Category: Malware

Don’t Panic: Pegasus Spyware

There’s a lot of news about the powerful spyware named Pegasus. And it is some nasty stuff, being able to infect a phone without anyone clicking anything! You can read about some basics about Pegasus here.

Unfortunately, this is one of those news topics where the media can be more inciteful than insightful. For example, the NYTimes has a long write-up on Pegasus that might make you a little anxious to read. By the 6th paragraph, they mention that “more than 1.65 billion Apple products in use worldwide have been vulnerable”. They don’t mention what you should do until the final (33rd) paragraph.

What should you do? Try my two-step plan:

1) Don’t Panic. 2) Update your iPhone.

The first step is because you’re probably not affected by Pegasus. This spyware, while it can do everything it says on the tin, was probably not something that was unleashed on the entire world. Instead, researchers are fairly sure that it was deliberately used against specific people. World leaders, politicians, activists or billionaires were the likely targets.

I’ll go out on a limb and wager that most of my readers don’t fit those categories. And for any who is a Pegasus target, they’ve probably already had their iPhone replaced or wiped.

Anyhow, the second step is what can give you full peace of mind, and may have already happened automagically. Many iDevices update on their own, and the latest iOS 14.8 update will patch iPhones against Pegasus. So go ahead and check for updates on your iPhone, and then put this nasty business out of your mind.

PS: Android phones might also be vulnerable to Pegasus, but the news media is not reporting a whole lot on that. I still recommend you Don’t Panic.

PPS: Yes, you can check your iPhone for Pegasus, but it rather involved and possibly not worth the effort. Still, if you are interested, here’s one method that appears to have no cost associated with it. I do not see any way to check an Android phone for Pegasus.

iPhone Profiles and How to Remove Them

Smartphones are pretty well-defended against viruses, but there are a few ways to abuse them that avoid detection. One of the ways that iPhones get hijacked is through “Profiles”.

The Profiles part of the iOS is typically only used by employers or schools on iPhones that they assign to their staff. For some companies, there is a legitimate purpose for installing Profiles on iPhones. iPhone Profiles might help them monitor the phones and how they are used.

But on a personal or store-bought iPhone, you should never see any Profiles in the Settings panel. The presence of Profile on your personal iPhone is a sign of spyware. Some apps or websites may sneak a Profile onto an iPhone, for the purpose of collecting or sending info from your phone without you knowing. An unknown Profile can turn your iPhone into a keystroke collector or spam relay!

The good news is that Profiles are easy to check for and remove, if any are present. For most iPhones, you may open your Settings icon and tap on General. Scroll up and down, looking for Profiles. If you cannot find Profiles on the General menu, then none are present on the phone and you are clean! But if you do see Profiles, tap on it and remove anything listed inside.

Is Facetime Coming to Windows?

The answer to this is a bit dicey. Or nuanced. But the explanation is worth it for your safety.

The Basics

Facetime is an Apple-owned iOS app that allows you to video chat with people on their iPhones and iPads,. To date, Facetime has only been able to connect you with other iOS devices. That means if you’re on an Android phone or a Windows computer, you can’t use Facetime!

Upcoming Changes

But in the near future, the iOS on modern iPhones and Apple tablets is going to update to version 15. And that update includes a nice change to Facetime: You’ll then be able to send invite links to non-Apple users, and rope them into your Facetime video chats!

There’s nothing to install, when you do this. Non-Apple users will receive a link that opens the Facetime chat in a browser window. It will probably be similar to receiving a Zoom link. PC and Android users will (still) not be able to initiate a Facetime chat, as only iOS users get to do that.

Why Is This Important?

Unfortunately, the nuance of what’s developing is getting lost in the headlines. Many tech articles are already cheerleading with “Facetime Coming to Windows” and that isn’t exactly true. And it is leading people down bad paths.

When some folks see that kind of news, they immediately search the internet for “Facetime for Windows” or similar. And they find free programs or extensions that claim it will install Facetime on your device. And this leads to an infection or adware getting on their machines.

Please do not install anything that says you can put Facetime on your non-Apple device. It is surely false and will only cause you trouble.

WD My Book Live Drives Being Erased

This is a pretty scary topic, but let’s go through the scope of this problem. It may not affect you at all, but if it does, I’ve got some advice for you.

Reformatted from Afar

Yesterday it was reported that some people’s Western Digital external hard drives were erased! And the attack is not the fault of the drive owners. Instead, they suspect a malware attack is reformatting the drives remotely (through the internet). WD is still working to figure it all out.

But this attack is only affecting WD My Book Live drives. If your WD drive doesn’t have “Live” in its name, you’re OK for now. If your WD drive connects to your computer via USB cable, there’s no immediate threat. The only worry is for WD My Book Live drives that connect via ethernet cable to your router.

What To Do, per Western Digital:

If you have a My Book Live drive, WD recommends you disconnect it immediately to protect your data.

What To Do, per BlueScreen Computer:

Personally, I recommend that WD My Book Live drive users strive to get their data off of MyBook Live drives ASAP. Switch to any other external hard drive, by WD or another big-name brand. Because, even if Western Digital comes up with a fix for this, it will be hard to trust MyBook Live drives, going forward.

If your MyBook Live drive has a USB connector on the back, it is safe to disconnect its ethernet cable and access the drive directly using a USB cable. The drive will be accessible just on the one computer it is cabled to, but that should be good enough to get your data off.

But if your Live drive only allows for an ethernet connection, there’s no easy and safe way to get at your data. You can take your chances, boot it up and try to get your data off of it (very risky, I do not recommend). Or you can watch the WD Advisory Page for updates.

If you have a My Book Live drive that has been erased by this attack, TURN IT OFF immediately.

UPDATE: Western Digital will offer data recovery services to anyone affected by this attack. And WD will announce some kind of trade-in process for MyBook Live drives, to help people move to different devices that are not vulnerable to this attack. Keep an eye on the last section of this website, to keep up with the details on these offers.

Safe Browsing Protection in Google Chrome

The Chrome browser offers a choice of protection as you surf the net. If you use Google Chrome, you should review your level of protection, and change it according to your needs.

If you go to this website, Google will tell you the steps to follow, in order to check your “Safe Browsing” setting. Make sure to click your device type (Computer, Android, or iPhone & iPad) to get appropriate directions.

Once you find this setting on your device, you have 3 choices: No Protection, Standard Protection or Enhanced Protection. Read the descriptions and make a choice based on what’s best for you.

If you have privacy concerns and don’t want your extra browser info sent to Google, just choose Standard Protection. If you need all the help you can get against malware and bad websites, set it to Enhanced Protection. If you’re a web developer or advanced user, perhaps No Protection will interfere with your work the least.

Norton Power Eraser

Norton Power Eraser is another one-time scan tool for Windows computers. Similar to ADWCleaner, it will scour your PC for malware and other baddies and offer to remove them. If you are concerned that something got past your full-time antivirus, this is another good tool to run.

https://support.norton.com/sp/static/external/tools/npe.html

NPE is a little different from ADWCleaner, though. While it won’t clean up shovelware or junk items, it will more explicitly target rootkits and well-disguised infections. To do this, it will insist on rebooting your computer before its system-scan. This is so NPE can inspect everything on your computer as it loads into memory.

When the scan is finished, inspect the results. NPE sometimes targets legacy (very old) programs for removal. If there’s anything listed that you know is trustworthy, you may uncheck it and save it from removal. Everything else can go!

ADWCleaner

There are so many good antiviruses programs out there, but none of them are perfect. Malware can get past them, through trickery or ingenuity. And if you think you’ve contracted some baddies on your Windows computer, there are other tools that you can use to check your system.

ADWCleaner is one such tool that I commonly use, and you can too, for free. It’s a one-time scan that won’t interfere with your current antivirus. Simply download it, let it scan, and allow it to remove whatever it deems suspicious. It will also offer to disable unnecessary junk software after it locates any malware.

ADWCleaner will need to reboot your computer as it strips all the junk away, and things may be greatly improved afterwards. But if you notice anything wrong after using ADWCleaner, you can always use System Restore to roll back its changes.

ADWCleaner is now owned by Malwarebytes and is available here (currently for PC only): https://www.malwarebytes.com/adwcleaner/ .

PS: another good one-time scan tool is Norton Power Eraser.

© 2021 BlueScreen Computer

Theme by Anders NorenUp ↑