Possible ad-malware attempt

For the last several days my Android tablet was opening windows at random.  At first I thought it was me, but, yesterday the following happened and the tablet was sitting on the table untouched:

• Multiple search windows open;
• Over 12 tabs opened in the browser going to a number of sites with the same prefix.  I won't name it as I don't want them to get the ad revenue;
• My BANKING app was opened up.  I don't have auto-sign-in there so no damage done.  I checked the bank account from my Linux machine and no activity to my account (yay!);
• Multiple apps opened up.  Again these had ads so I suspect they were trying to maximize their ad revenues.  Either that or they wanted someone to pay a lot of ad money for spam clicks;

I know what the last app I installed so I suspected that app as they are ad supported.  After I removed the app and let the machine sit for 24 hours I had no more random windows opened so I may have guessed correctly.

I also run AVAST on the machine and I scanned everything and it was clean.  I know if it is very new the scanner may not detect it, but, I wanted to make as sure as possible I wasn't infected with a known virus.

I also sent Google a feedback that the app may have ad-malware and see if there is anything that they could see and do.  May not be much, but, at least I wanted to make them aware of the issue.

My guess for next gen malware encryption

I am going to make a bet that the next generation of file encryption malware is going to be a lost nastier.  Your best defence is:

• Backups.  Keep multiple backups and not connected to any network after your backups are done.  Don't just do backups, test them!  Too many times someone approaches me saying they need help as they tried to restore files from backups and they don't work;
• Up-to-date software.  When patches comes out for your operating system and applications install them ASAP.  Most of the time those patches are due to holes and the hackers are already using them.  It does not matter what O/S you use, Windows, Linux, OS/X all need to be up-to-date;
• Home routers.  Keep them up-to-date also.  Sometimes your ISP will patch their routers, ASK them to keep their hardware up-to-date;
• Good anti-virus software and keep them up-to-date;
• Do and not opening up attachments from emails that you didn't ask for is also a good step;
• Good web surfing habits.  Sometimes a site will pop-up 'You need to update or install this program to view'.  Don't trust any site doing this.  Most of the time it is for Flash and people think 'Oh, I am out-of-date again' and click install.  NEVER DO THAT, go directly to the source of the program and check.  If it is out-of-date install from the maker directly and not from a web site.

Unfortunately the writers of these nasty programs won't stop there.  They have been using ad-malware and then getting into legit sites serving ads and try to infect you when you view their "ads" and try to bypass asking your permission to install.

Right now when your system is infected and your files are encrypted some people recommended to turn back the system clock so time does not expire. Right now that works, but, I suspect not for very long.  The writers of these programs know that "trick" and I suspect they are working on how to counter that.  I see them saving the system clock information and the network time information at time of infection.  With that they know exactly when they installed on your system.  They also can determine the basic time differential between your system and the network.  If they then compare that information the next time it runs the program may just nuke your files if the date on system clock is less than their time-stamp.  Also, if they are really nasty they will also nuke the files if they cannot make a connection to the network to verify the time.  When they can make a connection they will use the time differential to see if you played with the system clock.  I would also be willing to bet that they will advertise what they did and why so that fact will spread around that playing with your system clock or unplugging from the network will nuke your files.  I don't know if (or when) that will happen, but, it will make your backups much more important as the only way to restore your system is to do a total wipe and restore.

Looks like the U.S. GOP don't vet their email lists

The last few days I have been receiving emails from the Republican party (except for one who was Libertarian) looking for money.  I suspect they bought the list from somewhere and didn't check to see if the recipients is an American citizen (or a person who has a green card).  Google flagged all of them as spam so the time, effort and money was wasted.  Upside for me is that they all have unsubscribe which I used, hopefully they will take the request and remove my address.  It really doesn't matter as they are all flagged as spam by Google.

I checked the FEC (Federal Election Commission) site to confirm what I suspected.  Only U.S citizens can financially contribute (or those with a green card).  For the various emails (except the last one) they all resolved to one common URL.

I can understand getting the rare mail from a Libertarian candidate (or small 3rd parties).  Limited resources (money and people) means buying a list and do a blind mailing and hope for the best.  The Republican party being a major political party should not be doing this.  I thought it would be a well financed, well managed and well resourced operation that would run a tight scripted operation and vet all mailings going out and not buying a list and doing blind mailings.

So far nothing from the Democratic party for email.  Also, NONE of the Canadian political parties have done bulk emails to me.  That may be due to our anti-spam laws would apply to them.