Cryptolocker (was RE: Is tape dead?

Dave G4UGM dave.g4ugm at gmail.com
Thu Sep 17 02:49:21 CDT 2015


I remember my Salesman (well he was the Company Salesman but we worked
together) once recounted an interview he had heard on US Radio...
.. Basically they were interviewing a Bank Robber and they asked him why he
robbed banks when they had armed guards and heavy security..
.. His response was that they also had lots of money. He said he thought it
pointless taking risks robbing the local store when the till might be
empty...

The same goes for the Crypto Lockers. There are plenty of Windows users who
run with un-patched systems and who randomly open attachments and who have
lots of money.
In any medium sized business there will be dependencies on Browser and Java
versions, or on old un-supported software.
We are seeing an increase in attacks on Apple software and their monthly
patch list is not shrinking and from this:-

http://www.cnet.com/uk/news/apple-squashes-serious-security-bug-with-update-
to-mac-os-x/

it appears they are resorting to hacks to close doors never a great
idea.....
.. so if Linux was truly popular I think we might see CryptoLocker attacks.
It doesn't need root access, just access to the data, and so long as it can
infect the users start up scripts it can hide their documents and anything
else they have access to...

"Security" isn't just about secure software, it’s a total mind set. One slip
and you are doomed. I am pretty careful but even I managed to install the
d at mmed Ask tool bar whilst updating Java...
.. in my humble opinion many Linux users are rather more blasé about the
security of the OS that they should be....

Dave Wade
G4UGM


> -----Original Message-----
> From: cctalk [mailto:cctalk-bounces at classiccmp.org] On Behalf Of jwsmobile
> Sent: 17 September 2015 04:49
> To: cctalk at classiccmp.org
> Subject: Re: Cryptolocker (was RE: Is tape dead?
> 
> There were / are bugs in the mpg and jpg libraries that allow for remote
> execution that may or may not have been fixed.
> 
> If it can screw over cell phones running on Linux, it can screw you over
if you
> are running on garden variety Linux.
> 
> Since we are all users on an ongoing basis of fossilized non updated
systems,
> likely all of your older Linux systems have at least the mpg problem, and
it is a
> fun one.  The only thing saving you is that you would need to target it at
a
> specific binary target.
> 
> thanks
> JIm
> 
> On 9/16/2015 6:29 PM, Jon Elson wrote:
> > On 09/16/2015 01:10 PM, Chuck Guzis wrote:
> >>
> >>
> >> Has cryptolocker ever invaded the world of Unix/Linux/BSD?
> >>
> > It would be much harder.  In general, browsers do not activate just
> > any file you would download.  There are weaknesses in various
> > graphical/video add-ons to browsers that may cause vulnerabilities.
> > But, in GENERAL, malware in videos, etc. would either do nothing at
> > all when sent to the add-on program, or get a message saying something
> > like "this script contains macros, executing it could be a security
> > risk:  Yes / No"
> >
> > I've been browsing quite fearlessly with Linux systems for about 17
> > years, and NEVER had any problem.
> > Now, I've also had a Linux web server up for about 15 years, and have
> > had 2 successful penetrations.
> > One was totally innocuous, they just added a phishing web site for a
> > bank, and it was easy to remove.
> > Another attack put in a root kit, and it caused a major mess,
> > including me sending out some infected code to other people. (OOPS,
> > red face!!)  These were both done by cracking insecure passwords on my
> > system.  The best defense for that is running denyhosts, which counts
> > login failures from specific IP addresses, and cuts off all access
> > from that IP after a threshold.  I set it very tight, two failed
> > attempts within a month and you are out for a year.  It was VERY
> > interesting, exactly, to the HOUR, two weeks after I set this up, the
> > 1000 per day attempts to break in dropped to 3 a day.  This means the
> > botnets actively track how long the horizon on the login failures is
> > set, and they've been programmed to give up on any node that has a
> > horizon over 2 weeks.
> >
> > Jon
> >
> >




More information about the cctalk mailing list