Friday, June 27, 2014

Webroot suddenly detects an old fake antivirus trojan

Today, on my Dell XPS laptop from 2009 (purchased with Windows Vista, upgraded to Windows 7 at the start of 2011), Webroot Secure Anywhere flashed a warning in its "W" notification icon (no pun intended) that a threat had been detected and that a scan should be run immediately.

The scan detected a signature for an old trojan, "Rogue.Gen", which appeared to be only in a directory used when it was on Vista.  I would have to presume that Webroot had made an upgrade to its Cloud definitions that led to this trojan's being detected.   It was removed or quarantined easily.  It appears to be an old executable that attempts to lure the user into buying fake anti-virus software.

The is the first time this has happened for me with Webroot Secure Anywhere. 

Tuesday, June 17, 2014

NBC Today show warns about Cryptolocker; more info on security strategies

NBC’s Today show reiterated a warning to the public about Cryptolocker this morning. The video depicts a typical home user as totally vulnerable, and not have taken any precautions to back up important data.

Visit for breaking news, world news, and news about the economy
Security companies and technology journals have written a lot about this Trojan.  Sophos, which works with Webroot, has a typical article (Oct 2013), and Webroot’s threat blog offers this, on Dec 6, 2013, link,   
External backup drives are likely to be infected simultaneously also.  So an important strategy is to make backups regularly (every day if possible) of your major work, and disconnect the drive.  According to Webroot, cloud backups (like Carbonite) are safe, but I would check on this. Carbonite’s own writeup here  is a bit ambiguous.
It’s relatively trivial for a tech (like Geek Squad) to disinfect a computer from this Trojan, but the encrypted files are lost forever until ransom is paid.  It sounds as though in this case, files are often restored because the object of the criminal activity (a lot of it overseas) is to make money, Putin-style.
It’s a good idea to have several physical backup copies, and to keep one offsite, perhaps in a safe-deposit box, possibly some distance from your home (in case of big natural disasters).   It’s a good idea to use optical discs for backup if EMP ever becomes a threat. It’s always a good idea to think through one’s entire security strategy, which varies enormously by circumstances.
The biggest risk for this form of ransomware seems to come from email attachments.  There is also some risk with botnets, so people who use P2P might be at higher risk, as are those who are attached to other people’s or office network drives.  You might minimize email risk by opening “risky” emails on older computers that don’t have important files.  I find that about 80% of spam has a fishy email sender address  (you can run the mouse over it to see it, usually from Russia or China), but some spam actually spoofs the sender so that this doesn't work. 
Not everyone uses some of the more vulnerable, fast-paced areas of the Internet, and not everyone is at equal risk.  But keep in mind that your circumstances can change when you start to work with or sell content to others. 

Update:  June 21

I've noticed numerous UPS delivery notifications in my spam folder recently, so I suppose these are attempts to send copycat cryptolocker trojans.  To get these when you haven't ordered anything is an obvious red flag.

Besides the usual "Nigerian scams" and bogus warnings about bank accounts and credit cards I don't have (and I've checked my credit reports;  they're clean), I see a lot of business proposals that are really, well, dumb.  

Thursday, June 05, 2014

End-to-end encryption will be available for Gmail

Google has announced support to “end-to-end encryption” with Gmail, according to some media sources such as Cory Doctorw’s story in “BoingBoing”, link here. The use of the service requires some technical skill and loss of passwords or keys could mean that service might be lost permanently under a particular account.  It is not practical for most users for ordinary personal or perhaps even routine business use.  However, it would prevent the possible interception of messages by the NSA or conceivably hackers.  
Google’s own Blogger entry is here. This is probably not a high priority in practice for most users. 

Monday, June 02, 2014

FBI apparently busts cryptolocker, but hasn't apprehended the Russian comic book villain

The US DOJ has disrupted the implementation of the "Cryptolocker" and "Gameover Zeus" trojans, by seizing servers and redirecting traffic away from them to fake servers, according to some news stories, including this one from ABC, here.  (See earlier story on Nov. 15, 2013).
Cryptolocker would demand ransom (in bitcoin) to return files to an infected user that had been wiped out (and that would propagate onto any cloud saves, which is one reason it's still a good idea to make offline baclups anyway).

The DOJ is trying to apprehend Russian hacker Evgenly Bogachev, although success in doing so seems unlikely given strained US-Russian relations, over issues like the Ukraine, Edward Snowden, and even the anti-gay law.  In fact, Russia's business model these days seems to be predicated on criminal enterprises to steal money from US companies and even individuals.