The anti-virus snake-oil salesmen are panicking - Windows is no longer viable in corporate environments (Windoze 8 is a telephone "operating system").... They're going to try to persuade Unix / Linux / BSD users that they "need" their (useless) products!
187 posts • joined 18 Jul 2012
Re: What does this really mean?
This is the problem with journos that only deal with Windoze - they have no real understanding of *nix, and assume that proper operating systems are as trivially attacked as their system of choice. There's one variant of this "Snake" worm that piggy-backs on Windows documents and can (try to) attack VM-Ware. It doesn't work!
Re: A good network security team at Sony then...
Surely they should've been able to detect such a large-scale intrusion?!
Nope - they "run" Windows.....
Re: Err? @ Asylum Sam
No where near close enough to worry about.
Within a few streets? Close enough for a small tactical nuke, then!
NetMarketShare hasn't got a clue - Android phones (vastly outselling Windoze and iPhone together), set-top boxes, routers, every webserver on the planet (apart from a few in Redmond and Cupertino), every web-enabled device...... The list is endless. If you added up all the installations of Linux globally, it'll be more than all the rest together!
Linux desktop uptake is admittedly small at present, but as long as MS continue with trying to push their silly telephone interface as a desktop (Windoze 8) and as long as Apple continue to charge insane prices for poor quality commodity hardware (albeit with a shiny label on it), Linux uptake will continue to grow.
Quality offerings like openSuse and Mint will do a lot to persuade the great unwashed that life after XP really is open-sourced and free!
PICNIC = Problem In Chair, Not In Computer
Re: Good work officers, keep it up.
Good work officers, keep it up.
It is good to see police going after cyber crime and it is good to see them succeeding.
They haven't scratched the surface......
Re: Well at least they're trying
Perhaps we as an industry should devise better OS that ordinary users dont need a degree level education to configure properly
We have it already - have you tried a recent Linux distribution? Please don't trundle out the "difficult to use", "free, so it can't be any good" and all the other usual excuses....
You have nobody to blame but yourself if you persist in using Microsoft brokenware. In fact you deserve the consequences of your negligence!
The Police haven't got a clue about "cybercrime". The claims of £6.8bn stolen is actually trivially small when compared to the spectacular manipulation of exchange rates (carried out by abusing insecure Windoze servers) and the other corporate abuse of computer systems. The reality of the amounts stolen or diverted is several times the Police claim (and Plod thought they were over-egging their press release!).
Now, back to the negotiations with this Nigerian Prince I met on line.......
I needed a laugh!
Windoze for phones is about as credible as Windows for Warships (remember that debacle?).
When will MS learn that they're done? Office 365 is just a poor, expensive version of other, much better, free cloudy office solutions. Windoze 8 is a dog and totally unusable on the desktop. The security problems that have existed from before NT4 are STILL present.......
MS is finished - it just hasn't stopped twitching yet!
Re: I've installed Cryptoprevent
Bwah ha hahahahaha!!!!!!!!
See "complacency" above.......
Re: AdBlocker / NoScript
AdBlocker / NoScript
Question - Would either of the above addons, individually or in tandem, effectively prevent such driveby infection?
Nope. It's trivially easy to bypass these. Some legitimate adverts already do!
AC - There are several immediately obvious (and some more subtle) flaws in your overly extensive back-up strategy, and you'll be just as likely to be a victim of this ransomware scam if you're still using Windows to face the internet.
Sadly, Windows (l)users still believe that they're invulnerable if they have tha latest MS updates, and they have a "firewall", "anti-virus", "anti-trojan", "anti-malware", "anti-hijack" and all the rest of the completely bogus "security" software slowing their already Windoze-crippled machines to a crawl.
None of them believe it can ever happen to them, and when it does, they fork out their hard-earned because they never backed up anything. Stupidity can be VERY expensive!
Re: Well lets name them....
just how wrong can one post be?
"Screening Detection" is trivially simple - even an advertising "executive" would be able to work out that a banner Ad is too big - that it's got something extra. They charge by the size of the data transmitted, and everyone (except malware providers) do all they can to minimise the size of their submitted code.
Any credible online advertising ageny won't be using anything like "AVG" - they'll actually have people who can examine the file in detail and will find the embedded code. The miscreants in this instance have identified and used Agencies with the technical know-how of "mark 63"
Re: admin password needed
Nope. The worst thing about this attack is that it doesn't need administrative intervention to install itself. The infection vector is a deliberate security hole introduced by Apple to facilitate their automatic security updates! A great example of shooting oneself in the foot.
The moral is (as we've said about MS since the 1980s) that "ease of use" shouldn't ever compromise security - MS made a whole series of stupid "ease of use" decisions which bite them to this day. Apple have now done the same and will suffer for it.
Re: Borked my PC
My time's too valuable to waste fighting faulty software. That's why I stopped using anything from
Microsoft over 20 years ago!
Remember - Microsoft have NEVER released any product that works properly!
Re: I, too,
I just wish we had some councils here in the UK who'd tell Virgin where to go.....
It's trivially easy to get rid of anything Microsoft - I did back in the early 90s. The company I work for got rid of everything Microsoft in the mid-90s..... We now refuse to deal with any company that still tries to send us MS-format files, and we've even stopped dealing with one bank because of their reliance on the MS brokenware - if they care that little for the security of data, they don't care about the security of your money!
Re: Pirate product keys in comments
The Americans still fondly believe that their "Laws" apply to the rest of the world too!
WAKE UP USA! You're NOT the world's policemen and your silly laws don't apply to the rest of us who live in truly free democracies.
Marketing Droids get "put on hold" - they get as much Radio 3 down the phone as it takes to realise that they've been "forgotten".... The record (that we're aware of) is over half an hour!
As far as Plod's concerned, Ethics is just North-East of London.....
Re: You mean that isn't "normal" for EE?
It's deliberate. EE have crippled their 2G and 3G facilities in an effort to FORCE their users to move to more expensive 4G plans. This is a dirty, underhanded tactic and is contrary to the terms of their licence. OFCOM claim to be "investigating" but I wouldn't trust them to find knockers on Page 3....
EE deserve to be stripped of their licences and have their infrastructure forcibly divided up between the remaining networks.......
I can answer that - practically zero.
Re: Headline should read "Note 3 Twice as Strong as iPhone 6"
You can be certain that Apple will wriggle out of repairing / replacing these sub-standard efforts. They will invoke some tiny-print sub-clause in their warranty agreement that absolves them of any blame for poor design or manufacturing flaws.
They obviously discovered that their prototypes were too expensive to make and too heavy to sell, so decided to compromise the mechanical rigidity of the product in an effort to maximise their profits - after all, Apple fanbois are notoriously uncritical and very defensive of their favourite products!
In this first week, I've seen these bricked by flawed updates, killed by defective batteries (they partially charge once than fail to re-charge), bent, with cracked screens straight out of the box, and just simply not working from new....
Apple need to recall these things, admit they got it very wrong, and ship a new product that addresses all the flaws as soon as possible. This might allow them to retain some of their market share....
MS products frequently fail to work with modern hardware, and MS's worthless and expensive "certification" process doesn't make it any more likely that a third-party driver will actually work. MS' marvellous clipbook algorithms are copied wholesale from Gnome circa 2003....
MS are (roughly) five years behind Apple and more than ten years behind Linux and BSD. They will continue to play "catch up" for the rest of their (short) existence. Large corporations, governments and other institutions are now asking why they are blindly paying exhorbitant licence fees to MS for products that NEVER work properly - ever more of them are migrating away from Windows.....
Just remember: Microsoft have NEVER released ANY product that works properly.
Re: Great...just what the world needs...
Go to the front desk and complain that their nearest competitor offers free wi-fi - why don't they? I have never failed to get free wi-fi in any hotel I've stayed in by this ruse.
Hotels are slowly beginning to realise that this isn't a viable revenue stream any more. Some that I've stayed in lately have made great play of the "now we have free wi-fi" selling point. It will become ubiquitous in time....
I got so fed up with morons yelling "I'm On The Train / Bus / Tram etc" that I now carry a small, homemade mobile jammer. It has a range of about 15m, and now I can travel on Public Transport in peace and quiet. it's also useful in meetings, at the cinema or theatre and so on. It's (sort of) antisocial I suppose, but a lot less antisocial than being assailed by the usual racket made by mobe users in public places.
When will people learn.....
There is no reason to "run" any version of the MS brokenware. Migrate to a proper operating system....
Re: I'm getting stabbed...
I'm uploading a particularly nasty version of the old CIH virus to these scammers. It spreads via local ethernet as well, and after thirteen reboots, it re-writes the BIOS rendering the target machine un-bootable. I don't know how many of these clowns have received this yet, but the USB sticks I sent to a few people have been used (and duplicated) very widely. Let's hope a lot of their machines are now paperweights.....
Re: They've got you...
As far as the plods are concerned, using any electronic equipment makes you a terrorist suspect
Using anything other than Apple or Windoze turns you into an arch-hacking criminal. I had a couple of Scotland Yard's finest Defectives maliciously impound two of my computers - simply because they ran OpenBSD in one instance and Mint Linux in the other.
After a few days, I got a phonecall from their "computer forensics" department demanding user passwords (they couldn't work out how to circumvent them themselves) - I pointed out that if they couldn't achieve something as trivial as recovering a user password, then their "forensic" skills wouldn't be up to analysing the contents of the machines anyway. I got both machines back a few days later with their hard drives wiped with a tape demagnetiser!
I sued. I won. I got very substantial damages out of the Met and the Defectives don't work there any more. The machines were restored from back-ups, of course!
It's scary how incompetent these clowns are!
For Crying Out Loud.....
MS have no idea whatsoever about security. They never have, and never will.
Their idea of "security" is to obsfuscate their abysmally poor code and cross their fingers......
The truly worrying thing about this whole mess is that the 'mericans believe that they have jurisdiction over OFFSHORE servers. Once again, the USA want to meddle in the affairs of another country - since when was Ireland a state of the USA? They seem to fondly believe that their "Laws" apply to the rest of the world!
The US Government can request the data from the Irish Government, but will probably be told where they can stick their request!
It's also rather worrying that MS can claim to have any kind of data security - everyone knows that this is complete nonsense.
Here come more Cryptolocker attacks!
Another nail in Microsoft's coffin.
Re: Still doing the rounds
Some of the fakes are quite convincing these days. There's fake McAfee, AVG and Avira - install any of these free "anti-virus" efforts, and the machine is effectively trashed. One of them was particularly malicious and corrupted the machine's BIOS once it had spread further - this was obviously designed to trash a company's computers, but got into the wild!
The only real cure to this virus nonsense is to run (almost) anything other than Windoze, and make sure that you're running as a "normal" user. As ever more people leave the M$ malware for proper Operating Systems, the prevalence of these viruses will reduce.....
The truth of the situation is significantly different to this bizarre "survey". The Mobile Network Operators (MNOs) make extensive use of user and call classification to determine how likely you are to get service. The more you pay each month, the higher up the priority list you are. The MNOs claim that they do not do this, but it's very interesting to compare the quality (and reliability) of service for someone on an old "Orange" account against a much higher-priced 4G "EE" user.
It's an easy test to do - get two identical telephones (we most recently used two Samsung Galaxy S3s for this experiment), one on 3G "Orange" at £17 per month and the other on 4G "EE" at £48 per month. The "Orange" phone struggled to obtain even voice and text connections in most areas (we tested in both cities and rural areas). We swapped the SIMs between phones to eliminate the possibility of a defective handset. The "EE" phone had (mostly) flawless service....
When EE were questioned about this, they persisted - right up to board level - in claiming that they did not do this. However, the evidence is damning. This same experiment has been widely carried out with other pairs of handsets and on other accounts. In all cases the quality of service is invariably proportional to monthly charge. This is (of course) contrary to the terms of their licence, but getting OFCOM to actually do any work is impossible, so they're getting away with this.
A final proof was to do a little hacking of the SIM and of the phone firmware to (effectively) fool the networks by spoofing the mobile equivalent of the "user agent" - it's possible to get truly flawless service with a 3G-only phone on EE, but only by making what are probably illegal changes to the way the handset operates.....
EE know exactly who I am, and I'd welcome the time in court to defend my "libel", but they won't do it, so my friends and I will continue to use hacked handsets and get premium serice at a budget price.
Interestingly, O2 and Vodafone have similar user classification (if you're on "Tesco Mobile", you're SOL) but the differences are a bit less striking.....
I had two clueless Scotland Yard defectives (they really were "dicks") try to steal my computers because they didn't run Windoze or anything else they recognised: I must have been up to no good....
The error of their ways was explaned to them by my (very expensive) legal eagle, and my successful damages claim ran to six figures.
I don't think they're defectives any more - they'll be lucky to be directing traffic.
Re: Proud Windows Idiot
"Proud Windows Idiot"? You certainly are.
Hopefully this will be the end of this Windoze nonsense. If there's any residual sense in Redmond, MS will licence BSD and put their useless shiny stuff on top (like Apple did some years ago).
Unfortunately, the "Proud Windows Idiots" of this world will still manage to give the scammers their credit card details and continue to send their money to Nigerians in the hopes of big payouts......
Re: Treacle OS
"Linux becomes bedevilled with the issues Windows has now.
That's the price you pay for going mainstream."
I'll use small words, so that the Windows users can understand:
Linux is so basically different that the many kinds of malware that afflict all versions of Windows cannot work. To infect a Linux machine with a virus (yes, it is possible), you actually have to deliberately install it yourself! Even then, it will only affect your own files - not the underlying system or other user's files.
Hopefully, this will end this Windows nonsense for good!
Re: This is silly.
"I think MalwareBytes has been looking into hidden register values for years."
You're wrong. It might look at a few of the normally readable Registry entries, but won't get to the system-level stuff - which is where the malware gets concealed.
This and the next couple of Cryptolocker attacks are going to render Windows entirely useless.
Sell your stock now!
Re: No files ?
"AV programs have been scanning the registry for some time now."
Only the parts that are readable to you. They can't read the larger part of the Registry because it's deliberately obsfuscated. The malware is written to the obsfuscated part of the Registry, of course.
Remember - all "Anti-Virus" software is reactive and will invariably lag months behind the development of new malware. Remember too that it's trivially easy to write malware for Windows - it's always been (effectively) Open Season, because the fundamental structure of the "OS" is entirely wrong.
A series of stupendously stupid decisions made by the infamously stupid Bill Gates back in the 80s - placing "Ease Of Use" above every other possible value - has made every version of Windoze vulnerable to simple attack.
[Sue me if you disagree, Bill - you know where I am!]
Re: "Registry tidying tools seem to break a lot more than they fix."
"It would seem to me that if there's something lurking in the Registry, a utility such as CCleaner would easily find it and fix it. Trivial."
Sadly, no. Besides - do you really want the innermost workings of your "Operating System" exposed to third-party software?
Re: "a tool Microsoft uses to hide its source code from being copied"
Or scan the Registry - which many AV tools can do anyway.
Errrr.... No. There is deliberate obsfuscation in the Registry in an effort to conceal some of the inner workings of this sorry excuse for an Operating System. There are no AV Tools that can decrypt the Registry to a sufficient extent to be able to find (and eliminate) the malicious code. Furthermore - who'd want some AV software altering the contents of the most vulnerable parts of the "Operating System"?
Incidentally, this isn't really new - there was credit-card detail stealing software that was hiding itself in the Windows 98 Registry. It was just kept quiet because it showed just how useless the AV Software actually is.....
Re: Not wanting to defend plod, but
I had plod take away several computers. most returned damaged in one way or another (they'd frequently tried to remove the hard drives with the wrong screwdrivers). I sued and won. I now own several very high specification machines paid for by the clueless Metropolitan Police. The two "defectives" who insisted that the machines "had to be impounded" are no longer employed by plod.
The stupid plods assumed that any computer that required a password for access must be harbouring something illicit. When they were granted access to a guest account on the machines, they couldn't understand that there was no "Word" or "Internet Explorer". They didn't understand that they were Linux (Mint) desktop machines. They had this gently explained to them, but decided that "Linux is only used by hackers" and the computers had to be impounded.
The fundamentally stupid thought processes of these two clowns were breathtaking. They also felt the need to arrest all the registered users of the machines for unspecified "cybercrimes" - obviously something they'd read about in the "Sun"......
Re: @Daniel Palmer
Daniel seems to be particularly unlucky with his hardware. Perhaps he should replace his nylon carpets and start wearing leather soled shoes and clothes without "man-made" fibres.
I've used dozens of Rpi machines of various types for any number of functions. They have all been entirely reliable and many are in continuous use. My only real hardware-related gripe is that it would be nice to have some more RAM to play with. However, at the price, these little machines are amazing!
MS are just beginning to realise that the have no viable product for over 90% of their previous userbase. Users don't want Windoze 8 - it's a tacky, unstable, bloated resource-hog that won't run most legacy software and looks like a toddler's toy. Windows 7 nearly got it right, but rather than sort out the problems, they decided to ditch it in favour of their brightly-coloured computer game.
In terms of underlying software issues - their products are still based on the nasty, flawed, unstable NT kernel - they still haven't had a better idea. Unless they wake up, realise where their core business comes from and redesign their offerings from the ground up, they're dead. They just haven't stopped twitching yet.....
MS got rid of the real programming talent in the last round of job cuts (that's where Google got many of theirs). They really have dug themselves a very large hole!
Just one more reason to avoid Windoze.......
...and then try to run SCADA system on Windows machines - just how many points of vulnerability do you need?
The utter stupidity of the beancounters who won't countenance anything other than Microsoft OS purchases, the beancounters trying to run technologically sophisticated enterprises without the slightest understanding of what the company does or how it does it - no wonder so many tech companies fail.
As long as we have beancounters valued more highly than engineers, these stupidities will continue. People need to understand that book-keeping is trivially simple - I can teach anyone to do it in an hour - and an "accountant" is just a book-keeper in a suit. They should be paid accordingly.
OTOH, engineers actually ADD VALUE to a company, and so should be well paid - ideally with some kind of profit-share as real motivation. They should also have the majority of input into technical products.
Thank goodness that Windoze is banned from most nuclear sites!
Re: well minted
Unfortunately for the malware writers, a user really has to want to bork a Linux machine. Users don't run with admin rights, so users can't install executables. It's a simple concept, but one that continues to elude Microsoft.
MS took a bunch of decisions in the late 80s which still haunt their operating systems to this day. There is no way to make a Windows machine secure - other than switching it off.
The Windows apologists and fans around here who sneer at the apparently small market share conveniently forget that their routers, Tivos, internet service providers and their favourite websites all run Linux (and couldn't work as effectively with any other OS.
Windows is just a pi$$-poor, insecure, slow, bloated and expensive client for a Unix world!
Re: It just boggles the mind
Perhaps you should read the article a little more closely - it infects Windoze only. What a surprise!
Re: Might consider this
There's no accounting for the stupidity of some users. A teapot would be too technically taxing for that clueless AC!