Ransomware rears ugly head, demands $120 to unlock files - Computerworld

Ransomware rears ugly head, demands $120 to unlock files - Computerworld: "

Ransomware rears ugly head, demands $120 to unlock files

Online extortionists return in a pair of campaigns, say security pros

By Gregg Keizer

November 30, 2010 05:01 PM ET

Computerworld - Ransomware is making a comeback, plaguing users with extortion demands of up to $120 to return documents or drives to their control, security experts said today.

There appear to be two different campaigns underway, said Chet Wisniewski, a senior security adviser at antivirus vendor Sophos.

'It looks like we're looking at different samples,' said Wisniewski, referring to analyses done by Sophos and other security firms, including Kaspersky Lab and CA.

Last week, Sophos came across malware that used malicious PDF documents to exploit one or more since-patched vulnerabilities in Adobe Reader. If successful, the malware sniffed out a wide range of file formats -- including numerous media formats, Microsoft Office and OpenOffice.org document formats and image formats -- then partially encrypted those files to make then unreadable.

Other security companies have reported seeing the same ransomware, the term used to describe a scheme where hackers plant malware that encrypts files and then displays a message demanding money to unlock the data.

Unlike the previous variants, it doesn't delete files after encryption," wrote Kaspersky researcher Vitaly Kamluk on the company's blog. "Instead, it overwrites data in the files, which makes it impossible to use data-recovery software such as PhotoRec, which we suggested during the last attack."

U.S.-based CA reported Tuesday on a different kind of ransomware that tried to infect the master boot record, or MBR, of the hard drives of Windows machines, crippling them and making them unbootable.

Instead, an extortion note appears on the screen. "Your PC is blocked," the message reads. "Any attempt to restore the drive using other way will lead to inevitable data loss!!!:

The extortionists demand $100 for an unlocking key.

Users running the newest version of Adobe's Reader, which that company released two weeks ago, are safe from the PDF-borne malware, said Wisniewski. Reader X includes a "sandbox" designed to protect users from PDF attacks; Wisniewski confirmed that the sandbox stops the rogue PDF from infecting a Windows PC.

"And this is a great reason to do regular backups," Wisniewski added.

E-waste collection

This is for those squirrels out there - you know who you are... dead computers and parts collecting dust in the garage, office storeroom, bedroom...

Now Moreton Bay Regional Council is having an E-waste collection for residents in July 2010. You can drop off any electric and electronic items that are no longer needed. Only two weekend remain and the locations are:

Saturday 24 & Sunday 25 July 2010 - REDCLIFFE TRANSFER STATION 261 Duffield Road Clontarf

Saturday 31 July & Sunday 1 August 2010 - BUNYA LANDFILL Bunya Road, near Bunya State Forest

What is e-waste?

• phones/faxes
• mobile phones
• computers
• keyboards
• printers
• televisions
• video/dvd players or recorders
• cameras
• copiers
• music - CDs and DVDs
• gaming consoles etc

Where will your e-waste be taken?
Your e-waste will be recycled at Australia's largest e-waste recycling centre based in Sydney.

This is a better solution than dumping items in the bit where all those heavy metals in electronic circuitry end up going to landfill.

Roger Beck - Your Mobile Computer Repair Technician and IT Consultant

Just when Mac users thought it was safe...

When talking with Mac fans about the benefits of a Mac, the following statement is invariably stated "of course, the Apple Mac doesn't get any viruses". In reality, nothing could be further from the truth. In my computing timeline I have seen viruses progress from Unix to DOS to Windows in direct correlation with their popularity. Now we are seeing Macs being targeted as their popularity rises along with iPhones and similar devices. It is not the operating system that matters - it is simply how great a percentage of the population are using them. Read on the following articles to get a feel for this...

Apple secretly updates Mac malware protection &

Sophos reveals Mac OS X 10.6.4 includes limited protection against Pinhead-B Trojan

Researchers at IT security and data protection firm Sophos have discovered that Apple secretly updated the anti-malware protection built-into Mac OS X when it released a new version earlier this week.Read more

http://www.sophos.com/blogs/gc/g/2010/06/18/apple-secretly-updates-mac-malware-protection/


Note that this articele is backed up by the US-CERT site:

Apple Releases Security Update 2010-004 and Mac OS X v10.6.4

added June 16, 2010 at 09:54 am

Apple has released Security Update 2010-004 and Mac OS X v10.6.4 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with elevated privileges, conduct man-in-the-middle attacks, alter configuration settings, or conduct cross-site scripting attacks.

Note that these Apple updates include Adobe Flash Player plugin version 10.0.45.2, which contains vulnerabilities previously identified in Adobe Security Bulletin APSB10-14. The Adobe Product Security Incident Response Team (PSIRT) has published a blog entry recommending that Mac OS X users upgrade to the latest version of the Flash Player (version 10.1.53.64) after applying these Apple updates.

US-CERT encourages users and administrators to review Apple Article HT4188 and the Adobe PSIRT blog entry and apply any necessary updates to help mitigate the risks.

Additionally for the iPhone and iPod touch the following statements were published :

Apple Releases iOS 4

added June 23, 2010 at 09:26 am
Apple has released iOS 4 for iPhone 3G and later, and iPod touch (2nd generation) and later, to address multiple vulnerabilities across several packages. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, disclose sensitive information, bypass security restrictions, or conduct cross-site scripting attacks.

US-CERT encourages users and administrators to review Apple article HT4225 and update to iOS 4 as necessary to help mitigate the risks.

Happy Computing

Roger

Emergency Adobe Reader and Acrobat Update Released

You may have noticed a few updates required for your Adobe Reader recently. Please make sure to allow the updates. The article linked explains the security issues related to Adobe.

Technibble: emergency-adobe-reader-and-acrobat-update-released

It's not all about the football - we have to eat as well

More from S. Africa...

Dear reader,

I won't dwell too much on the football as I assume that those interested will be up to date anyway,and those not interested don't want to know anyway.

Suffice it to say that if England beat Slovenia we're through, but the way we are playing we couldn't beat an egg let alone a football team. If we draw we may still sneak through depending on result of USA v Algeria.

If the other 'we' (Oz) beat Serbia we may get through depending on result of Germany v Ghana.

Enough of football.



Sun City - which is where we have been for last few days is actually a very pleasant place to stay; much better than what I remembered from my last stay here in 1996.
For the Oz v Ghana game at Rusternburg we were offered food and drinks from the local church, as our coaches were parked in their grounds; the first photo is the cook in action - this is not a joke by the way.

Yesterday we went to Brazil v Ivory Coast at the very impressive new Soccer City Stadium in JOBURG. the itineraray had us travelling while NZ were playing Italy so an early coach was organised for those of us who wanted to watch the game, with a booking made at a soweto 'restaurant' to watch the game and have lunch. See attached photo for this 'restaurant'.

My fellow Wheezers would not be surprised to hear that I have a breakfast story to add to the back catalogue. we have been having breakfast in the 'Gary Player Club House'. It's a very pleasant place with views over the golf course; it's also the cheapest place to have a full breakfast. the food is good but the service is a bit hap hazard. The English verbal communication skills of our waitress yesterday were not the best. Chris oredered his meal - bacon, eggs etc. not without difficulty. To make things esay I just ordered exactly the same as chris. the order was duly taken and subsequently delivered. Chris was presented with a plate with beans and bacon on it and I was presented with a plate with the eggs and sausages on it. Chris transfered his plate to mine and we managed to convey to the waitress that we wanted another plate of food to match what was in front of me!

Back to football - There have been some atrocious ref decions, more so than in previous world cups, not the least being kaka's sending off yesterday.

I'm about to go and watch the Spain v Honduras game,and tomorrow we head off to Nelspruit / Kruger NP for the next leg.

One of my readers has mentioned that he has been getting spam from Sth Africa since receiving my emails. if you have been receiving any Sth African spam please let me know.

For those of you (well there's only one of you, and you know who you are) Sth Africa is 8 hours behind Oz. Txt messages at 06.00 am after I only got to bed after 02.00 are not real welcome.

dateline - Sun city; Monady (I think) 19.00 hours.
John Milce jmilce@sherborne.com.au

Hello All,
Some more info from our reporter in South Africa for the World Cup. For those interested, John (as well as his business (www.sherborne.com.au) ) is the drummer in the famous 'Wheeze & Suck' band www.wheezandsuck.com

Dear reader,

we have decamped from Durban and are now safely ensconced in Sun City, along with the English and Aussie WAGS and the Ghanian team - or 'The Hope of Africa' according to the slogan emblazoned on the side of the coach.

Durban was pretty good,and it's claim to be 'the warmest place to be' isn't wrong cf Sun City. There was ice on the ground when I went for a walk at 07.00 this a.m.

The vuvezelas are still the hot topic out here. One irate Sth African wrote in to a newspaper comparing the Europeans (his words) attempts to ban it as being typical european colonialism, denigrating black african traditions and culture etc. Unfortunatly for him it has nothing to do with black traditions and culture at all. Apparently it was invented all of 7 years ago by a white jewish Sth African - maybe he has a zulu ancestor in his background. I embarrassed chris at the Spain v Swiss game. A swiss guy in front of me spent almost the entire first 15 minutes blowing as loudly as he could on his bloody vuvu, paying scant attention to the game. I tapped him on his shoulder and asked him why he had paid US$160 to watch a game of football and wasn't actually watching it. That shut him up for 10 mins or so, and when he resumed playing it, it was a bit more subdued.

My one regret so far has been not getting a chance to taste a local Durban delicacy called a 'Bunny Chow'.At first I thought it was a colloquial term for salad, but it turned out to be a hollowed out loaf of bread with the centre filled with curry! The Durban equivalent of a chip butty I suppose.

One of the problems with staying in a hotel room with your son is that the bathroom floor is awash with water every morning.Without Angie here to remind me every day, I forget to put the shower curtain inside the bath and the bathmat and floor get a good soaking. Fortunately Chris doen't seem to mind.

The coach trip from Durban through the African veldt (I hope you noticed how I seamlessly slipped into the local lingo then (note to Wheezers - that was LINGO, not Dingo)) was pretty uneventful.The landscape was flat to undulating grassland with hills in the distance and the occasional maize field. I was hoping to see some wildlife but only managed to spot a small herd of deer and a rhino, which on closer inspection turned out just to be a large rock ;-(.

One of the guys on the bus saw an ostrich though; well actually he saw more than 1 but I'm not sure if the plural of ostrich is ostrich or ostriches and I didn't want to display my ignorance.

Sun City is much bigger than it was when I was here in 96. There are 3 hotels plus the 'Cabanas' where we are staying. It's built like an upmarket motel rather than a hotel. The rooms are modern and quite good with views over a lake. Lots of bars, restaurants, places to watch football etc as well as plenty of outdoor activities, which Chris is currently sussing out.

The attached photo is me and Chris before the Oz v Germany game outside durban stadium before it all came crashing down (Oz's world cup dreams, not the stadium).

That's all for now; 2 important games to watch to-day - germany v Serbis,with opinion amomgst the Oz supporters divided as to whether we want Germany to win, or draw. Tonight is the big game - England v Algeria.

Let me know if the photo takes too long to load. If it doesn't I'll send more photos with future reports.

signing off from Sun City

Your intrepid adventurer

John M

Your (safe & sound) stay at home reporter - Roger
www.mobilecomputerepairs.com

Replacement motherboards

It looks like repairing 'not so old' PCs has suddenly got a lot more expensive...

Most PC's built in the last 3-4 years have all been equipped with some sort of DDR2 RAM -as opposed to the older DDR1 spec. So when a motherboard fails in one of these PCs it is a simple matter of replacing the motherboard and keeping the CPU and RAM. Worst case scenario (if the the client is happy for a performance boost) the CPU could also be replaced as the newer CPUs (even at the cheapest) usually outperformed the original CPU.

Now I notice that the supply of these motherboards has dried up - to be replaced by the even newer DDR3 spec RAMs. This means that clients have to fork out extra for replacement DDR3 as well - compounded by the fact that DDR3 seems to be supplied in minimum config of 2GB. While this is a good thing - especially those Vista machines strangled by only 1GB of memory - it means an extra spend of about $60 to $120 depending on the quality of the RAM supplied. And I should mention that 1GB DDR2 RAM is about half that price.

I guess it is one way of up-specing those 'not-so-old' machines!

Happy computing
Roger
www.mobilecomputerepairs.com