Results 1 to 4 of 4
Like Tree1Likes
  • 1 Post By littleroundman

Thread: International experts warn of dangerous new malware

  1. #1
    littleroundman is offline Administrator
    Join Date
    Jun 2010

    International experts warn of dangerous new malware

    Cryptolocker warning: Malware extortion virus attacks on rise

    It has a name like a B-grade horror film and computer experts say the latest virus attacking Australian computers is one of the most vicious they have ever seen.

    The number of attacks by the insidious ''cryptolocker'' has jumped in the past few weeks, according to James Kavanagh, Microsoft's chief security adviser in Australia, who warns it is one of the nastiest viruses he has encountered.

    After infecting a computer the virus ''ransoms'' the user to regain control of their machine.

    ''There are enormous numbers of people being hit by the malware,'' Mr Kavanagh said.

    ''It usually turns up as an attachment to an email and if you run it, it grabs documents, images etc and encrypts them and to get them back you have to pay in a virtual currency.''

    He recommended that users backed up and retained all their files because even if they managed to remove the virus from their computer, they may not be able to recover all their files.

    Tens of thousands of Australians are hit by malicious software programs every day that infect computers and either lock up them and refuse to release them until they pay up thousands of dollars or steal their information.

    On Friday, the Australian Communications and Media Authority reported that almost 60,000 incidents had occurred in which malicious software had been detected.

    Bruce Matthews, the manager, e-Security Operations at ACMA said there were many types of scam and ransomware but they had one thing in common.

    ''It is a criminal activity which is very similar to extortion,'' Mr Matthews said.

    The malware enables the computer to be controlled remotely for illegal activities including sending out spam, hosting phishing sites and performing denial of service attacks on internet infrastructure.
    The only thing necessary for the triumph of evil is for good men to do nothing

  2. #2
    littleroundman is offline Administrator
    Join Date
    Jun 2010

    Re: International experts warn of dangerous new malware

    CryptoLocker Virus Infects 12,000 Computers In One Week: How Hackers Are Avoiding Detection

    Bitdefender Labs, an American and Romanian anti-virus company, found that in the week beginning Oct. 27, more than 12,000 computers were infected with the CryptoLocker virus, a malware capable of holding the contents of a hard drive for ransom. Bitdefender also noted that the hackers behind CryptoLocker seem to be exclusively targeting computers in the U.S.

    The CryptoLocker hackers use an algorithm to generate new command and control subdomains every day, making it difficult to track down the criminal hackers.

    Bitdefender reverse-engineered this domain generation algorithm and sinkholed the relevant domain names, which allowed Bitdefender to register the CryptoLocker domains before they disappeared.

    Between Oct. 27 and Nov. 1, 12,016 hosts infected with CryptoLocker contacted the sinkholed domains. So many came from IP addresses in the U.S. that Bitdefender concluded that infections in other countries are simply collateral damage of an attack aimed there.

    To further hide their tracks, the CryptoLocker hackers are frequently changing the servers that host the CryptoLocker virus. Bitdefender told IB Times that it’s rare for CryptoLocker to remain on the same server for more than a week. In the week Bitdefender monitored, Cryptolocker servers were identified in Russia, Germany, Kazakhstan and the Ukraine.

    Unfortunately, this constant “server hopping” is only going to make it more difficult to catch the criminal hackers.

    The CryptoLocker virus is spread through phony FedEx and UPS tracking notifications, as well as emails pretending to come from other legitimate businesses. One the malicious link is opened, the malware scans a harddrive for documents, spreadsheets, photos and more before encrypting them. CryptoLocker then launches a pop-up window with a counting down clock. If a $300 ransom is not paid in Bitcoin before the time expires, the decryption key is deleted and the user may never regain access to their files.

    Recently, the CryptoLocker hackers began offering a second chance to claim the decryption key, but the ransom is five times that of the original ransom.

    Security experts are working on anti-decryption software than can guard against the CryptoLocker virus. In the meantime, they advise users to remain vigilant regarding links they open and to not give into demands if infected with CryptoLocker.
    The only thing necessary for the triumph of evil is for good men to do nothing

  3. #3
    littleroundman is offline Administrator
    Join Date
    Jun 2010

    Re: International experts warn of dangerous new malware

    CryptoLocker: What is it? And how do you protect against it?

    Britain’s National Crime Agency (NCA) has issued an “urgent alert” to computer users about the threat posed by the CryptoLocker malware.

    The NCA’s National Cyber Crime Unit has warned that online criminals have launched a major internet attack designed to hold victims’ computer data hostage, and demand a ransom of hundreds of pounds be paid.

    The cybercops’ alert warns that the CyberLocker ransomware – which encrypts computer files and demands a ransom be paid for the decryption key – has been distributed via spammed-out emails claiming to come from banks and financial institutions.

    Last week, US-CERT issued a similar warning to American computer users.

    What types of computers does CryptoLocker target?

    CryptoLocker targets computers running versions of Windows. Mac computers are not affected.

    How is CryptoLocker spread?

    CryptoLocker isn’t a virus or a worm, it’s a Trojan horse. That means – like most malware seen today – it can’t travel under its own steam, and doesn’t self-replicate.

    Instead, CryptoLocker is typically distributed via spammed-out email messages, perhaps claiming to come from your bank or a delivery company. If you click on the attached file (which might pretend at first glance to be a PDF file, but actually use the .PDF.EXE double extension trick to hide its executable nature), your computer becomes infected.
    Of course, it’s possible the criminals behind CryptoLocker could also distribute it in other ways. For instance, by compromising websites with malicious exploit kits that take advantage of software vulnerabilities to install CryptoLocker on visiting computers.

    What files does CryptoLocker encrypt?

    Once your computer is infected, CryptoLocker hunts for files to encrypt. It doesn’t just on your hard drive, but on any connected drives, including mapped network shares, and even folders that you might sync up with the Cloud – such as DropBox. Filenames which match the following patterns are encrypted by CryptoLocker:

    ????????.jpe, ????????.jpg, *.3fr, *.accdb, *.ai, *.arw, *.bay, *.cdr, *.cer, *.cr2, *.crt, *.crw, *.dbf, *.dcr, *.der, *.dng, *.doc, *.docm, *.docx, *.dwg, *.dxf, *.dxg, *.eps, *.erf, *.indd, *.kdc, *.mdb, *.mdf, *.mef, *.mrw, *.nef, *.nrw, *.odb, *.odc, *.odm, *.odp, *.ods, *.odt, *.orf, *.p7b, *.p7c, *.p12, *.pdd, *.pef, *.pem, *.pfx, *.ppt, *.pptm, *.pptx, *.psd, *.pst, *.ptx, *.r3d, *.raf, *.raw, *.rtf, *.rw2, *.rwl, *.sr2, *.srf, *.srw, *.wb2, *.wpd, *.wps, *.x3f, *.xlk, *.xls, *.xlsb, *.xlsm, *.xlsx, img_*.jpg

    So, you may well be saying goodbye to your documents, your databases, your photographs, your PowerPoint slides, your spreadsheets, and much else besides.

    Will I see anything on my screen to tell me I’ve been hit?

    Only when it’s too late.
    After files have been encrypted, CryptoLocker displays a message that demands you electronically send the ransom payment (options may include Bitcoin, MoneyPak cashU, or UKash) in order to decrypt the files.

    "Your personal files are encrypted!
    Your important files encryption produced on this computer: photos, videos, documents, etc. Here is a complete list of encrypted files, and you can personally verify this.
    Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.
    The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files…
    To obtain the private key for this computer, which will automatically decrypt files, you need to pay 300 USD / 300 EUR / similar amount in another currency.
    Click <<Next>> to select the method of payment and the currency.
    Any attempt to remove or damage this software will lead to the immediate destruction of the private key by server"

    A 72 hour timer is displayed, which ticks down and explains that if you do not pay the ransom demand, your files will be permanently inaccessible and impossible to ever decrypt.
    You can still access your files during this time, as CryptoLocker is running in the background – invisibly decrypting your files on-the-fly.

    This isn’t much help, however, as the files will be unreadable on computers which are not infected by CryptoLocker. And the clock is ticking…

    MoneyPak? Bitcoins? Can’t I pay the CryptoLocker ransom with a credit card instead?

    No, the criminals don’t give a credit card option.

    One of the reasons is presumably because it would be easy for victims to “pay” the ransom using their credit card to have their files decrypted, and then use chargeback to claw back their money.

    Of course, many people may not know how to send funds via Moneypak or Bitcoin – a possible stumbling block for the criminals.

    So if I don’t pay the ransom in time, all of my data is lost?

    Not quite. The first hope has to be that you have kept regular backups of your important data, separate from your computer, and that you can restore your system from them. If you weren’t keeping backups, then please learn something from this horrible experience.
    Secondly, and I don’t recommend you take this this option, it has been reported that the criminals are now giving victims the ability to pay the ransom *after* the deadline has passed, and get their files decrypted that way.

    Regardless of whether you approve of encouraging blackmailers by paying the ransom or not, the fact that this late decryption service is only accessible via TOR, and not the conventional web, probably puts it beyond the reach of typical computer users.

    Can’t anti-virus software remove CryptoLocker and save my data?

    Good anti-virus software should be able to detect and remove CryptoLocker – however, removing CryptoLocker isn’t the same as decrypting your data files. And anti-virus software cannot unscramble your data.

    So, if you do remove a CryptoLocker infection you won’t be able to access your files as they are now encrypted.

    Fascinatingly, the criminals behind CryptoLocker anticipated this, and change the Windows wallpaper on infected computers to explain how users can download and reinstall CryptoLocker!


    Your important files encryption produced on this computer: photos, videos, documents, etc.
    If you see this text, but do not see the “CryptoLocker” window, then your antivirus deleted “CryptoLocker” from computer.
    If you need your files, you have to recover “CryptoLocker” from the antivirus quarantine, or fine a copy of “CryptoLocker” in the internet and start it again"
    How do you protect against CryptoLocker?
    Cryptolocker is a serious threat. If you’re unlucky enough to have your computer infected by it, and haven’t taken precautions, you may find yourself in the unpleasant situation of having to choose whether to pay the ransom, or never gain access to your data again.
    That means you’re saying goodbye to your family photographs, and any other personal data you have amassed over the years. If you’re a business then the potential losses could be even more significant.

    The answer is three-fold.

    protect your computer from becoming infected by keeping it up-to-date with anti-virus and security patches. Also be cautious of opening unsolicited email attachments or clicking on unknown links. If you are security savvy you can reduce the chances of being hit by a threat like CryptoLocker.

    Secondly, consider setting a software restriction policy on your Windows PCs that prevents executables from running from certain locations on your hard drive.

    for goodness sake, make backups of your important data and keep them separate from your computer (to prevent malware like CryptoLocker from encrypting your backups as well) That way, if the worst does happen, you should be able to restore your valuable data and not pay up to the crooks.

    Further reading

    To learn much more about CryptoLocker, and how you should respond to it, I recommend you check out the FAQ from BleepingComputer.

    The only thing necessary for the triumph of evil is for good men to do nothing

  4. #4
    littleroundman is offline Administrator
    Join Date
    Jun 2010

    Re: International experts warn of dangerous new malware

    The new plague: Computer viruses that extort you

    Ransomware, a particularly annoying breed of computer virus, is spreading like the plague. This malware locks you out of your computer files until you pay up -- and it is proving incredibly difficult to exterminate.

    A major ransomware operation called Cryptolocker was supposedly halted by the FBI in May. Not so fast, security experts say. It's only a setback.

    Cryptolocker used a massive network of hijacked computers called a "botnet" to spread the virus. The FBI, foreign law enforcement and private security companies teamed up to cut off communication between that botnet and victims' devices. They seized Cryptolocker's servers and replaced them with their own.

    But as antivirus maker Bitdefender points out, all that accomplished was to stop Cryptolocker's virus delivery system. Cryptolocker lives on, and its criminal masters just need to find a new botnet to start delivering viruses to new computers once again.

    If the criminals tweak the virus' code and find a different set of servers, law enforcement is back at square one.

    "All the attackers need to do is update the malware," said Bogdan Botezatu, Bitdefender's senior threat analyst.

    In just nine months, Cryptolocker had kidnapped the files of 400,000 people -- most of them Americans. Victims were told to pay $300 within three days in order to receive the key to their files. Only a tiny fraction of them paid up, but the criminals still collected more than $4 million.

    "This is a cyber stickup,"
    said Julie Preiss, an executive at Damballa, a cybersecurity firm that assisted the FBI operation.

    Even after Cryptolocker was disrupted, victims can still pay the ransom. But without the ability to communicate with Cryptolocker's network, the victims won't be able to get the keys to unlock their files. Those are gone forever.

    And now copycats are popping up just about everywhere.

    Who gets caught in the NSA's net?

    Cryptowall is the most widespread. Researchers at Dell SecureWorks took a tiny snapshot of the entire network and spotted 9,798 infected devices -- about half in the United States. Among the damage: computer files at a small town's police department in New Hampshire. SecureWorks researcher Keith Jarvis estimates Cryptowall is raking in about $150,000 a week.

    BitCrypt and CryptorBit found a sneaky way to avoid law enforcement by hiding the locations of the botnet's servers. Researchers at ESET discovered a malware called Simplocker that hijacks files on Android devices. CryptoDefense is another raking in money.

    Stopping them won't be easy, said Steven Cobb, a senior security researcher at ESET.

    "The bad guys recognize that Ukraine or Thailand -- countries without effective governments at this point -- are great places for doing this stuff," he said. "Dealing with the problem becomes a geopolitical thing."

    Get used to the term ransomware. It's here to stay

    The only thing necessary for the triumph of evil is for good men to do nothing


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42