SoylentNews is people
SoylentNews
CryptoWall, one of a family of malware programs that encrypts files and demands a ransom from victims, has undergone a revamp that is frustrating security researchers.
Cisco's Talos Security Intelligence and Research Group has now analyzed a second version of CryptoWall that has improvements that make it harder to detect and study.
The sample of CryptoWall analyzed by Cisco was sent via email in a ".zip" attachment. Contained in that attachment is an exploit that uses a Microsoft privilege escalation vulnerability, CVE-2013-3660 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3660 ), to gain greater control over the computer, Carter said.
If opened, CryptoWall doesn't decrypt its whole binary but instead just a small part, which then checks to see if it is running in a virtual environment, Carter said.
CryptoWall won't continue to decrypt itself if it is running in a virtual machine. Files are sometimes analyzed in a sandbox within a virtual machine to check if they're possibly malicious.
http://www.computerworld.com/article/2865303/cryptowall-ransomware-variant-gets-new-defenses.html
Cisco has a full technical writeup on its blog. http://blogs.cisco.com/security/talos/cryptowall-2
(Score: 0) by Anonymous Coward on Sunday January 11 2015, @07:10PM
Add these entries to your HOSTS file to blacklist the Cryptowall 'phone home' to its TOR servers:
(Score: 0) by Anonymous Coward on Sunday January 11 2015, @07:16PM
The first two addresses have 'commas' which should be replaced by 'full stops'
(Score: 0) by Anonymous Coward on Sunday January 11 2015, @07:20PM
I just worked around your hosts file
abcd.eportfolio.ccpullman,ca
abcd.ccpullman,ca
abcd.mg-unterburg.ch
abcd.sportantiques.co.uk
abcd.mcgownguild.com
abcd.drk-wettringen.de
abcd.rock-times.com
abcd.footstepsphotography.co.uk
abcd.choosingcruising.co.uk
abcd.felixwoman.com
abcd.projetorideal.com.br
abcd.jimcole.be
abcd.jes.or.at
abcd.artpartner.cz
abcd.meihuainfo.com
abcd.grekiskaforeningen.com
abcd.cup-neumann.de
abcd.areaverda.com
abcd.yemekyapmak.com
You need a real DNS server to pull off what you are trying to do.
(Score: 0) by Anonymous Coward on Sunday January 11 2015, @07:42PM
A software program which hooks 'Ring 0' and runs as an always-on driver-service.
At the configuration window for our program, we have an edit field which is named 'Blacklist'. Any path/folder/file entered into Blacklist will be flagged if touched and our program redirects all related processes into a sandbox and opens a dialog with the user.
Problem solved.
On Windows systems, I think you can do this with Sandboxie (shareware).
(Score: 2) by cmn32480 on Sunday January 11 2015, @09:42PM
Sadly, Sandboxie is no longer shareware. It is now a subscription product.... see: http://www.sandboxie.com/index.php?HomeUse [sandboxie.com]
"It's a dog eat dog world, and I'm wearing Milkbone underwear" - Norm Peterson
(Score: 0) by Anonymous Coward on Sunday January 11 2015, @10:17PM
KickassTorrents - search results for "Sandboxie" [kickass.so]
Torrentz index - search results for "Sandboxie" [torrentz.eu]
To be quite honest, considering the level of sophistication of malware today, I have no ethical problem with personal computer users on the Windows platform downloading and installing cracked versions of Sandboxie and setting it up to protect the hosts file and running all their browsers through sandboxes. They are doing themselves and the wider internet community a favor. Concerns about piracy in this instance can be thrown in the garbage bin.
(Score: 2) by cafebabe on Friday January 23 2015, @01:55AM
Securing a black box with a black box is idiotic even if you get it from the approved vendor. Knowingly installing tampered software is a transfer of trust from an accountable party to an unaccountable party. This is not a favor to the wider Internet community.
1702845791×2
(Score: 1, Informative) by Anonymous Coward on Monday January 12 2015, @07:05PM
Sandboxie is good for running untrusted programs inside sandbox containers (such as your web browser) as well as protecting processes from tampering. It is not used for protecting selected files and folders.
To protect the HOSTS file from tampering, this is the program you want:
Secure Folders (freeware) [securefoldersfree.com]
Product Description
I bet you have files and folders on your computer that you would like to protect in one way or another. Whether you want to hide, lock or set folders as read-only, Secure Folders will help you out, and for free. You can also use the application to set a no-execution protection to the folders you select.
Secure Folders can help you protect as many files or folders as you want irrespective of their sizes. It uses a stealth protection engine that even advanced computer users cannot reveal.
You can either install the application in the standard way or as a portable application that remains hidden. You can install it on a USB drive and use it on different computers without the need for any more installation. The application allows you to set password protection for both uninstall and application settings. You can open application settings using a hotkey.
Using Secure Folders is easy. You can browse and select files and folders or drag them to the program’s window and then select the type of protection you want.
Features:
- Unlimited number and size of files can be protected
- Hidden (portable) installation support. Application can be installed to USB drive
- Password protection for application settings and uninstall
- Windows Explorer context menu integration
- Ability to configure applications excluded from protection
- File paths can include wildcard masks
- Hot key to open application settings
- Application has no performance impact on your system
- Extremely easy-to-use user interface
Combining 'Secure Folders' and 'Sandboxie' into a protective suite......
we can use 'Secure Folders' to protect the HOSTS file from being tampered, and then configure 'Sandboxie' to protect the 'Secure Folders' executable from being tampered.