On 09/18/2015 09:49 AM, Fred Cisin wrote:
On Fri, 18 Sep 2015, Liam Proven wrote:
However, Cryptolocker et al spread by fooling
users into running
something they shouldn't run. I'm sorry, but you got suckered.
Absolutely. I now think that it was a "We're Adobe, click here to
update Flash Player" or maybe "Java update" But, I never got my
winnings from the Elbonian Lottery.
I think it's more complicated than that. Here's a sample of what
happened to me in the last few days.
I received an email for a lost password reset in Twitter. This was odd,
as I've never ever been tempted to sign up for that pile of steaming
gossip and sociopathy called Twitter. But there it was, my email and a
link coming (verified by headers) from
twitter.com. Internally, it used
a name, but it wasn't mine.
I sent a complaint to Twitter along with the complete forwarded message
demanding to know what was going on. I got the automated response, but
then utter silence. I'd be surprised if I got much more than that.
I've often stated that the problem with the malware protection business
is that it's reactive, not pro-active. So there's got to be hours or
days for the nastyware to propagate before someone writes a detector for it.
There's been apparently a virus active for months that spies on online
poker players:
http://www.bbc.com/news/technology-34289003
Where were Norton, AVG, etc. for those months? I don't blame them;
they're trying to make up for the fact that most operating systems are
failing at their basic task of protecting the user. FWIW, the small
server I use here runs OpenBSD. The level of paranoia of the code base
maintainers impresses me--but I don't trust it entirely.
One can but wonder how many backups are infected with the same virus.
--Chuck