Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersProtecting against CryptoLocker inside your network
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 
Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #1518360 23-Mar-2016 12:53
Send private message

That is part of the nasty thing early on. Detectors only found it AFTER the payload had been delivered as it was some form of polymorphic .exe with scripting that just didnt get picked up. What did was URLs and keywords in the text files they make when they have done the deed. 

 

 

 

I't wasn't attaching to files to encrypt them, it was being done externally on a TSR. So unless you specifically had the definitions like you say at 0day which is hard to, it was easily missed unless you checked memory or odd .exe and reg changes.



PolicyGuy
1821 posts

Uber Geek
+1 received by user: 1772

ID Verified
Lifetime subscriber

  #1518413 23-Mar-2016 13:08
Send private message

freitasm:

 

Drive-by malware has been around for years. ... Some are not even in the browser - the usual culprits are Java applets and Flash.

 

 

Hate to say it, but Dead Steve Jobs was right!
No Flash, none at all, not ever. Just uninstall it.

 

Some web sites won't work anymore, too bad, complain to them that they're using a well-known malware vector and you're going elsewhere.
Then go elsewhere.
How may times would you go to a restaurant that gave you norovirus?

 

 

gzt

gzt
18689 posts

Uber Geek
+1 received by user: 7827

Lifetime subscriber

  #1518419 23-Mar-2016 13:36
Send private message

Some business applications still require it for some features.

IE has a feature similar to click to play/whitelist for partial mitigation.



bjorn

192 posts

Master Geek
+1 received by user: 1


  #1518449 23-Mar-2016 14:14
Send private message

I've setup an early warning system until I can get on top of the issue.

 

If anyone's interested: http://alexappleton.net/post/83785313416/download-cryptolocker-tripwire-10

networkn
Networkn
32871 posts

Uber Geek
+1 received by user: 15468

ID Verified
Trusted
Lifetime subscriber

  #1518451 23-Mar-2016 14:18
Send private message

On a slightly unrelated topic but related to flash sort of. Every few days Shockwave crashes in Chrome. Is there any end to when we will need Shockwave installed?

freitasm
BDFL - Memuneh
80658 posts

Uber Geek
+1 received by user: 41071

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1518493 23-Mar-2016 15:19
Send private message

surfisup1000:

 

freitasm:

 

Drive-by malware has been around for years. Vulnerabilities have also been around for years - one is fixed another one shows up. Some are not even in the browser - the usual culprits are Java applets and Flash.

 

 

True but usually if you have the latest updates you were ok. 

 

In the past, generally the worst exploits require you to open a file (assuming one is applying OS updates). 

 

The OP seems to be saying it has recently become difficult to protect against this cryptolocker software. Just opening a webpage can infect your computer, even with latest patches installed. 

 

 

"recently become difficult to protect against this cryptolocker software. Just opening a webpage can infect your computer, even with latest patches installed."

 

Symantec and others have been warning of drive-by downloads for years now, and no, never required users to open files. Drive-by malware by definition almost always used an exploit that leverage some know vulnerability to automatically start some action - usually a zero-day vulnerability.

 

 




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

 
 
 
 

Stream your favourite shows now on Apple TV (affiliate link).
mentalinc
3384 posts

Uber Geek
+1 received by user: 1023

Trusted

  #1518766 24-Mar-2016 06:26
Send private message

And new tool overnight to protect against macro driven tools...

 

 

http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-that-can-block-macro-malware-502058.shtml

 




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

Dynamic
4016 posts

Uber Geek
+1 received by user: 1853

ID Verified
Trusted
Lifetime subscriber

  #1518847 24-Mar-2016 10:34
Send private message

mentalinc: And new tool overnight to protect against macro driven tools... http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-that-can-block-macro-malware-502058.shtml

 

While we have seen some cryptoware come in via malformed Office files, it's only a small percentage (in my experience).

 

The Crypto Tripwire idea is smart.  I'll look more closely at this.




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

1 | 2 | 3 
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright