lol i can't translate those text in the image, is there any text version available?
Try
this.
Strange. That link just takes me to a login page in Chinese...
Do not use proxy. Proxies are being re-directed to login. This is the link...
http://weibo.com/3552119670/Cg6HS4D9W...and here is the translation...
@ CCTV News
[Mo open strange e-mail in English spread! ] New Trojan virus struck, the most vulnerable foreign workers caught! It is spread through corporate and personal mail, e-mail in English, the Trojans were generally means "order" "Product Details" and so on, can be deceptive. Once caught, the computer 114 kinds of file formats will all be the Trojan encrypted and can not be opened. Want to restore a file, the only way is to pay a ransom to the Bitcoin Trojan author. (CCTV reporter Sun Yang)
I wasn't using a proxy. I think there might be some sort of geographical restriction which is redirecting non-Chinese IPs to a login page.
This is the page I get:
http://www.weibo.com/login.phpAnyway, thanks for the translation. It sounds like a variant of the CryptoLocker virus.
So if I understand correctly, a user needs to run this file first?
Which is sent to them via email?
If it's anything like the CryptoLocker trojan, then yes, it would need to be run.
Another ransomware case, are antiviruses able to identify it still or not? I think it's designed for windows only right? Or can it spread in Linux and Mac too?
Again, I'm only familiar with CryptoLocker but if it's anything similar then it should be Windows-specific. Malware which can infect OS X and Linux are quite rare.
It's going to be difficult to stop Ransomware. Once the Trojan is triggered all files targeted will be encrypted and then you are stuffed.
Without the key, your files are gone...
The only way to reduce the damage, will be to do regular offline backups. If you are hit, you could just restore the files and only lose the files that was not being backed up.
Most office workers do not make backups regularly.
Businesses will probably start forcing backups soon if they haven't already been doing so. If everyone had backups, these ransom hackers would be out of business.
to be honest backup should be mandatory regardless of virus or other things, what if your hdd fail or other random crap like that? i've always an entire backup of my ssd in a usb pen drive
in this situation the victim could have just restored everything in no time without paying that crazy amount
It's also recommended to have backups of your backups.
And even that isn't necessarily going to be 100% successful. Stefan Thomas who is a Bitcoin core developer once lost a substantial amount of BTC because both his backups managed to fail simultaneously:
The Stefan Thomas Loss
This next incident is also fairly ancient in Bitcoin terms, taking place in July 2011, illustrates how wallet security can also fail in the other direction. Bitcoin developer Stefan Thomas had three backups of his wallet – an encrypted USB stick, a Dropbox account and a Virtualbox virtual machine. However, he managed to erase two of them and forget the password to the third, forever losing access to 7,000 BTC (worth $125,000 at the time). Thomas’s reaction: "[I’m] pretty dedicated to creating better clients since then."
Link:
http://bitcoinmagazine.com/4628/bitcoin-self-defense-part-i-wallet-protection/Guys, nobody has answered my question so far:
This trojan has to be ran by the victim right?
And it's send through email?
Much viruses and malware need the user of the computer, aka victim, to run an unsuspected file to be infected. Email is only one of the main source of these malwares. Others ways include plugging in a usb flash disks,
downloading and viewing a pdf document.PDF documents?
How does that work?
I have never heard of that before.
This is the first time I heard that.
There is a way called extension spoofing. Using the appropriate tool anyone can do it and it can be used to trick users download and run malicious files as well as files with malicious code attached to them. You can use extension spoofing on a huge variety of extensions but besides PDF is an especially vulnerable extension.
Basically this is correct. The Wikipedia article goes into more detail about the issue with extensions:
CryptoLocker typically propagated as an attachment to a seemingly innocuous e-mail message, which appears to have been sent by a legitimate company. A ZIP file attached to an email message contains an executable file with the filename and the icon disguised as a PDF file, taking advantage of Windows' default behaviour of hiding the extension from file names to disguise the real .EXE extension. CryptoLocker was also propagated using the Gameover ZeuS trojan and botnet.
Not to mention Acrobat Reader can also have vulnerabilities of its own which can be exploited if left unpatched:
http://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-497/Adobe-Acrobat-Reader.html
