back to article You've got two weeks to beat off Cryptolocker, GameoverZeus nasties

The UK’s National Crime Agency has warned people have just two weeks to protect themselves against the Cryptolocker ransomware and a strain of the ZeuS password-slurping malware – before both return from the dead. The alert comes after the cops "disrupted" the systems remotely controlling the software nasties – which could …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Anonymous Coward

    Beware of Geeks

    bearing Gifts

  2. Stuart 22

    Are you pointing at me?

    Bit unspecific: Any or all of Windows x.x, iOS, Android, Linux, BSD, TRSDOS ... ???

    Some of these suppliers don't let you update the OS ... maybe the cyberplod should be having a word in their shell-like ... oh and http://www.getsafeonline.org/nca appears to be offline!

    1. itzman

      Re: Are you pointing at me?

      windows ONLY is the buzz.

      1. sisk

        Re: Are you pointing at me?

        If it's CryptoLocker it'll be able to infect any Windows system running Win2k+. I believe there's a less prevalent OSX version floating around too, but don't quote me on that.

        CryptoLocker is nasty. Someone here has a virus on their home computer that has been sending out malicious emails containing it to their entire contact list (so about 50 or 60 of our users) a couple times a week for the last couple months. Everyone's wise to it now thanks to liberal use of a metaphorical cluebat*, but we must have had 15 CryptoLocker infections the first couple weeks as people fell for it and opened the "account summery" (sic) or "scanned document" that came in with them. Seriously, I had to pull the same files from backups 7 times in two weeks because of Cryptolocker infections, and that was just me (I'm not the only backup administrator) and for just one network share.

        *They won't let me use my literal cluebat.

        1. Anonymous Coward
          Anonymous Coward

          Re: Are you pointing at me?

          http://www.majorgeeks.com/files/details/cryptoprevent.html might be worth investigating

    2. Anonymous Coward
      Anonymous Coward

      Re: Are you pointing at me?

      Systems Affected

      Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8

      Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

      1. James O'Shea

        Re: Are you pointing at me?

        There's someone still developing software for Win95? Now _there's_ dedication.

    3. Rhino

      Re: Are you pointing at me?

      Back up now. For now.

  3. Phil W
    Joke

    Beating off

    Two weeks to beat off? I know a girl who'll do that for you in about a minute.

    1. Anonymous Coward
      Anonymous Coward

      Re: Beating off

      I find that kinda hard to swallow, I'll bet she does too!

      1. Bloakey1

        Re: Beating off

        God, if she reads this she will be spitting.

        Oh and by the way. the operation is called Tovar and it appears that Mcafee jumped the gun and announced the operation early.

        1. wolfetone Silver badge

          Re: Beating off

          I'd buy that for a dollar

    2. Fruit and Nutcase Silver badge
      Paris Hilton

      Re: Beating off

      did someone mention...

  4. Mark 85

    2 weeks, eh?

    So what are our wonderful anti-virus/security firms doing? Besides letting us know that it may be days? I'm curious why their software doesn't stop it either before it's downloaded or before it installs.

    On the other hand, you can't stop idiots from clicking on a link in a email.

  5. John H Woods Silver badge

    Clicking links ...

    Now, I'm probably going to risk downvotes here but ... I firmly believe you should be able to click a link without worrying. Otherwise what is the point of QR codes? URL shorteners? The reason why clicking some links causes problems is because there are still far too many vulnerabilities in browsers.

    I should be able to point a pdf reader, graphics program, word processor or *browser* at any input whatsoever in perfect safety. The fact that I cannot tells me that software writers have been pissing away their time tweaking the interfaces and adding nice-to-have features rather than addressing the real purpose of these programs.

    1. Mage Silver badge

      Re: Clicking links ...

      QR codes as implemented currently are even more stupid than Link Shortening Services. I like at least to know the domain.

      I'm very tempted to print fake ones (but harmless) for Tesco's veggie dept.

      1. Yet Another Anonymous coward Silver badge

        Re: Clicking links ...

        QR codes are like telephone numbers.

        You might not like what you hear when you call them - but it shouldn't be able to blow up your phone

        1. Anonymous Coward
          Anonymous Coward

          Re: Clicking links ...

          "QR codes are like telephone numbers.

          You might not like what you hear when you call them - but it shouldn't be able to blow up your phone"

          Sorry, but QR codes aren't really like telephone numbers. You can read a telephone number before you dial it. See that nice poster advertising a thing you are interested in? Just... check that QR code isn't a sticker taking you to a hijack site with the real QR code from the advertiser hidden under it.

          Better yet, don't use 'em.

          1. Phil O'Sophical Silver badge
            Facepalm

            Re: Clicking links ...

            You can read a telephone number before you dial it

            Are you saying you don't look at the URL you get from a QR code before following the link?! "Look before you Leap" isn't applicable only to physical obstacles.

            1. Anonymous Coward
              Anonymous Coward

              Re: Clicking links ...

              "Are you saying you don't look at the URL you get from a QR code before following the link?!"

              No, I'm not, I'm saying I don't use them. Are you saying your superpower is automatically knowing what the URL was supposed to be? There are plenty of advertising types who'd use http://bit.ly/1ilCEh5 instead of http://www.theregister.co.uk.

              Suspicious enough, and in possession of the time and the resources to safely probe that short cut on your phone? Good for you, but basic common sense should tell you that Joe Punter, will point, click and browse without a moments thought. And given the 'instant gratification' intent of QR codes, what would be the bloody point?

              1. Phil O'Sophical Silver badge

                Re: Clicking links ...

                Are you saying your superpower is automatically knowing what the URL was supposed to be?

                No, on the rare occasions I scan a QR code I look at the resultant URL and decide if I want to hit "go" or "delete".

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Clicking links ...

                  "No, on the rare occasions I scan a QR code I look at the resultant URL and decide if I want to hit "go" or "delete"."

                  And again, the point remains. There are probably a sizeable minority (maybe even a sizeable majority) of people outside the IT world who'd use a Smartphone as a QR reader despite not knowing what an URL is, never mind whether it 'looks' safe or not.

                  That is why they are a problem.

          2. Mark .

            Re: Clicking links ...

            I can see a QR code before I use it. I don't see how reading the phone number in digits rather than seeing it as an image has anything to do with whether it will blow up my phone.

            1. Anonymous Coward
              Anonymous Coward

              Re: Clicking links ...

              "I can see a QR code before I use it. I don't see how reading the phone number in digits rather than seeing it as an image has anything to do with whether it will blow up my phone."

              You don't? Ignoring the issue of it being a metaphor, I'd venture you're the sort of chap who'd favour a leisurely stroll about town the day after a full-scale nuclear exchange. "Well... I can't see anything that might harm me"...

            2. Mage Silver badge

              Re: Clicking links ...

              How?

              Some QR apps just load the destination without a confirmatory URL display.

              The QR code may be a link shortening service.

              Most users get Malware because they always click on "OK" on dialog boxes.

              I agree one should be able to click on anything safely. But today you can't. If a link doesn't have expected domain for the context the likely situation is that it leads to evil. So I don't Click.

              Number of virus infections / Trojans etc on my own computers since 1979 = Zero.

              I do check with specialist tools that I'm as clean as I think.

              one good one is at silentrunners.org

    2. Anonymous Coward
      Anonymous Coward

      Re: Clicking links ...

      "The fact that I cannot tells me that software writers have been pissing away their time tweaking the interfaces and adding nice-to-have features rather than addressing the real purpose of these programs."

      It also tells you that governments have consistently refused to enforce normal rules of "fitness for purpose" to software and users have consistently kept buying crapware that has a long track record of failure. So the free market delivers what the free market always delivers: a de facto monopoly churning out low grade product for huge profits.

      1. gazthejourno (Written by Reg staff)

        Re: Re: Clicking links ...

        And if you don't like what the cheapo end of the free market offers you, pay more and get a better quality product.

        There. Not hard, is it?

        1. Ian McNee
          Flame

          Re: Clicking links ...

          @gazthejourno:

          Except we all know that that's Fantasy Capitalism (tm) Gaz. Otherwise we wouldn't have had the Comodo or DigiNotar hacks, the RSA hack, the endless list of (often Blue Chip) companies threatening infosec researchers with legal action rather than engaging in public interest disclosure and fixing their "premium" crapware, an so on ad nauseum.

          On the contrary while Open Source is no more free of security flaws there are far fewer of the commercial imperatives to behave badly when these are discovered. So no, it's not hard, when you disengage your prejudices and use your brain.

  6. Anonymous Coward
    Anonymous Coward

    It's a command server, not a horror movie monster

    If it was a monster then this two week window would make some sense: "We've put it to sleep - quick! run for safety while you can! it will wake up soon!" But it isn't - Cryptolocker doesn't wait for you to try to uninstall it, then try to ask the mothership "the user is coming after me! should I scramble the files now?" The moment it starts executing it does whatever harm it can, so while running an instance now might be safer (presuming it does lie dormant if it can't get a key from the C&C server, rather than generating a local one anyway and mailing it to a collection of backup email addresses), late May was also a very good time to update protective software and July will be an awesome month for running the browser from a low capability browser-only user account, and so on.

    1. Anonymous Coward
      Boffin

      Re: It's a command server, not a horror movie monster

      The "monster" in this case is the owners of the botnet. They'll be working right now to establish a new command and control server so they can start receiving keys and funds from Cryptolocker.

      Right now their money making system is offline with the main server seized. But they'll have other channels of communication to get the infected systems communicating with a new server. Soon as they do that, the game's back on.

  7. Matt_payne666

    So yes, some nasty bits of software... but short of unplugging modems... its a case of sitting back and hoping??

    there is no helping the average click happy end user....

    1. itzman
      Black Helicopters

      short of unplugging modems...

      ..there is a government website that will tell yuou if you are infected. Apparently. If you trust it.

  8. Will Godfrey Silver badge

    ... and the people who most need to hear this simply aren't listening :(

    1. billse10

      "and the people who most need to hear this simply aren't listening :("

      Well, they certainly won't be reading this, at any rate ...

  9. ken jay

    hang on havent we been told for the last 18 years that we should be carefull of what we click and always check that you know the sender and you are expecting this email. last virus i got was on the amiga. last malware was just the usual stuff thats detected by avg free and malwarebytes. i think this is just a ruse to make you not look into the NSA or GCHQ revelations. i think our hardware has a better chance of hiding the main threat to privacy and online safety and probably is. paranoia rules.

    1. Anonymous Coward
      Anonymous Coward

      You should have heard the 10 o'clock news. I really thought I had been transported back almost 2 decades. All over simplified explanations and making it sound new and scary; very little on how this threat isn't new although the scale may or may not be; and nothing on how to actually protect your stuff or how the attack is going to be held off for two weeks.

      On the plus side, I've now remembered why I don't watch TV news :)

    2. Tom 13

      @ ken jay

      we should be carefull of what we click and always check that you know the sender and you are expecting this email.

      We have a user here who got hit by someone last week. It came from a user he knew. It said it was a government GMail account and a document had been shared. Document title looked appropriate for an ongoing discussion he's having with the sender. Clicked on the link and ....

      Not sure how the security incident is being resolved because I'm not part of it. But users talk, especially when they get hit while doing everything the IT Security Training courses tell them to do. Could he have picked up the phone and confirmed the document was actually sent by the user? Sure. But in your standard office environment, is it reasonable to expect every user to call the sender each time they receive a document? Because sending an earlier email saying you are about to send a document won't necessarily help in this instance.

  10. Anonymous Coward
    Anonymous Coward

    FBI information page

    https://www.us-cert.gov/ncas/alerts/TA14-150A

  11. GitMeMyShootinIrons

    Think of the children!!!!!

    My other half just told me about this. She said "Have you read about this virus on the Daily Mail site..."

    At this point, I clenched my eyes shut and endured the pain of Daily Fail Panic Headline Syndrome.

    1. Anonymous Coward
      Anonymous Coward

      Re: Think of the children!!!!!

      see above

    2. Daniel B.

      Re: Think of the children!!!!!

      Mexico's El Universal managed to 1-up most panic headlines. The headline for the Heartbleed vuln mentioned "Most Dangerous Computer Virus Discovered!".

    3. Steve Evans

      Re: Think of the children!!!!!

      But 15,000 computers in the UK are infected!!!

      Out of... Hang on...

      Oh...

      54.5 Million according to http://www.mapsofworld.com/world-top-ten/world-top-ten-personal-computers-users-map.html

      0.027%

      Over hyped just a bit then...

    4. My Alter Ego

      Re: Think of the children!!!!!

      Quite frankly, I'm disappointed that El-Reg didn't end the headline with

      !!!!!!!!!!111111onehundredandeleven

      That's the reaction all the mainstream news seemed to be going for.

  12. Anonymous Coward
    Anonymous Coward

    Yawn

    I wonder how much it costs MS every year to make sure that no one EVER reports these things as Windows viruses instead of generic "threats".

    1. Chairo
      Devil

      Re: Yawn

      If you really need them, I am sure you can get them running through Wine, too.

    2. Mark .

      Re: Yawn

      With 90+% market share, it's the same thing.

      I don't see people mention specifically Windows when they release other kinds of software - it's just "PC"; same with mobile software, should they list the operating systems if it turns out they don't support Windows Phone?

      But no, don't let that stop with your tin-foil-hat conspiracy theory.

  13. Werner McGoole

    Ooh a nasty virus is coming to get us all....

    Sounds like business as usual to me. Actually, maybe just a brief holiday before returning to normal.

    Why all the fuss?

  14. psychonaut

    a bit late to the party

    we've been beating this one off (as it were) since September last year.

    get crypto prevent (free from foolishit - yes really) and protect your users. for you corporate types, yes, you already have gpols in place to prevent things executing from temp locations and zip files. for us in the sole trader/sme world who dont have the ability to lock down customers pc's to that extent, this easily sets gpols for them at the click of a button. and its free.

    also,as im sure you already know, make sure they have a versioning backup system. carbonite works a treat and they have a dedicated backup team who will help you roll back the infection till before it happened.

  15. Fruit and Nutcase Silver badge
    Coat

    One way of increasing Windows 8

    installed licence count

    1. Anonymous Coward
      Anonymous Coward

      Re: One way of increasing Windows 8

      You obviously haven't read the CERT advisory have you?

      Systems Affected

      Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8

      Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

Page:

This topic is closed for new posts.

Other stories you might like