back to article Student promises Java key to unlock Simplocker ransomware

A university student claims he is set to release a Java application to decrypt the first ransomware to hit Android devices. The Simplelocker ransomware was revealed 7 June by malware analysts at Eset targeting devices in Eastern Europe. It encrypted via AES large swathes of files on Android device SD cards demanding users pay a …

COMMENTS

This topic is closed for new posts.

Colour me an idiot, but..

I don't think (under)grad status is indicative of ability...

7
0
Anonymous Coward

Re: Colour me an idiot, but..

Agree, especially in security, where for each script kiddie that does not have an idea of what he/she is doing and merely replays scripts downloaded from somewhere there is a (perhaps even highly paid) "security consultant" that does not know what he/she is doing but merely downloads and runs scanning tools downloaded from somewhere.

7
0
Anonymous Coward

Re: Colour me an idiot, but..

Baring in mind the underlying issue here, perhaps he could write a version in something that isn't an insecure malware magnet like Java? C# for instance would be a much better choice.

0
1
Silver badge

Bearing in mind that the unlocker is probably supposed to be a tool that can execute from a web page, it seems logical to use the programming language that can do that, which is Java.

Microsoft C may be another possibility, but that does not mean that choosing Java is a bad choice in and of itself.

The real issue us that, whatever the language used, some criminal will come out with a web page looking like the one to unlock Simplocker, but actually uses Cryptolocker to nail the phone down permanently. The usual crop of inattentive/clueless users will get caught and mayhem will ensue.

0
0
Silver badge

Re: Colour me an idiot, but..

Perhaps he wanted a native android app.

I assume the source code is in java, but the bytecode is not.

0
0
Silver badge

Re: Colour me an idiot, but..

Baring in mind the underlying issue here, perhaps he could write a version in something that isn't an insecure malware magnet like Java? C# for instance would be a much better choice.

Nice try my dear AC MS shill, but you fail at comprehension. The ransomware's running on Android, thus coding is done in Java (though compiled for Dalvik, not Java). C# is an MS only tech and after all it's basically pirated Java anyway.

0
0
Silver badge

Next step?

How prevalent are malware infected Security tools? I don't think most AV is, though it can slow your computer worse than malware and even remove vital files.

1
1
Anonymous Coward

Re: Next step?

That's actually why I refuse to use Norton and advise all people to stay away from it.

While I was at uni Norton detected a virus on my PC, and didn't give me any options other than saying it had already removed it and needed my PC to restart to complete the removal. Turned out the 'virus' was explorer.exe. Luckily a system restore somehow brought it back.

A few months later, it did the exact same thing to a friends PC, only he didn't have a recovery image, so we had to borrow explorer.exe from somebody elses PC and pray to god it worked (it kinda did, but was buggy as hell, but good enough for him to get his work off / saved games)

A year later I decided to install Norton on a different PC, after all I'd paid for it (Not me personally, family member) within a month it tried to delete explorer.exe again, as wella s starting to block me from installing a load of my older games.

I haven't touched Norton since.

6
0
Silver badge

Re: Next step?

Predictable:

"That's actually why I refuse to use Windows and advise all people to stay away from it."

:-D

(And why the friggin' heck is my icons panel always hidden?)

0
4
Silver badge
Thumb Up

Re: Next step?

"And why the friggin' heck is my icons panel always hidden?"

Because something in one of the many pieces of JQuery is setting "display: none". So a quick bit of GreaseMonkey action and I have my icons back. Good stuff.

0
0

Re: Next step?

I had the same problem with Norton, so stopped using it. A friend had Norton and within a couple of weeks their HDD ran out of space - turned out Norton had got into some sort of cycle of writing so some weird temp file consuming 90% of the drive (all that which wasn't OS).

Let's not stop there though... I've had problems with McAfee consuming 100% CPU and a lot of disk after a sleep-cycle (not to mention after a year they automatically tried to renew me on a 3-seat license when I'd only bought a 1 seat license, and when I called and said "I only have 1 PC" they continued to push 3-seats "just in case").

I've had to remove Kapersky completely because I can't VPN when it's installed (VPN will connect but none of the company subnet routing works - no traffic goes over the vpn link).

In the end, uninstalling the Windows Virus-Ready Edition and moving to Linux desktop seemed the best bet.

3
2
Silver badge
Happy

Re: Next step?

""That's actually why I refuse to use Windows and advise all people to stay away from it."

That's great - for the desktop. But this is about mobile... by your argument, would you refuse to use Android and advise all people to stay away from it?

2
1

Re: Next step?

It's not unknown for viruses to modify system executables (like, for example, explorer.exe) to insert malicious code, you know.

2
0
Silver badge
Mushroom

Re: Next step?

Well, yes, as much as I'm not a fan of "back in my day" musings I have to concede things do change, and mostly not for the better at all. I clearly remember Thunderbyte Antivirus disinfecting test-files I infected on purpose for study, returning a file that was binary-identical to the original, except the zeroed-out part at the end where the virus had been; repeating the experiment after creating a "clean state" database first, the disinfected file was an exact copy of the original even in size.

Exercise for the reader: compare and contrast with current state-of-the-art "Just deleted Windows, I'm sure you don't mind?" approach...

0
0
Anonymous Coward

Sophos is worse

Enterprise Sophos, about 18 months ago. The update decided that nearly every file updater was a virus so went around and deleted every one, including its own.

So now Sophos could update, nor things live Java or Flash. Many company stopped working. You couldn't remotely remove Sophos from the enterprise console due to the missing files.

In the end the only way to rectify was to visit/remote in to every PC and uninstall Sophos. Took about 36 hours without sleep and we never fully fixed the mess even after a 6 months (software repositories on network drives were affected as well as some servers).

How their testing (they claim it went through 5 levels of testing but they don't try on an actual windows machine) let it through is ridiculous. Therefore I will never use Sophos again as any AV update should only see false positives on niche products that it is unlikely to be tested against - never be able to remove it's OWN files!

0
0
Silver badge

Re: Next step?

"would you refuse to use Android and advise all people to stay away from it"

I'd be close to doing so, yes. My own experiences with Android have been less than stellar. Although that's mostly down to shoddy coding by the likes of HTC.

What irks me about Android is the impossible to uninstall crapware (e.g. Facebook), although I guess that's more the fault of the carrier.

I guess my biggest peeve with actual Android is the total lack of clarity over permission. Apps suddenly claim they need to access my identity, contacts, location, media (e.g. TuneIn Radio). Why? They the feck does it need that? Why doesn't Android have the tooling the allow me to block such privacy invasions?

Hell, why doesn't Android support the likes of CardDAV be default? Ho hum.

2
0
Silver badge
Coat

Re: Next step?

"Why doesn't Android have the tooling the allow me to block such privacy invasions?"

When you consider how big a player Google is in Android's development (to the extent of trying to create a walled garden around it), I'd have thought the answer was obvious...

0
0
Silver badge

Re: Next step?

Or, you could just stop installing rubbish - never had any trouble with the free MS Security Essentials, or Windows Defender which is now installed as standard.

0
0
Silver badge

Re: Next step?

No crapware on my Nexus.

One of the downsides of fine control over permissions is that you get clueless users who think an app doesn't need a permission, but then are first in line to vote it 1 star because "it doesn't work right". There are loads of apps out there, so one should always vote by dropping apps with stupid permissions. (Not that I'm saying it can't be improved.)

0
0
Silver badge

"even an undergrad can crack it"

Really?

Universities (should be) taking the cream of the intellectual/motivated crop. So getting to be an undergrad should be a badge of honour stating "I have the chops to do this, or learn how to do it at the very least".

I will agree that the Labour and Tories parties have done their level best to destroy the credibility of UK degrees, but let's give credit where it is due. Simon Bell (and his profs) are exactly the kind of people we need.

So less of the snide belittling of a proper undergrad, please; save that for the fake undergrads doing combined degrees in hairdressing and homoeopathy (although the hairdressing does at least have practical value).

13
0
Silver badge

Re: "even an undergrad can crack it"

Surely the whole point of being an undergraduate is that you're there to learn? If you were already an expert then you'd be wasting the money on the course!

0
0
Silver badge

Re: "even an undergrad can crack it"

The whole point of being an undergrad is that you should already be the cream of the crop. That means you should arrive bursting with energy and maybe even self-taught on some things (easier in some subjects than others).

From the looks of his blog, that's exactly the kind of person we have here.

Also, he is a third/fourth year undergrad and so getting close to be ready for the real world.

What uni gives you is the framework (structured lessons etc) and resources (equipment, profs) to learn. Whether or not one does is up to the individual - spoon feeding ends after the sixth form.

2
0

homoeopathic Hairdressing

Re "even an undergrad can crack it" Well said.

homoeopathic Hairdressing : Is that the one where you cut 1/10 of a mill of one hair and that's £50 please sir,

5
0

Re: homoeopathic Hairdressing

That would actually qualify as a haircut, no matter how small. The homeopathic barber sits in his chair, and says 'My great grandfather used scissors to cut hair once, and kept them in the same bag as the scissors over there. That'll be £50.'

3
0
Bronze badge

The decrypt app Its in the Play store and costs...

260 Ukrainian hryvnias (£13)

5
0

Really?

Google could modify the OS to create a randomly named file in a random location, then any program that attempts to modify it gets blocked. Like honeypot of last resort. Or how about the filesystem alerts the user if a single program is making LOTS of file changes across multiple folders and halts its operations until the user offers input.

Will there be false-positives, sure, will it miss overly clever programs, sure, but how is doing nothing still acceptable in 2014. "Hey, should Candy Crush be scanning all your user files? It's up to 450 rifled through so far. Just thought I would let you know." How is that not something the OS should have been doing all along?

0
0
Bronze badge

Re: Really?

"Google could modify the OS to create a randomly named file in a random location, then any program that attempts to modify it gets blocked."

So when I go browsing MY phone to find where I copied that file I need, I can then lock out my file browsing app when I start to wonder what the "do not touch this file.dat" is for and end up deleting it because it looks dodgy/useless?

0
0

Re: Really?

Well if you make it a habit of purposely changing or deleting the contents of random binary files in your OS all the time, then yes, I suppose you would eventually lock yourself out.

But on a realistic note, everyone else in the world might benefit.

0
0
This topic is closed for new posts.

Forums