How Cryptolocker (Ransomware) gets installed and how to remove it!

Cryptolocker Virus!

I have been watching what has been going on in the past few days and thought it was high time I tell you about this nasty little worm or virus! It has been many months since I have talked about this and I wanted to help you understand how you might of been infected. If you have been infected and want to remove it, you can easily remove it by using Malwarebytes Pro, Which is a sponsor of my blog. The Malwarebytes Blog has some interesting stuff about what this bug really does to your files and what it encrypts!

Drive by download

Some would say it is coming from emails but I suspect it will get much worse before it gets better. If they are making money they will probably start advertising that you have a virus and when you click on the image you will be taken over to actually have the virus or worm as some would call it. It all started when scammers started infecting systems and doing the defederpageblock and others like that. They found they could actually make money by scaring people into paying. I even tried to help people by offering some great Antivirus And Antimalware tools to help fight off this types of infections.

So how are some ways to get infected? The basic ways are simple opening email links if you don’t know the sender. This is the most common approach by any scammer or spammer because you can’t really see where that link is going or even if they are trying to use a script.

Social Media is the next biggest way that you might get infected by clicking links in Twitter, Facebook, LinkedIn, and sites like that. You have to be careful but most of the time you can expand the URL by using a service like LongURL. I sometimes use this to find out where a shortened bitly link or twitter link is going to take me.

Googling or Searching is the next way an attacker would install this type of software on your system. They would just use scripts, known vulnerabilities, to force install or silent install this type of software in your system and if you were using something like NoScript you would be much safer than if you didn’t!

Installing untrusted software can lead to you getting infected by this virus and others if you think you have to have a piece of software for something then please do not use your Windows Admin account to install this on. You should try to see what others are saying about a particular software or application. It isn’t always going to be fool proof but it will at least slow it down.

Now these are a few ways you could get infected if you were trying to get infected with this nasty virus. Which case you would be paying 300 US dollars or 2 bitcoins which is how they want to keep getting paid. So if you don’t want to find your pictures, and important data encrypted, please put them on a recordable dvd and put them up! This would be one step to help fight this little problem.

I havent’ heard if it has infected any Apple, Android, or Linux Operating systems it looks to be primarily Windows Systems. I can assure you it will happen to these other OS in the coming months so don’t think you aren’t immune to this and other malwares or viruses. With Android having exploits in the wild you can bet they will targeted soon to encrypted your contact list and your pictures. This would be my next bet!

Why using the Reverse Pin number won’t work!

Seems to circulating around!

I got this email about this and wanted to clarify something about this and I wasn’t sure if this was a hoax or not.    Wikipedia is not helping this myth if it is but I will talk about the reasons why it won’t work and explain to you in detail the reasons!

Privacy!

In the Privacy Act of 1974, No business or organization can release personal information about you without your direct consent or without a court order.   Although this isn’t strictly followed by all Online business or organization.   In order for ANY ATM To disclose your location of the ATM you are at or even your financial information would be against the Privacy Act!

Terms of Service would be need to updated!

All banks would have to change their TOS just to cover their butts in case something would go wrong.  You would see bank after bank making sure you knew about the changes in their services when it comes to ATMS!  This would be one of the requirements to be able to do this!   

The Algorithm!

Let’s face it if this software was available, it would be a screaming security nitemare!  Every bank uses their own Algorithm and HASH in association with each account.   In order for an ATM to give out money from any institution it would be required to provide the currect security code which would be the PIN code.   So the bank would have to create both front door passcode(PIN NUMBER) and a back door passcord(Reverse pin number) to access your personal information and also what money you have on your account.   This two PIN approach would make your account much easier to hack and or guess your pin, if implemented!  Since the ATM would not know which pin is correct until it connected with the bank server, it would not know if the pin entered is correct or reversed until the bank granted access and thus it would be impossible to implement this!!

Safety and Such!

It would just cause more problems than it is worth.   Just think if you had to put in your pin in reverse wouldn’t it be more trouble and possibly cause more violence than it would solve.   I know I have ADHD and I wouldn’t be able to do it very easily.   If the robber wants the money he will get impatient and maybe even hurt the victim even more.   This is why it will never be implemented because in the long run.   It doesn’t stop violence or death it just is more inconvenience than anything.   Think about how long it would be before the police actually got to that ATM.  On average it takes 20 mins just where I live and I know the robber won’t stay their very long if at all!  Once he gets what he wants, your either dead or very lucky!   Just some stuff to think about!

Paul Sylvester

Why companies don’t consider Security and how to decode a Barcode!

Weak Security is NO security!

I am working with a company of late that few months and I must say their security is weak to say the least. They use Barcodes to establish who they are and what jobs they are doing.   It seems kinda simplistic to some but to me they are just asking for problems.   Now a days, 90% of people who work have access to some kind of smart phone, whether it be Android or IOS each one has their unique problems but I am not here to talk about their problems but to point out that each one can literally scan a barcode and decode it in a matter of minutes!

How to decode a Barcode!

If your looking to decode a barcode for Android, I can help.  Here are a few that I’ve found to work really well with any and all barcodes you might have a need for!

  • Google Goggles — This app for the Android is so interesting, I have installed on my phone just to see what would the world be like if we had those on Google Glasses which I suspect is coming soon!
  • Barcode Scanner  by ZXing Team — This is a good little app for those of you who just want to see what the code is and so forth.   It can does 1d, 2d, and QR Codes.   This is also a really useful app for those of you who want to see what the barcode at work really says about you!
  • Barcode Scanner by TACOTY CN — Another one that does basically what others do and it can decode any barcode that you might have to see what it really says about you.   
  • Scan by Scan, Inc — Here is a good tool for reading barcodes.   I really can’t say much more than this because they are do basically the same thing 1d, 2d, and QR Codes.   Works really well though!
  • ClearImage Free Online Barcode Reader / Decoder — Although this isn’t a app for Android it can be very useful for anyone who has a camera and would like to decode a barcode this way.   No need for a smart phone, just a camera will do that can take digital pictures.

The Problem!

The company I am contracted with thinks this is convenient and probably even thinks no one will abuse this.   I hate to think of who might use this to gain personal information about another worker or even get them fired.   It isn’t hard to imagine that someone may go so far as use someone else’s barcode just to get them in trouble.   So why use barcodes in business?  This is a constant problem that needs to be fixed ASAP for any business that does this might want to consider changing over to something a little more secure.   In the coming weeks, I’ll probably talk about this in more detail but until I fix the problems with this company I can’t go into much more detail.   

Paul Sylvester

 

 

 

Microsoft issues 1 Major update 1-13-09

Well it has been release Microsoft issued an update to the system:

[ad#ad2-right]

Vulnerabilities in SMB Could Allow Remote Code Execution

Microsoft Security Bulletin MS09-001 – Critical (KB958687)

This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

This is one of those updates you really need to install as soon as you can.   You should also get a free firewall or buy one.  I looks to be a vulnerability in the ports and if you’d have a firewall besides windows you should be safe but that is besides the point.   If you are security congenious then you should install this update ASAP.  If your worried this will effect you system then you will need to backup your system before you do this update.  If you feel you’ve might of been infected with this Vulnerability you could always go get a free antivirus program and scan your system.  This is the sure way of fighting a Virus and making sure your safe, although people argue that Paid virus programs are quicker to be updated with virus databases, it’s all in the matter of preferences.