SoylentNews is people
SoylentNews
CryptoWall, one of a family of malware programs that encrypts files and demands a ransom from victims, has undergone a revamp that is frustrating security researchers.
Cisco's Talos Security Intelligence and Research Group has now analyzed a second version of CryptoWall that has improvements that make it harder to detect and study.
The sample of CryptoWall analyzed by Cisco was sent via email in a ".zip" attachment. Contained in that attachment is an exploit that uses a Microsoft privilege escalation vulnerability, CVE-2013-3660 ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3660 ), to gain greater control over the computer, Carter said.
If opened, CryptoWall doesn't decrypt its whole binary but instead just a small part, which then checks to see if it is running in a virtual environment, Carter said.
CryptoWall won't continue to decrypt itself if it is running in a virtual machine. Files are sometimes analyzed in a sandbox within a virtual machine to check if they're possibly malicious.
http://www.computerworld.com/article/2865303/cryptowall-ransomware-variant-gets-new-defenses.html
Cisco has a full technical writeup on its blog. http://blogs.cisco.com/security/talos/cryptowall-2
(Score: 3, Informative) by Hairyfeet on Monday January 12 2015, @02:59AM
But sometimes obscurity works well, so why not use it? With my customers I use Paragon Backup & Recovery Free [paragon-software.com] and because its not on the bad guy's radars it works VERY well. You just set up Paragon and have it set up a backup capsule (which is a hidden partition with your encrypted backups) and set how often you want it to back up and voila! If they get infected with a nasty they just load the Paragon boot CD I give them, pick a time before they got pwned, and let it rip. Its not quite as nice and easy as Comodo Time Machine but sadly Comodo stopped supporting CTM a couple years ago so if they run anything newer than Win 7 I'd be leery of running CTM.
So as long as the security by obscurity benefits you? I don't see a problem with using it as long as that isn't ALL you have, just as I have my customers get USB HDDs and plug them in once a month so they have offline backups as well as the backup capsule so that if a bad guy manages to get their backup capsule they aren't just screwed. You should never bet on SBO but if what you are using is under the radar? I see no problem with enjoying SBO as a nice bonus.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.