Stories
Slash Boxes
Comments

SoylentNews is people

CryptoWall Ransomware Variant Gets New Defenses

posted by LaminatorX on Sunday January 11 2015, @07:17AM   Printer-friendly
from the another-brick dept.

AnonTechie writes:

CryptoWall, one of a family of malware programs that encrypts files and demands a ransom from victims, has undergone a revamp that is frustrating security researchers.

Cisco's Talos Security Intelligence and Research Group has now analyzed a second version of CryptoWall that has improvements that make it harder to detect and study.

The sample of CryptoWall analyzed by Cisco was sent via email in a ".zip" attachment. Contained in that attachment is an exploit that uses a Microsoft privilege escalation vulnerability, CVE-2013-3660 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3660 ), to gain greater control over the computer, Carter said.

If opened, CryptoWall doesn't decrypt its whole binary but instead just a small part, which then checks to see if it is running in a virtual environment, Carter said.

CryptoWall won't continue to decrypt itself if it is running in a virtual machine. Files are sometimes analyzed in a sandbox within a virtual machine to check if they're possibly malicious.

http://www.computerworld.com/article/2865303/cryptowall-ransomware-variant-gets-new-defenses.html

Cisco has a full technical writeup on its blog. http://blogs.cisco.com/security/talos/cryptowall-2

 
This discussion has been archived. No new comments can be posted.
CryptoWall Ransomware Variant Gets New Defenses | Log In/Create an Account | Top | 32 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by cmn32480 on Sunday January 11 2015, @09:42PM

    by cmn32480 (443) <reversethis-{moc.liamg} {ta} {08423nmc}> on Sunday January 11 2015, @09:42PM (#133806) Journal

    Sadly, Sandboxie is no longer shareware. It is now a subscription product.... see: http://www.sandboxie.com/index.php?HomeUse [sandboxie.com]

    --
    "It's a dog eat dog world, and I'm wearing Milkbone underwear" - Norm Peterson
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Sunday January 11 2015, @10:17PM

    by Anonymous Coward on Sunday January 11 2015, @10:17PM (#133812)

    KickassTorrents - search results for "Sandboxie" [kickass.so]
    Torrentz index - search results for "Sandboxie" [torrentz.eu]

    To be quite honest, considering the level of sophistication of malware today, I have no ethical problem with personal computer users on the Windows platform downloading and installing cracked versions of Sandboxie and setting it up to protect the hosts file and running all their browsers through sandboxes. They are doing themselves and the wider internet community a favor. Concerns about piracy in this instance can be thrown in the garbage bin.

    • (Score: 2) by cafebabe on Friday January 23 2015, @01:55AM

      by cafebabe (894) on Friday January 23 2015, @01:55AM (#137100) Journal

      Securing a black box with a black box is idiotic even if you get it from the approved vendor. Knowingly installing tampered software is a transfer of trust from an accountable party to an unaccountable party. This is not a favor to the wider Internet community.

      --
      1702845791×2