Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 
2630 posts

Uber Geek
+1 received by user: 271


  Reply # 1518360 23-Mar-2016 12:53
Send private message

That is part of the nasty thing early on. Detectors only found it AFTER the payload had been delivered as it was some form of polymorphic .exe with scripting that just didnt get picked up. What did was URLs and keywords in the text files they make when they have done the deed. 

 

 

 

I't wasn't attaching to files to encrypt them, it was being done externally on a TSR. So unless you specifically had the definitions like you say at 0day which is hard to, it was easily missed unless you checked memory or odd .exe and reg changes.


155 posts

Master Geek
+1 received by user: 61

Subscriber

  Reply # 1518413 23-Mar-2016 13:08
3 people support this post
Send private message

freitasm:

 

Drive-by malware has been around for years. ... Some are not even in the browser - the usual culprits are Java applets and Flash.

 

 

Hate to say it, but Dead Steve Jobs was right!
No Flash, none at all, not ever. Just uninstall it.

 

Some web sites won't work anymore, too bad, complain to them that they're using a well-known malware vector and you're going elsewhere.
Then go elsewhere.
How may times would you go to a restaurant that gave you norovirus?

 

 


gzt

9821 posts

Uber Geek
+1 received by user: 1470


  Reply # 1518419 23-Mar-2016 13:36
Send private message

Some business applications still require it for some features.

IE has a feature similar to click to play/whitelist for partial mitigation.



192 posts

Master Geek
+1 received by user: 1


  Reply # 1518449 23-Mar-2016 14:14
Send private message

I've setup an early warning system until I can get on top of the issue.

 

If anyone's interested: http://alexappleton.net/post/83785313416/download-cryptolocker-tripwire-10


17112 posts

Uber Geek
+1 received by user: 4848

Trusted
Lifetime subscriber

  Reply # 1518451 23-Mar-2016 14:18
Send private message

On a slightly unrelated topic but related to flash sort of. Every few days Shockwave crashes in Chrome. Is there any end to when we will need Shockwave installed?


BDFL - Memuneh
60594 posts

Uber Geek
+1 received by user: 11528

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1518493 23-Mar-2016 15:19
Send private message

surfisup1000:

 

freitasm:

 

Drive-by malware has been around for years. Vulnerabilities have also been around for years - one is fixed another one shows up. Some are not even in the browser - the usual culprits are Java applets and Flash.

 

 

True but usually if you have the latest updates you were ok. 

 

In the past, generally the worst exploits require you to open a file (assuming one is applying OS updates). 

 

The OP seems to be saying it has recently become difficult to protect against this cryptolocker software. Just opening a webpage can infect your computer, even with latest patches installed. 

 

 

"recently become difficult to protect against this cryptolocker software. Just opening a webpage can infect your computer, even with latest patches installed."

 

Symantec and others have been warning of drive-by downloads for years now, and no, never required users to open files. Drive-by malware by definition almost always used an exploit that leverage some know vulnerability to automatically start some action - usually a zero-day vulnerability.

 

 





1524 posts

Uber Geek
+1 received by user: 143

Trusted

  Reply # 1518766 24-Mar-2016 06:26
Send private message

And new tool overnight to protect against macro driven tools...

 

 

http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-that-can-block-macro-malware-502058.shtml

 





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 


2382 posts

Uber Geek
+1 received by user: 694

Trusted
Lifetime subscriber

  Reply # 1518847 24-Mar-2016 10:34
Send private message

mentalinc: And new tool overnight to protect against macro driven tools... http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-that-can-block-macro-malware-502058.shtml

 

While we have seen some cryptoware come in via malformed Office files, it's only a small percentage (in my experience).

 

The Crypto Tripwire idea is smart.  I'll look more closely at this.





"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

1 | 2 | 3 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17


Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.