Yesterday I had a strange occurrence. When I was logged into my Win 10 Pro PC as a non-privileged domain account, I kept getting a notification that my local admin account was trying to logon remotely. and a dialog to logoff the domain account or cancel the remote access. So I ran MalwareBytes and it found and quarantined a few things and rebooted. Still kept getting the remote access request from my local admin account, but additional scans turned up nothing. If I tried to logon with my local admin account, it would automatically log off in about 20 seconds. Good thing I had another local admin account that I was able to go in and change the other local admin account password. Once I did that, no further dialogs about remote access. A deep scan with ESET AV still turned up nothing. Not sure who/what was trying to use the local admin account to gain access to my PC or where the request was coming from. Scary.
Fred On Wed, Nov 16, 2016 at 5:28 AM, Peter Cushing <[email protected] > wrote: > Just want to throw this out there and see what other people are doing to > keep attacks at bay. > > We are finding phishing and malware attacks are getting more and more > sophisticated and it is getting harder to avoid them. We got hit by a > crytowall 4 attack a while ago but fortunately have good backups. Even > when we found out which machine it was, nothing showed up when you scanned > it with all the virus and other scanners we could get our hands on. We > just wiped the machine anyway. > > We learned the other day about a new type of malware that is extremely > dangerous. If it got onto one of the machines that does internet banking > (not mentioning the bank name), the machine can be controlled from > elsewhere. When the user logs on using their smart card and pin entry > devices which are both plugged into the machine, the malware then puts up a > screen saying "Authorising account" or some such message with a waiting > logo and in the background the hacker is putting payments through on a > hidden screen. The hacker then prompts the user (again) for their pin, > which authorises the hidden payment(s). I didn't think they could get past > not having the card and pin present. > > We now have software to stop people plugging their own devices in: > > https://www.endpointprotector.com/ > > and lots of web filters, but you still have the problem of people clicking > on links in emails. We have started sending out emails with quiz type > questions to try to educate people. > > http://www.intronis.com/msp-resources/smb-phishing-quiz/ > > I got 8/9. I blame the lack of tea first thing this morning for the other > one ;-) > > Thanks, > > -- > Peter Cushing > IT Department > WHISPERING SMITH > > > > > This communication is intended for the person or organisation to whom it > is addressed. The contents are confidential and may be protected in law. > Unauthorised use, copying or disclosure of any of it may be unlawful. If > you have received this message in error, please notify us immediately by > telephone or email. > www.whisperingsmith.com > > Whispering Smith Ltd Head Office:61 Great Ducie Street, Manchester M3 1RR. > Tel:0161 831 3700 Fax:0161 831 3715 > London Office:17-19 Foley Street, London W1W 6DW Tel:0207 299 7960 > > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CAJCBksrE7d1BaZ2==6qcbamdakvrntegph7atztdwbvrnm9...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
