Cryptolocker (was RE: Is tape dead?

[Jon Elson]

On 09/16/2015 01:10 PM, Chuck Guzis wrote:
>
>
> Has cryptolocker ever invaded the world of Unix/Linux/BSD?
>
It would be much harder.  In general, browsers do not 
activate just any file you would download.  There are 
weaknesses in various graphical/video add-ons to browsers 
that may cause vulnerabilities. But, in GENERAL, malware in 
videos, etc. would either do nothing at all when sent to the 
add-on program, or get a message saying something like "this 
script contains macros, executing it could be a security 
risk:  Yes / No"

I've been browsing quite fearlessly with Linux systems for 
about 17 years, and NEVER had any problem.
Now, I've also had a Linux web server up for about 15 years, 
and have had 2 successful penetrations.
One was totally innocuous, they just added a phishing web 
site for a bank, and it was easy to remove.
Another attack put in a root kit, and it caused a major 
mess, including me sending out some infected code to other 
people.  (OOPS, red face!!)  These were both done by 
cracking insecure passwords on my system.  The best defense 
for that is running denyhosts, which counts login failures 
from specific IP addresses, and cuts off all access from 
that IP after a threshold.  I set it very tight, two failed 
attempts within a month and you are out for a year.  It was 
VERY interesting, exactly, to the HOUR, two weeks after I 
set this up, the 1000 per day attempts to break in dropped 
to 3 a day.  This means the botnets actively track how long 
the horizon on the login failures is set, and they've been 
programmed to give up on any node that has a horizon over 2 
weeks.

Jon