I don't usually spread panicky virus warnings, but this one sounds legitimate and scary.

http://snopes.com/computer/virus/cryptolocker.asp

---

David
Sitting on my butt while others boldly go,
Waiting for a message from a small furry creature from Alpha Centauri.

Pah, panicky virus warning...

I had the predecessor of this one on my system once, also 'encrypted and all', also the warning to pay up or... a thorough run of Malwarebytes Anti-Malware + Hitman Pro took care of that.

---

I love MBAM. My systems always stay clean and I basically never need to clean up something bad, but MBAM is the first thing I run on other people's computers when I get asked to help clean up something that is annoying them. Used to update my flash drive full of portable utilities.. but I've gotten lazy and just use Team Viewer to fix most things.

edit: And for anti-virus, Avira pretty much takes care of everything. That plus MBAM and you're pretty good to go.

---

Linux laptop:
record uptime: 1511d 20h 19m (ended due to the power brick giving-up)

I have Avast which may or may not be all that effective, but as a passive backup I have Malwarebytes Anti-Malware on hand, to have this as My main a/v I'd have to pay for it, so I keep it around, most of the time it will detect stuff that Avast and others won't, for ordinary stuff like tracking cookies that can make My browser sluggish I use a program called 'SUPERAntiSpyware', which works pretty good, as long as one bans the domains that leave tracking cookies whenever they appear. It does work and has a free version which I use or a paid version with a few more features, plus there is a portable version and a version for Education too.

---

The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's

I'll be adventurous and confirm that this is one of the nastiest pieces of malware I’ve seen to date in the 15 some years I’ve been in IT.

Three of the stores I maintain have caught this thing this week (thanks to the “free” mail server with no antivirus scanning that management approved). Gets right past about 50% of the antivirus programs out there and you don’t know you have it until that screen comes up saying your docs have already been encrypted.

At that point – ALL of your documents have been encrypted and are not accessible without the decryption key. Word docs (confirmed), spreadsheets (confirmed), photos and music too from what I’ve heard etc are unopenable. No backup means you have lost everything besides the stuff stored in your email.

Simply removing the malware with malwarebytes or a bootable cd antivirus program does not decrypt your documents. Backups and shadow volume services are about all you have to recover from. System restore also is ineffective - because it doesn't afect your existing docs.
The previous version of this malware left a way to to decrypt your docs using a free utility - but does not work on this variant.

Education is one of the best tools here - never open unexpected attachments, even from someone you know... and never any attachments with a .exe inside the zip file.

It has been spreading (at least for us) in an email from either a spoofed internal address or from a 10 digit phone number – with a voicemessage.zip attachment. The payload Voicemessage.exe is inside.
The first time it happened, a store was able to forward me the infected attachment – and it got right past the Symantec scanner on my own mail server – a separate one from theirs.

---

If you think that's nasty, you should check out badBIOS: http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/.

If you think that's nasty, you should check out badBIOS: http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/.

Wow. But does it actually do anything nasty or just sit there protecting itself?

---

David
Sitting on my butt while others boldly go,
Waiting for a message from a small furry creature from Alpha Centauri.

If you think that's nasty, you should check out badBIOS: http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/.

Wow. But does it actually do anything nasty or just sit there protecting itself?

I would think that any malware that overrides what the system owner wants to do, such as booting off a CD-ROM is bad enough, and the worm-like nature of spreading over networks using a computer's speaker and other means is quite worse.

I can't image this malware doing nothing other than replicating and protecting itself. Very likely it is tracking data and sending it back to a C&C server.

Hmmm... looks like I wasn't alone in my skepticism of 'badBIOS':

http://arstechnica.com/security/2013/11/researcher-skepticism-grows-over-badbios-malware-claims/

Hmmm... looks like I wasn't alone in my skepticism of 'badBIOS':

http://arstechnica.com/security/2013/11/researcher-skepticism-grows-over-badbios-malware-claims/

The paranoid in me says it's possible he's right, and his tweet about part of his files being deleted was right, and someone else deleted the tweet.

But the paranoid is a very small part of me. The rest remains skeptical.

---

David
Sitting on my butt while others boldly go,
Waiting for a message from a small furry creature from Alpha Centauri.