Internet crime, Malware, Security

Nightmare malware: CryptoLocker

1 Comment

CryptoLocker is a particularly nasty piece of malware that has been terrorizing computer users since early September, 2013. It’s similar to other kinds of ‘Ransomware’ in that once it infects a computer, it offers to undo its effects if the perpetrator is paid.

Ransomware has been around for years, but CryptoLocker adds a new twist: it encrypts your data files – making them inaccessible – until you pay. So it’s not just annoying: it can effectively destroy your data. Without the proper key, the encrypted files cannot be decrypted. After you pay the ransom, CryptoLocker decrypts the encrypted files, making them usable again.

Other factors can exacerbate a CryptoLocker infection. IT workers who are able to remove the malware after data files have been encrypted may actually make things worse: without the malware in place, paying the ransom will have no effect – the files will stay encrypted.

CryptoLocker typically installs itself when an unwitting user opens an attachment in an email that appears to be from a legitimate business, such as a courier company. The attachment often looks like a PDF file, and appears harmless. But the attachment is actually executable, and it installs CryptoLocker. Once CryptoLocker is running, it will try to contact one of its control servers, from which it receives an encryption key. CryptoLocker then starts encrypting your files: it looks for files with specific extensions, on local and mapped network drives. It then displays its ‘ransom note’, which describes what has been done and how to pay the ransom, which is typically $300. You have four days to pay, after which the encryption key will be deleted and your files will be inaccessible forever.

I recently encountered CryptoLocker on a client’s PC. Luckily, the client’s anti-malware software detected the infection and prevented it from doing much damage. Among other things, it prevented CryptoLocker from contacting its control servers, so it never received an encryption key and didn’t encrypt any files. I was able to locate and remove the malware.

If you are hit with this malware, your best protection is a good backup. Without a backup, your only option is to pay the ransom. But don’t feel bad: you’re not alone. Plenty of other people have paid the ransom already.

So this is a good time to issue those familiar warnings to all computer users: back up your data, install good anti-malware software, and do not open email attachments or click email links unless you know the sender and what the email is expected to contain.

Ars Technica has additional information, and Bleeping Computer has an excellent FAQ for CryptoLocker.

Patches and updates, Security, WordPress and other CMS

WordPress 3.7.1 released

Leave a comment

Version 3.7.1 fixes several minor issues that arose in the recent version 3.7 release, including some issues with the new auto-update feature. The official announcement of version 3.7.1 lists the changes.

The release of WordPress 3.7.1 provides a useful test of the new auto-update feature. I administer five WordPress sites, which I updated to version 3.7 the day it became available. Of those five sites, only two have updated themselves to 3.7.1 in the two days since its release. I will continue to update this post as the other three update themselves. Then I’ll decide whether to leave auto-updates enabled or continue to handle updates manually. Update 2013Nov01: two more sites updated themselves in the last day or so. One remains at version 3.7. Update 2013Nov04: one of the sites never updated itself, despite passing the auto-update tests. I updated it manually. I’ve concluded that the auto-update feature is useful, but not to be relied upon – at least not yet.

There have been a lot of reports of problems with the new auto-update feature. Most of these problems relate to hosting providers and limitations they impose on WordPress sites. Some of those problems were resolved in 3.7.1. In any case, you can diagnose auto-update problems using the new plugin Background Update Tester.

Another new plugin named Update Control allows you to control the way auto-updates work, including disabling them completely.

WordPress Tavern has a useful post about the new auto-update feature, titled “WordPress Automatic Updates – No Options For You!” There’s also a post on WordPress.org: “The definitive guide to disabling auto updates in WordPress 3.7.”

Firefox, Patches and updates, Security

Firefox 25 released

Leave a comment

Mozilla released Firefox 25 on October 29, with the usual lack of any kind of announcement. I was alerted to the new version via posts on the SANS ISC Diary and the CERT alerts list.

The only thing even close to an announcement of the new version from Mozilla is a blog post from the 29th that describes one of the new features in Firefox 25. The blog post never even mentions the new version.

The version 25 release notes list the changes in this version, which consist of several security vulnerability fixes, a few other bug fixes, Web Audio support, and some CSS and HTML standards tweaks.

The Known Vulnerabilities page shows the security-related fixes in version 25.

Opera, Patches and updates

Update for Opera 17

Leave a comment

The Opera development team is working on the next major revisions of the Webkit-based version of the browser, which we will eventually see in the form of Opera 18 and Opera 19. The current stable version is 17, meaning that Opera 17 is not undergoing active development. However, the developers are fixing bugs in Opera 17, and that’s the reason for this update. Version 17.0.1241.53 includes fixes for several crashing problems in the previous release.

Google

Google axed Talk – and I missed it

Leave a comment

I suppose I shouldn’t be too upset about this, at least not like this guy. I wasn’t actually using Google Talk, but of all the chat clients I’ve evaluated, it was one of the best. Recently I’ve been using Skype for chat, and it works reasonably well. Everyone already runs it, which helps.

But I’m still surprised that Google snuck this one past me. I only discovered it when I allowed Secunia’s PSI (software that checks for missing updates) to update Google Talk. PSI claimed there was a newer version than the one I was running, so I told it to download and install the update. When it was finally finished, I was running Google Talk version zero: it had been removed completely from my computer. So I started looking into it, and discovered that Google eliminated Talk some time in May 2013. Google will tell you that what replaced it (Google+ Hangouts) is much better, but that’s complete crap.

Google has got to be hurting itself by eliminating all these services. Most serious professionals (including me) are now wary of using any free service offered by Google.

Microsoft, Mobile, Tools, Windows

Smartphones just became useful

Leave a comment

I don’t have a smartphone. I’ve fiddled with them, and I use one for app development. But the mobile device I actually use for day-to-day phone communication is an ancient Nokia 2610b.

Nokia 2610b
Hey, don’t laugh – it works.

I’ve never had any issues with call quality, or any other problems with this phone. It lets me download media from arbitrary web locations and use any sound file as a ring or other tone. It’s sturdy; I literally use it as a beer bottle opener. Of course it doesn’t have a full keyboard, and the buttons are tiny, but I’m no rapid-fire texter anyway. The display is very basic, but it works for me.

I’ve been tempted on many occasions to buy a smartphone. The coolness factor alone has almost triumphed, but so far I’ve resisted its lure. Sure, smartphones can do lots of cool stuff, and I have no doubt that if I owned one, I’d spend a lot of time playing with it. But in the end, the only features I would really use are the phone, contacts, text messages (including alerts from Google Calendar), and occasionally the timer and alarm.

Until today, I thought I might end up using the 2610b until it died (which is unlikely), the battery stopped holding a charge (original battery is still going strong), or somehow it was no longer supported by my carrier (also unlikely).

What changed my mind? Microsoft released a mobile version of Remote Desktop. That’s the software I use to remotely control the Windows PCs I administer. I use it to administer the media computer downstairs, and the server next to me. I use it to manage client computers in this and other cities. And I use it to access my main PC when I’m elsewhere. It’s indispensable. And now it runs on Android and iPhone devices.

This changes everything: now I have a valid reason to buy a smartphone. But I’ll continue to resist as long as I can.

Microsoft, Patches and updates, Windows 8.x

Windows 8.1 released today

Leave a comment

Windows 8 Service Pack 1 Windows 8.1 is now available. If you’re not already running Windows 8, you can purchase 8.1 from the Windows Store. If you are using Windows 8, you should start seeing prompts in the Windows Store to upgrade to 8.1 (a free download).

In the past, when a Windows Service Pack became available, savvy users tended to stay away until the inevitable problems were resolved. I don’t see any particular reason to charge blindly into Windows 8.1 either. My advice is to wait for at least two weeks and monitor this and other tech blogs for reports from early adopters.

Ars Technica and The Verge have additional information:

Java, Patches and updates, Security

Java 7 Update 45 released

Leave a comment

As part of a massive quarterly ‘CPU’ (Critical Patch Update), Oracle recently announced Java 7, Update 45 (7u45).

This new version of Java includes several security enhancements, mostly related to Java component deployment. A new button on the Security tab of the Java Control Panel, labeled ‘Restore Security Prompts’, allows the user to completely clear the list of allowed Java applications.

As for the contentious ‘Issue 69‘ Java security vulnerability reported by security researcher Adam Gowdiak: according to Mr. Gowdiak’s latest research, this issue was resolved in Java 7, Update 40 (7u40).

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.