Cyber Security

DanPickUp

Well-Known Member
The National Security Agency advised its officials to cite the 9/11 attacks as justification for its mass surveillance activities, according to a master list of NSA talking points. It's been 12 years since the attacks of 2001, but the NSA apparently still regards that fateful event as the strongest argument for expanded spying authority. But of course no word about any reason for spying on UNO, IWF, Presidents, Nations, foreign Industry, Embassy's all over the world, Swift, Spain, French, Indians, Germans, Geneva, Universitys all over the world and so on and on. It is all because of .............

http://www.washingtonpost.com/blogs...ficials-never-seem-to-stop-talking-about-911/

http://america.aljazeera.com/articl...ed911askeysoundbitetojustifysurveillance.html

And here the PDF about that talking points:

https://s3.amazonaws.com/s3.documentcloud.org/documents/813096/nsa-talking-points.pdf
 

DanPickUp

Well-Known Member

Einstein

Well-Known Member
Ransomewares are the reason why people should stop using XP(vulnerable Operating systems) and must have antivirus/antimalware/firewall in their system. :thumb:

A Trojan by the name CryptoLocker has attacked quite a few computers in India.
The Trojan locks the desktop, encrypts files, then displays a ransom demand.

FURTHER DETAILS -
Discovered: September 11, 2013
Updated: November 4, 2013 4:55:18 PM
Also Known As: Trojan.Gpcoder.H [Symantec], CryptLocker.B [Norman], Trojan:Win32/Crilock.A [Microsoft], TROJ_CRILOCK.NS [Trend]
Type: Trojan
Infection Length: 346,112 bytes
Systems Affected: Windows 2000, Windows 7, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP

The ransom demand may include the following message:


The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files. To obtain the private key for this computer, which will automatically decrypt files, you need to pay.

This normally gives 72 hours to pay. It has asked US$300 from the victims.

When the Trojan is executed, it creates the following file:
%AppData%\[GUID].exe
Trojan then encrypts documents on infected computers and connected shares or drives.

You need to know following to protect yourself:
The Trojan locks the desktop, encrypts files, then displays a ransom demand
After initial infection, file encryption on the infected machine will start after few hours, thus quick detection will help to prevent the damage
Encryption is using PKI mechanism using a with Public Key with criminals having Private key on some secret server on Internet.
You can not decrypted your files without Private key.
Trojan can be removed by accessing registry but files encrypted can not be decrypted by removing trojan. Further damage can be limited. Trojan sits in Application data folder under Documents and Settings folder with a long name ending with .exe.
This trojan comes either as an attachment to an email or through phishing site. So, do not open any attachment (especially but not limited to .vbs, .bat, .exe, .pif and .scr files), unless you are sure it came from trusted source. Do not get lured or conned by phishing mail.
If you have an email server, configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
Keep security patches up to date and use credible anti-virus with latest signatures and anti-spam filters. Do not open any link on an untrusted email.
User awareness is essential. Hence this information.
Once a computer is infected, this trojan connect to some specific domains or contact its specific C&C server.
You must back-up your data and files regularly.
You must have a working backup policy and plan. It should be Daily / weekly / fortnightly depending upon your data criticality and new addition or modification. Do not take backup on same computer. You backed-up data should be on removable media. Files on this removable media will not be encrypted, if not connected to computer. This will be your insurance. You can restore these files after cleaning the Trojan.
 

DanPickUp

Well-Known Member
@Einstein

Thanks to come up with that information about that Trojan.

@Gandhar

Thanks to give the link to that problem.

Here an other way to save or protect your self a bit more against such bad downloads:

http://www.sandboxie.com/

Install it and then run your browser Sandboxed. This will safe you at least to a certain point. Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

But you still have to follow the following rule which is also posted from Einstein. A rule for any thing you do not know what it is when you download it: So, do not open any attachment (especially but not limited to .vbs, .bat, .exe, .pif and .scr files), unless you are sure it came from trusted source. Do not get lured or conned by phishing mail.

Take care / DanPickUp
 
Ransomewares are the reason why people should stop using XP(vulnerable Operating systems) and must have antivirus/antimalware/firewall in their system. :thumb:

A Trojan by the name CryptoLocker has attacked quite a few computers in India.
The Trojan locks the desktop, encrypts files, then displays a ransom demand.
Here an other way to save or protect your self a bit more against such bad downloads:

http://www.sandboxie.com/

Install it and then run your browser Sandboxed. This will safe you at least to a certain point. Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.
hmmm.. very interesting malware. I wonder if one can protect the computer by always running it in vmware or deepfreeze.. any ideas ??
 

Similar threads