| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 136009 | 2014-01-09 03:47:00 | Crypto anyone | wainuitech (129) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1364741 | 2014-01-09 03:47:00 | Any One want the Crypto Locker or a possible varient of it ? :D Ya Think ? Should sent it back eh :D 5454 Put it onto a workshop PC, made sure it wasn't connected to the LAN / Internet. ( just in case) Went to open it, instantly the Eset Smart Security Firewall poped up and blocked an out going attempt, ( wouldn't have got far as it wasn't connected) then Nod32 ( the antivirus section) killed it.:devil 5455 Guess my theory about Esets Smart Security blocking out going connections in interactive mode works :) Interesting, its not actually a file with the extension PDF any more -- its actually a exe inside that when you try to open the .rar file activates it. |
wainuitech (129) | ||
| 1364742 | 2014-01-09 12:54:00 | Hopefully eset have updated their defs to block this virus before it has started encrypting files. It's the first virus I've seen get past eset, sort of. Two separate clients both had a single workstation get infected and eset picked it up and blocked it but not before a fair number of files on their server shares had been encrypted. |
CYaBro (73) | ||
| 1364743 | 2014-01-09 22:38:00 | Interesting, its not actually a file with the extension PDF any more -- its actually a exe inside that when you try to open the .rar file activates it. It executes simply by the user opening the archive in WinRAR? |
Agent_24 (57) | ||
| 1364744 | 2014-01-09 23:47:00 | No, you would still need to do that manually. The alert appears to be from the cached copy extracted into temp when the archive was "opened". |
fred_fish (15241) | ||
| 1364745 | 2014-01-10 03:19:00 | Whereas we emailed an actual real invoice to customer the other day. Nothing....emailed again with reminder for payment. Rang in the end and he said he thought is was dodgy so hadn't opened it....LOL. .xls extension...not .zip or .exe or whatever. Title ; Invoice for XXX(address) attached |
pctek (84) | ||
| 1364746 | 2014-01-10 03:52:00 | It executes simply by the user opening the archive in WinRAR? YEP exactly, normally you would open a .rar file by extracting the contents, or double clicking to open it. By doing either it triggers the enclosed .exe and tries to access the internet. Since the PC wasn't connected it couldn't go anywhere. BUT Smart security is set to stop any incoming or outgoing traffic unless you click allow. By single right clicking the .rar - extract it triggered it, something flashed on the screen (like a script) at the same time Esets firewall threw up a warning that it was trying to access the internet and asked to allow or disallow ( so it stopped it), AND then Nod32 grabbed it. All this happened in less time than it takes to do 2 mouse clicks, that's why I only managed to get the last piece of the screen shot it was over before you knew it, and the display ( as shown) stick around a bit longer. I'll see if I can do a quick video of it, wont be long all of about 5-10 seconds |
wainuitech (129) | ||
| 1364747 | 2014-01-10 21:55:00 | YEP exactly, normally you would open a .rar file by extracting the contents, or double clicking to open it. By doing either it triggers the enclosed .exe and tries to access the internet. Interesting, so some kind of exploit in the archive I guess? |
Agent_24 (57) | ||
| 1364748 | 2014-01-11 22:09:00 | I saw a report on ARS Technica that there is a worse one in some underground forums. Lets hope it does not get worse. Hmm think it might be time to backup parents PC. |
nedkelly (9059) | ||
| 1364749 | 2014-01-12 00:58:00 | Wainui ... would you recommend Smart Security over straight NOD32 Antivirus then ?? I'm currently using a trial edition of NOD32 and found it quite good but would like to try Smart Security before making my mind up. | SP8's (9836) | ||
| 1364750 | 2014-01-12 03:29:00 | Wainui ... would you recommend Smart Security over straight NOD32 Antivirus then ?? I'm currently using a trial edition of NOD32 and found it quite good but would like to try Smart Security before making my mind up.Smart security gives you the firewall option as well as the AV. I have them setup so they are interactive, meaning anything thats trying to enter or access gets stopped until its approved. At first it can be a bit of a pain, to allow every day items, but doesn't take long to settle down once you have set the options. You LOOK at whats being questioned then decide. One feature is also has is if you update a program, most of the time it will pop up a warning saying Program changed ( or similar wording) and as long as you know you have upgraded the program you allow it. BUT lets say you haven't upgraded the program you can deny it. If using a Trial, simply uninstall Nod32 when it runs out and download a Trial of Smart Security. By default its set to Automatic, but its simple enough to change to interactive. If you want instructions just say. |
wainuitech (129) | ||
| 1 2 | |||||