘click for forgotten password’ link as people frequently forget passwords and the website will send a message to your email address that lets you create a new password.

This means that if a criminal gets hold of your email password (guessing them is easy for a high percentage of people) then she can change your passwords on multiple websites where you have an account and that can even become identity theft where the criminal can take out loans in your name etc. and you have the difficult task of proving your innocence.

Using one personal email address for financial activities, shopping online, social media, email etc. means only one login and password to worry about but also means that if that one email address and password is gained by scammers then you lose control of all of those things in one go.

You can create one email address for each website etc. but perhaps a more practical answer is to have one email address per type of use e.g. one for purely personal use and one for anything financial and one for social media usage and one for anything else.

People use multiple email addresses for such as:

  • An address for each business
  • Each financial activity – banks, credit cards, loan companies etc.
  • Social media
  • Registering on sites you suspect may spam you
  • Registering for downloads where you don’t want to be contacted afterwards
  • Signing up on any site that will send you Marketing messages

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature