SoylentNews is people
SoylentNews
CryptoWall, one of a family of malware programs that encrypts files and demands a ransom from victims, has undergone a revamp that is frustrating security researchers.
Cisco's Talos Security Intelligence and Research Group has now analyzed a second version of CryptoWall that has improvements that make it harder to detect and study.
The sample of CryptoWall analyzed by Cisco was sent via email in a ".zip" attachment. Contained in that attachment is an exploit that uses a Microsoft privilege escalation vulnerability, CVE-2013-3660 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3660 ), to gain greater control over the computer, Carter said.
If opened, CryptoWall doesn't decrypt its whole binary but instead just a small part, which then checks to see if it is running in a virtual environment, Carter said.
CryptoWall won't continue to decrypt itself if it is running in a virtual machine. Files are sometimes analyzed in a sandbox within a virtual machine to check if they're possibly malicious.
http://www.computerworld.com/article/2865303/cryptowall-ransomware-variant-gets-new-defenses.html
Cisco has a full technical writeup on its blog. http://blogs.cisco.com/security/talos/cryptowall-2
(Score: 2) by opinionated_science on Sunday January 11 2015, @05:10PM
well I'm using ZFS-on-linux, and I am completely amazing by it. I did try BTRFS for a bit but I am still waiting for them to "work out the bugs". I had one of those "SSD killers" hit me, but fortunately this is an enterprise SSD and so not so bothered...
Still I can see why people would be a bit nervous, but ultimately it is preferable to ZFS. BTRFS is IN the kernel and will always be there. ZFS is external and requires work to stay in sync.
If Larry ever wants to convince he is NOT evil, he should relicense ZFS so it can be included in Linux.... I'm not holding my breath on that one!!!
(Score: 2) by kaszz on Sunday January 11 2015, @06:28PM
How does these "SSD killers" happen?
Why is non-GPL code "evil" ? and what is the specifics in CDDL that makes it GPL incompatible?
(I guess CDDL is BSD compatible?)
(Score: 2) by opinionated_science on Sunday January 11 2015, @06:44PM
there was a bug in BTRFS before 3.19 that when a file got full, it got into a "i can't write" loop, that essentially overwrote the same piece of the journal again and again...
Or something like that. The comment in the kernel was "Oops! Another SSD Killer caught there...", hence I like the phrase. I read somewhere that non enterprise SSDs have a lot fewer "spare" cells, and this sort of frantic rewriting (oh forgot to mention it was doing it at 250MB/s!! Got to love SSD speeds!! ), will simply burn through the spare cells.
Perhaps someone out there really knows the technology ,but suffice to say I will not touch BTRFS for a few months....!
(Score: 2) by kaszz on Monday January 12 2015, @12:13AM
Seems just in line with Linux wild west programming ;)
ZFS is nice but has some horrendous RAM requirements.
Perhaps there's any alternative for that evil demon line of operating systems, like the "free" one? ;-)
(Score: 2) by opinionated_science on Monday January 12 2015, @04:26PM
I sprung for as much RAM as I could get in a box for my calculations - RAM is not the problem. I could do with a 1000 TFlop GPU though.....
(Score: 2) by kaszz on Monday January 12 2015, @04:40PM
How many GFlop GPU do you get now? and with what hardware?
And for what application?
(Score: 2) by opinionated_science on Monday January 12 2015, @06:39PM
GROMACS, 2xGTX980, 10TFLOPs (single), though I thing it runs at ~2TFLOP (single). 3D FFT is a problem... Will give some Xeon Phi's a try soon.