Stung By File-Encrypting Malware, Researchers Fight Back
itwbennett (1594911) writes "When Jose Vildoza's father became the victim of ransomware, he launched his own investigation. Diving into CryptoDefense's code, he found its developers had made a crucial mistake: CryptoDefense used Microsoft's Data Protection API (application programming interface), a tool in the Windows operating system to encrypt a user's data, which stored a copy of the encryption keys on the affected computer. Vildoza and researcher Fabian Wosar of the Austrian security company Emsisoft collaborated on a utility called the Emsisoft Decrypter that could recover the encrypted keys. In mid-March Vildoza had launched a blog chronicling his investigation, purposely not revealing the mistake CryptoDefense's authors had made. But Symantec then published a blog post on March 31 detailing the error."
The myth that the 'security' industry is at the root of the problem
Senior NCO in the fight against entropy. I've seen things, man. Things no one should have to see.....
It's in Symantec's interest that the authors mitigate the weakness in their malware so the threat will permeate through media and people will continue to be terrified into buying copious amounts of security software that in most cases won't even mitigate the risk.
At first Symantec's actions sounded dismaying, but in the long run using every opportunity to publicize the folly of using that API is probably beneficial. I've spent years trying to dissuade people from using (old) Excel's password "protection" due to the false sense of security. That Win API has the same effect—convinces the masses they're employing secure means when in fact they're not.
The so-called security industry is big part of the problem.
While they continue to peddle their snake oil and sticking plaster solutions that the underlying problem. Microsoft and company will continue to peddle insecure crap ware.
That's a pretty common ad-delivered site that's been around for a while. It has an "onunload" function that pops up an error message when you try to leave the site. Chrome added a checkbox to disable the message, so they made their error message so long it goes off the bottom of the screen and since its a dialog box, you can't scroll the text to get to the checkbox, you just have to trust it's there after the third or fourth alert: hit tab, space to check the box, tab again, space to hit ok.
If I have been able to see further than others, it is because I bought a pair of binoculars.
They can't keep up with the known threats
Comparative reviews since February 2009 - February 2014
Out-maneuvered by new threat vectors
Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt
Conventional security software is powerless against sophisticated attacks like Flame, but alternative approaches are only just getting started.
Some of them even get it, Eugene Kaspersky admits :
The contemporary antivirus industry and its problems
And this is why I don't allow javascript to run on arbitrary sites.
Because javascript can be used to do way too many annoying things. Like websites which think they can disable my right click (so I can use the back button) because they think I'm going to steal their images.
It's also why Flash doesn't get installed on machines I control.
Lost at C:>. Found at C.
Symantec are the dumbest bunch of dumbfucks ever.
Combine that with shit software and the worst customer support in the business and the only conclusion is that Symantec can't die fast enough. Die Symantec, Die.
You can have my SIG when you pry it from my cold, dead hands.
You fool! You foolish fool!
Now you've really done it! You've gone on and told them we know what their popup UI exploit was! Now they're going to add their OWN buttons above Chrome's and God help you if you try selecting it and entering!
Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
One of the probably reasons they store the key on the box is because it's easier than having it on a remote server. A remote server can be taken out, unreachable, and you have the extra added problem of associating the decryption key with a specific box. That's a pain if the box isn't connected to the public network (i.e. it was infected through another vector).
If the key is local it's easier. You can even mail them a USB stick with the decryption application if you wanted to.
Future victims of this criminal organization should sue Symantec.
Class action lawsuit.
I also think that criminal charges for aiding and abetting would apply as well.
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
Another item is that a lot of enterprises have a data recovery agent. That way, if EFS is used, one just cracks open that key, decrypts everything, calls it done.
I'm sure this will be fixed in the next version of the software. Malware is the most well written and meticulously supported software being created in the computer industry these days.
Okay, stupid question time...
If someone took a disk image during the time when the virus was in the process of encrypting files, would it be possible to find the key in the paging file?
Security through obscurity is a long-debunked myth. You people need to get over it - hiding an exploit only guarantees its continued effectiveness (obsecurity works both ways, protecting the exploit as well as the exploited). Exposing an exploit causes people to work to close the exploit and put it out of business. There's a short-term loss as every script-kiddie takes advantage of their newly discovered toy, but a greater long-term advantage in securing systems against said exploit.
To be sure, secrecy can be used to add to security - but the secret should be what you've done to close the holes, not the fact that those holes exist.
I take special delight in stealing the images of sites like that.
While personal preference lets you do what you want, I'm fine with having that control with Javascript. The browser balances out the bad with user control. For pop-up dialogs, there is the checkbox to stop more. For right-click - well - there's always the inspector.
Dialog boxes that are too long need to be modal only to the tab and size limited, with scrolling enabled for long content.
malware of this nature probably wouldn't even be feasible if it wasn't for bitcoin and it's kin. There'd be no way to anonymously extort money from victims.
Not the case.
CryptoLocker’s creators also recently shifted their monetization tactics, giving willing users additional time to pay the ransom with bitcoin or MoneyPak.
Strains of this in the past were using MoneyPak (prepaid cash card) to extort money just fine.
http://blog.trendmicro.com/cry...
Somebody (I assume with a personal agenda or an ax to grind) has downmodded a reasonably intelligent post.
And people wonder why I get pissy about sites which don't work without JS/Flash/whatever-gizmo-du-jour.
Ah, blaming the tool again.
(PERSONAL OPINION). Is cryptocurrency any different? I can make money for free by "mining" for valid cryptostrings (there's my cheap, excellent steak sandwich), but the primary players are guys from the Silk Road, et. al. Sooner or later, a government somewhere will squash cryptocurrency (and seize any value therein) under whatever variation of the RICO act they have. Too bad - I really liked the steak sandwiches there.
Yeah, good luck with convincing the people who use a currency specifically because it's not controllable by the government to report said use to said government.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
Now I finally know what API means.
This is a hacked account, for which the owner can not be held responsible.
OpenBSD?
I think we've pushed this "anyone can grow up to be president" thing too far.
has turned out to be "oh, but you had to have already given it permission."
Citations please.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
Precisely my point.
I haven't seen one of those for a while, but the right-click menu comes up on release. On sites that pop up a "right click disabled" messagebox on *click* you can just hold the button down, OK the popup, and then release the right button to trigger the menu.
Of course that doesn't work on sites that disable it silently.
When the tool appears to have no legitimate usages, yeah I'm gunna say this tool is inherently bad, I could even go as far as to say the tool encourages illegal behavior.
Sort of like Napster of the late 90's. It simply had no other use than to STEAL music. Bitcoin has no other use than to hide financial transaction data. I simply don't buy we need a currency that's not attached to one of the many governments in the world. What advantages do bitcoins offer over US Dollars? Besides the fact they're hard to track (Because wallet id's are anonymous, unlike bank accounts involving US Dollars.) Well one advantage is this malware right here. You can't set up a way to receive EFT's without being traceable.. unless you do it with bitcoin. Another advantage of bitcoins is tax evasion. Where are the legitimate uses for this???
I'm pretty anti-government but I also I don't like criminals committing crimes and I see this tool and see how bitcoin operates in the wild and I'm sorry, I'm not seeing a heck of a lot of legitimate usage. I do keep hearing about crimes involving bitcoins. Clue?
Oh one other thing, if you're going to reply with legitimate uses, please also add in why it is better to use a bitcoin instead of US Dollar in your legitimate use. Legitimacy should also have advantage over it's predecessor, otherwise, there's no point in the legitimate use. You wouldn't use one sharp knife over another just because it looks different. It's just as sharp.
I'm not, because it's not my job to do your thinking for you.
I have no personal interest in cryptocurrencies outside of academic curiosity. But I am able to admit that my range of speculation isn't all-encompassing, which is where we appear to differ. You feel justified in basing your decisions on the premise that if you can't imagine something, it doesn't exist.