Message boards :
Number crunching :
VIRUS WARNING
Message board moderation
Author | Message |
---|---|
David S Send message Joined: 4 Oct 99 Posts: 18352 Credit: 27,761,924 RAC: 12 |
I don't usually spread panicky virus warnings, but this one sounds legitimate and scary. http://snopes.com/computer/virus/cryptolocker.asp David Sitting on my butt while others boldly go, Waiting for a message from a small furry creature from Alpha Centauri. |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
Pah, panicky virus warning... I had the predecessor of this one on my system once, also 'encrypted and all', also the warning to pay up or... a thorough run of Malwarebytes Anti-Malware + Hitman Pro took care of that. |
Cosmic_Ocean Send message Joined: 23 Dec 00 Posts: 3027 Credit: 13,516,867 RAC: 13 |
I love MBAM. My systems always stay clean and I basically never need to clean up something bad, but MBAM is the first thing I run on other people's computers when I get asked to help clean up something that is annoying them. Used to update my flash drive full of portable utilities.. but I've gotten lazy and just use Team Viewer to fix most things. edit: And for anti-virus, Avira pretty much takes care of everything. That plus MBAM and you're pretty good to go. Linux laptop: record uptime: 1511d 20h 19m (ended due to the power brick giving-up) |
zoom3+1=4 Send message Joined: 30 Nov 03 Posts: 65745 Credit: 55,293,173 RAC: 49 |
I have Avast which may or may not be all that effective, but as a passive backup I have Malwarebytes Anti-Malware on hand, to have this as My main a/v I'd have to pay for it, so I keep it around, most of the time it will detect stuff that Avast and others won't, for ordinary stuff like tracking cookies that can make My browser sluggish I use a program called 'SUPERAntiSpyware', which works pretty good, as long as one bans the domains that leave tracking cookies whenever they appear. It does work and has a free version which I use or a paid version with a few more features, plus there is a portable version and a version for Education too. The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's |
Squidgie Send message Joined: 25 Oct 99 Posts: 1 Credit: 27,214,083 RAC: 0 |
I'll be adventurous and confirm that this is one of the nastiest pieces of malware I’ve seen to date in the 15 some years I’ve been in IT. Three of the stores I maintain have caught this thing this week (thanks to the “free†mail server with no antivirus scanning that management approved). Gets right past about 50% of the antivirus programs out there and you don’t know you have it until that screen comes up saying your docs have already been encrypted. At that point – ALL of your documents have been encrypted and are not accessible without the decryption key. Word docs (confirmed), spreadsheets (confirmed), photos and music too from what I’ve heard etc are unopenable. No backup means you have lost everything besides the stuff stored in your email. Simply removing the malware with malwarebytes or a bootable cd antivirus program does not decrypt your documents. Backups and shadow volume services are about all you have to recover from. System restore also is ineffective - because it doesn't afect your existing docs. The previous version of this malware left a way to to decrypt your docs using a free utility - but does not work on this variant. Education is one of the best tools here - never open unexpected attachments, even from someone you know... and never any attachments with a .exe inside the zip file. It has been spreading (at least for us) in an email from either a spoofed internal address or from a 10 digit phone number – with a voicemessage.zip attachment. The payload Voicemessage.exe is inside. The first time it happened, a store was able to forward me the infected attachment – and it got right past the Symantec scanner on my own mail server – a separate one from theirs. |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
If you think that's nasty, you should check out badBIOS: http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/. |
David S Send message Joined: 4 Oct 99 Posts: 18352 Credit: 27,761,924 RAC: 12 |
If you think that's nasty, you should check out badBIOS: http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/. Wow. But does it actually do anything nasty or just sit there protecting itself? David Sitting on my butt while others boldly go, Waiting for a message from a small furry creature from Alpha Centauri. |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
If you think that's nasty, you should check out badBIOS: http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/. I would think that any malware that overrides what the system owner wants to do, such as booting off a CD-ROM is bad enough, and the worm-like nature of spreading over networks using a computer's speaker and other means is quite worse. I can't image this malware doing nothing other than replicating and protecting itself. Very likely it is tracking data and sending it back to a C&C server. |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Hmmm... looks like I wasn't alone in my skepticism of 'badBIOS': http://arstechnica.com/security/2013/11/researcher-skepticism-grows-over-badbios-malware-claims/ |
David S Send message Joined: 4 Oct 99 Posts: 18352 Credit: 27,761,924 RAC: 12 |
Hmmm... looks like I wasn't alone in my skepticism of 'badBIOS': The paranoid in me says it's possible he's right, and his tweet about part of his files being deleted was right, and someone else deleted the tweet. But the paranoid is a very small part of me. The rest remains skeptical. David Sitting on my butt while others boldly go, Waiting for a message from a small furry creature from Alpha Centauri. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.