Daily Archive: 06/03/2014

Life is a bowl of chocolates with a cat peeing on the good ones. [Ransomware, avoidance thereof]

We have, in the herald, another comment about virus pandemics. Talking about something developed in 2011. Sheesh. I know that many people still are running XP, but why? and their advice is facile.


Andy Archibald, of the NCA, said
: “Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. “By making use of this two-week window, huge numbers of people…can stop that from happening to them.

“Whether you find online security complicated or confusing, or simply haven’t thought about keeping your personal or office computers safe for a while, now is the time to take action. Our message is simple: update your operating system and make this a regular occurrence, update your security software and use it and, think twice before clicking on links or attachments in unsolicited emails.”

Computer users who fear they could fall victim to the virus are advised to install anti-virus software and ensure their operating system has the latest security updates
It is thought that the gang first check if a target’s keyboard is in Russian and only strike if it is another language.

Eunice Power is one British victim who has been blackmailed by the cyber criminals. After corrupting files on her computer, the gang offered to fix the problem for several hundred pounds. Miss Power, a chef who runs a business from home, told Channel 4 News: “I could actually feel perspiration coming out through me. “I lost everything: family photographs, recipes, payroll, my accounts package. It was devastating.” The attack was so complex that an external storage unit that was connected to the computer at the time was targeted by the gang, preventing Miss Power from accessing it.

Stewart Garrick, from the National Cyber Crime Unit, said that solicitor firms, police stations in America and academic institutions had been targeted.
Victims are urged to contact a site created by the Department of Homeland Security: https://www.us-cert.gov/gameoverzeus

Heh. That’s 2011. This is much more up-to-date: take over your hard disk and demand ransoms.

We recently encountered another variant that used the Windows PowerShell feature in order to encrypt files. This variant is detected as TROJ_POSHCODER.A.  Typically, cybercriminals and threat actors have used Windows Powershell to go undetected on an affected system, making detection and analysis harder. However, once detected, using PowerShell made it easier to analyze as this malware is also hardcoded. Decrypting and analyzing this malware was not too difficult, particularly compared to other ransomware variants.

Since it uses Powershell, TROJ_POSHCODER.A is script-based, which is not common for ransomware. It uses AES to encrypt the files, and RSA4096 public key cryptography to exchange the AES key. When executed, it adds registry entries, encrypts files, and renames them to {filename}.POSHCODER. It also drops UNLOCKYOURFILES.html into every folder. Once all files on the infected system are encrypted, it displays the following image:

Figure 1.  Instructions on how users can supposedly retrieve their files

Once users followed the instructions stated in the ‘ransom note,’ they will see the image below informing them to install the Multibit application that will allow them to have their own Bitcoin-wallet account for 1 Bitcoin. When they purchase the application, they are instructed to submit the form that contains information like email address, and BTC address and ID. Users will supposedly get the decryptor that will help encrypt the files.

Figure 2. Users need to fill this form once they avail of the Multibit application

Currently, POSHCODER uses English for its ransom notes and primarily affects users in the United States.

Ransomware and other similar threats are continuously improving as exemplified by the emergence of POSHCODER.  Trend Micro protects users from this threat via its Smart Protection Network that detects the malicious file.

Well I hate windows 8 to the point where I won’t buy a macnine on it and accepted a stiniking mac as the work machine simply so I would not have to deal with the effort of wiping that excuse of an OS from the bare iron.

If I got this — and  if I cannot remove it by getting at the script files within the software I generally just format everything back to hare metal and start again. I did this over the weekend anyway, when I unstalled voyager on my server and testbed laptop.

Now, I am not a fan of Homeland security and even less so of the NSA. But… there is no such thing as a secure computer. Besides, your cat could pee all over it, and brick it in the process.

So… some advice, which is somewhat cynical.

  1. Get rid of any windows before Win7. And don’t use win8. Win7 is still reasonable, and it is reasonably well understood. The hardware is cheap. You can easily get virus scanners and security software. If you are running windows, keep it secure and keep it current. However.
  2. Use a Linux if you can. I recommend Voyager 7: it’s up to date and comes as a version of ubuntu that just works and a more heavy duty debian version for geeks like me. If you have an XP machine, fire up your browser, back up your data, and then delete everything and put a lightweight Linux on your machine.
  3. Do not use html mail.  Plain text does not contain scripts.
  4. Use Spamassasin or similar at server level. Your ISP should be able to switch this on, and automatically delete most of the spam that exists. I have this running on my personal webserver, and it works:: my employer (most of us have to publish our emails as part of academic good practice and transparency) has a ferally good set of filters and a couple of systems operators running herd on them. And they have had to take the entire stack down a couple of times a year because even then spam gets through.
  5. Use SSL for email  This should be set up as default (and is by most ISPs). Do not send email as plain text.
  6. If you don’t know the person, delete the mail. That includes emails from any institution. Including IRD, the police, your employer, your bank, your insurance agent. If the person is not known to you and has not introduced you, then bin it. Email is unreliable: there is a reason people are served using paper.
  7. It in doubt, switch it off. Most modern distributions assume you are connected to the internet and automatically configure a firewall with but a few ports available for access. Leave them alone.
  8. Keep physical backups. I backup to the cloud, but I have (a) a honking bug USB drive attached to my servers which I manually backup to then unmount and (b) physical copies lf all important documents in a fireproof box.
  9. Do not internet bank. Seriously. Pay in cash. Use your credit card. Pay by cheque. If it goes down the internet it is inherently insecure.
  10. Never take confidential information across a border. Take a clean laptop — but have all your data backed up and stored at home and nothing on the machine, Keep everything in google docs if needs be (I set up a gmail email for any new project and keep all documents in a google drive attached to the same, but I’m an academic.
  11. Keep confidential ideas off computers. Write them down in a notebook. Memorize them. But do not put them in a computer until you are prepared to share them.
  12. Macs are not immune. My work machine is a mac, and there are some things I like about them. But they can be 0wnzored as easily as any PC. It is just that old, out of date windows machines are ubiqutous and far easier to hack.
  13. If you need real security, use a USB dongle. Have a generic PC of any version, or a PC in an internet cafe: assume it is full of spyware, but use Tails  (which is another reason to use Debian daily: it’s based on that).

There are many good things ont he internet. But any human activity can and will be exploited by criminals. If they can hack wall street, the will hack your computer.  And always remember, do not mess with the affairs of systems administrators, for the are not subtle and tend to turn your life into a lving hell if they are angry.

 

We are loved so much by God.

20120901_0006
This flows on from something that was mentioned in passing a couple of days ago. We are being prayed over. Not to be pure, for we are not. Not to think correctly, for we continually have errors.

But so that we will be strengthened in our faith. That we will comprehend how great God is, and how small we are. That we will understand the cost of our salvation, and how much we are loved by God.

Ephesians 3:14-21

14For this reason I bow my knees before the Father, 15from whom every family in heaven and on earth takes its name. 16I pray that, according to the riches of his glory, he may grant that you may be strengthened in your inner being with power through his Spirit, 17and that Christ may dwell in your hearts through faith, as you are being rooted and grounded in love. 18I pray that you may have the power to comprehend, with all the saints, what is the breadth and length and height and depth, 19and to know the love of Christ that surpasses knowledge, so that you may be filled with all the fullness of God.

20Now to him who by the power at work within us is able to accomplish abundantly far more than all we can ask or imagine, 21to him be glory in the church and in Christ Jesus to all generations, forever and ever. Amen.

One of the reasons that we think so small about God is that we think too greatly about ourselves. We do not comprehend the heavens, and see infinity, and become humbled. Instead we value our self esteem: we want to be Gods. We no longer want to be human, limited by two sexes and death: but transhuman, eternal, and polymorphously perverse in our gratification of all our wants. This is the error of the Garden: it was the error of Lucifer before that. We are not God, and we are not worthy of worship.

But this error creeps in, over and over, because we do not want to humble ourselves. It is only when we see how broken and small we are that we can comprehend how great God is. How loving he is, and how he can indeed do things beyond what we can understand, or do in our own strength.

We are loved so much by God, because God is unlimited. We are not: we love poorly, and in flickers. We need to turn from those comforting candles that generate little heat and light and we used without faith and turn to God, who is light.

For in that light he commands us to walk.


Hit Counter by technology news
%d bloggers like this: