Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 
2777 posts

Uber Geek
+1 received by user: 291


  Reply # 1518360 23-Mar-2016 12:53
Send private message

That is part of the nasty thing early on. Detectors only found it AFTER the payload had been delivered as it was some form of polymorphic .exe with scripting that just didnt get picked up. What did was URLs and keywords in the text files they make when they have done the deed. 

 

 

 

I't wasn't attaching to files to encrypt them, it was being done externally on a TSR. So unless you specifically had the definitions like you say at 0day which is hard to, it was easily missed unless you checked memory or odd .exe and reg changes.


169 posts

Master Geek
+1 received by user: 67

Subscriber

  Reply # 1518413 23-Mar-2016 13:08
3 people support this post
Send private message

freitasm:

 

Drive-by malware has been around for years. ... Some are not even in the browser - the usual culprits are Java applets and Flash.

 

 

Hate to say it, but Dead Steve Jobs was right!
No Flash, none at all, not ever. Just uninstall it.

 

Some web sites won't work anymore, too bad, complain to them that they're using a well-known malware vector and you're going elsewhere.
Then go elsewhere.
How may times would you go to a restaurant that gave you norovirus?

 

 


gzt

10129 posts

Uber Geek
+1 received by user: 1545


  Reply # 1518419 23-Mar-2016 13:36
Send private message

Some business applications still require it for some features.

IE has a feature similar to click to play/whitelist for partial mitigation.



192 posts

Master Geek
+1 received by user: 1


  Reply # 1518449 23-Mar-2016 14:14
Send private message

I've setup an early warning system until I can get on top of the issue.

 

If anyone's interested: http://alexappleton.net/post/83785313416/download-cryptolocker-tripwire-10


17999 posts

Uber Geek
+1 received by user: 5180

Trusted
Lifetime subscriber

  Reply # 1518451 23-Mar-2016 14:18
Send private message

On a slightly unrelated topic but related to flash sort of. Every few days Shockwave crashes in Chrome. Is there any end to when we will need Shockwave installed?


BDFL - Memuneh
61202 posts

Uber Geek
+1 received by user: 11982

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1518493 23-Mar-2016 15:19
Send private message

surfisup1000:

 

freitasm:

 

Drive-by malware has been around for years. Vulnerabilities have also been around for years - one is fixed another one shows up. Some are not even in the browser - the usual culprits are Java applets and Flash.

 

 

True but usually if you have the latest updates you were ok. 

 

In the past, generally the worst exploits require you to open a file (assuming one is applying OS updates). 

 

The OP seems to be saying it has recently become difficult to protect against this cryptolocker software. Just opening a webpage can infect your computer, even with latest patches installed. 

 

 

"recently become difficult to protect against this cryptolocker software. Just opening a webpage can infect your computer, even with latest patches installed."

 

Symantec and others have been warning of drive-by downloads for years now, and no, never required users to open files. Drive-by malware by definition almost always used an exploit that leverage some know vulnerability to automatically start some action - usually a zero-day vulnerability.

 

 





1570 posts

Uber Geek
+1 received by user: 152

Trusted

  Reply # 1518766 24-Mar-2016 06:26
Send private message

And new tool overnight to protect against macro driven tools...

 

 

http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-that-can-block-macro-malware-502058.shtml

 





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 


2437 posts

Uber Geek
+1 received by user: 718

Trusted
Lifetime subscriber

  Reply # 1518847 24-Mar-2016 10:34
Send private message

mentalinc: And new tool overnight to protect against macro driven tools... http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-that-can-block-macro-malware-502058.shtml

 

While we have seen some cryptoware come in via malformed Office files, it's only a small percentage (in my experience).

 

The Crypto Tripwire idea is smart.  I'll look more closely at this.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

1 | 2 | 3 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.