World still standing? It's been two weeks since Cryptolocker, Gameover Zeus takedown by feds Two weeks have passed since the feds knackered the systems doling out the GameOver ZeuS and CryptoLocker malware to PCs. G-men warned us the world had just a fortnight to clean up compromised Windows machines and defend them from the software nasties before their masters regrouped. That time has passed ... and not much has …
Not of much use for Cryptolocker since it seems to be updated faster then AV Software. If you are running the pro version of windows you can block appdata but no policy editor for home versions.
So it's down to don't click on crap... we know how well that works.
"Repelling cybercrime is not the responsibility of individuals." -- Amichai Shulman
Oh, really? Which part of, "DON'T CLICK ON THAT!" is somebody NOT supposed to miss?
A neighbor of mine, back in the late 1990s, bought himself a computer, and I helped him get set up with the Internet connection and all that. So he's browsing around the web, and there's a banner ad claiming that he has mail. So he clicks on that and lo and behold, the browser jumps to a site that he didn't actually want to visit. Well, duh!
I set my landlord's new notebook computer up for him. He calls me up, says he can't get to the Internet. I come over and take a look, and it's fine. Turns out that he thinks the Internet is Yahoo!, and if that isn't the start page, then there's no Internet.
We have crap OSes, browsers, etc., and nobody has a choice but use the things. The average person out there really does need to learn to lock the door and bar the windows, because that's what the environment is! The police are only part of the answer, but there's precious few among them who have the skills to do a serious net dive and parse apart a botnet or other network.
If it's the job of the police to secure the net, then it's the responsibility of Microsoft, et alia, to write good and secure software. And Microsoft and the rest should be fined, and hard, for not doing it! Using best practices means actually using best practices! Not publishing a book about it, and then writing the biggest bunch of crap code I've seen.
But the muddlehead is going to keep clicking on crap, because they are muddleheads, and all they've got to use is a crappy OS.
"Oh, really? Which part of, "DON'T CLICK ON THAT!" is somebody NOT supposed to miss?"
It's OK for the likes of us, who have enough experience to smell a dodgy email, but for many, it's not an unreasonable thing to click on an attachment or a link, on the basis of "that's how computers work, isn't it?"
My aged m-i-l fell victim to one of these scams, and the experience destroyed her confidence in using her computer. Now it's much harder to keep in touch with her children, scattered across three continents. So there are other consequences than merely financial to these criminal activities.
Another anecdote:- a business I support recently sent a paypal invoice to a new customer who was nervy about using the online shop. The customer, who again seems over-cautious, now is not sure if she should open the link in the resulting email from paypal to go through the payment procedure. How can one person say "click on the link" but another "never click on a link"?
This is rather more complex in practice than blaming either users or the police.
A neighbor of mine, back in the late 1990s, bought himself a computer, and I helped him get set up with the Internet connection and all that. So he's browsing around the web, and there's a banner ad claiming that he has mail. So he clicks on that and lo and behold, the browser jumps to a site that he didn't actually want to visit. Well, duh!
Yeah, I just removed 17 different bits of malware from my neighbours laptop, as it had finally ceased to function.
But the muddlehead is going to keep clicking on crap, because they are muddleheads, and all they've got to use is a crappy OS.
Thing is, my neighbour is a carpenter, not a techie. He's not supposed to understand how botnets work or malware spreads. Or is it your view that only car mechanics should be allowed to drive?
If it's the job of the police to secure the net, then it's the responsibility of Microsoft, et alia, to write good and secure software. And Microsoft and the rest should be fined, and hard, for not doing it! Using best practices means actually using best practices! Not publishing a book about it, and then writing the biggest bunch of crap code I've seen.
Microsoft have made massive strides forward in security terms, over the past ten years or so, but yes, there is further to go. Given Java is responsible for most exploits last year though, there's only so much they can do.
If we took the view that UK law has global reach (bear with me), and set a mandatory jail sentance of one week per machine compromised, we could go a long way to eliminating the problem. Sure, some people will continue because they'll think they're safe, but the first teenager jailed for 10,000 years will curb their enthusiasm for exploits.
2 infections at customers this last fortnight. Both cases idiots clicking on attachments, and lack of knowleage on these nasties.
Yesterdays was full restore from backup and wipe offending PC clean.
We tell them, they still do it.
I think the security services need to borrow some people from Hereford to sort it out at source.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
