LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 11-06-2013, 02:39 PM   #1
jefro
Guru
 
Registered: Mar 2008
Posts: 11,711

Rep: Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439
Next us?


Will linux be the next target?

http://www.pcworld.com/article/20606...w-service.html
 
Old 11-06-2013, 02:56 PM   #2
Ztcoracat
Senior Member
 
Registered: Dec 2011
Distribution: Slackware, CentOS & Android
Posts: 3,174
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
it sounds as though they have to try to decrypting your data with every stored private key until they hit one that produces a plausible result.
That could take a while right? Jefro?

This kind of stuff makes me worry a tad-
 
Old 11-06-2013, 03:18 PM   #3
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: infinity; (randomly born:) Milwaukee, WI, US, Earth
Distribution: any UNIXish that works well on my cheapest with mostly KDE, Xfce, JWM or CLI but open ;-)
Posts: 1,379
Blog Entries: 2

Rep: Reputation: 360Reputation: 360Reputation: 360Reputation: 360
Wow, hope not or hasn't. It's not good business to began with so whose to say when they pay the key works?
 
Old 11-06-2013, 03:23 PM   #4
Germany_chris
Member
 
Registered: Jun 2011
Location: Stuttgart, Germany
Distribution: Arch
Posts: 592

Rep: Reputation: 207Reputation: 207Reputation: 207
http://www.overclock.net/t/1435157/a...00-in-bitcoins

Toward the end there is a solution
 
Old 11-06-2013, 03:52 PM   #5
Ztcoracat
Senior Member
 
Registered: Dec 2011
Distribution: Slackware, CentOS & Android
Posts: 3,174
Blog Entries: 1

Rep: Reputation: Disabled
In the link that Germany chris posted a man in the thread mentions:
Quote:
It may be possible to just isolate each machine on a network to its own subnet in order to minimize damage
Someone also mentioned that because the virus can jump across network drives and encrypt anything. If that's the case that really is disconcerting!
I'm not sure entirely sure how one could perform this type of "isolation" I'm not on a server-

Anyone's thoughts on this?

@jamison20000e-
I agree with you. Even if one does pay it may not get rid of the virus.
This is another example where intelligent and craftiness have went in the wrong direction- IMO
 
Old 11-06-2013, 04:21 PM   #6
Germany_chris
Member
 
Registered: Jun 2011
Location: Stuttgart, Germany
Distribution: Arch
Posts: 592

Rep: Reputation: 207Reputation: 207Reputation: 207
Quote:
Originally Posted by Ztcoracat View Post
In the link that Germany chris posted a man in the thread mentions:


Someone also mentioned that because the virus can jump across network drives and encrypt anything. If that's the case that really is disconcerting!
I'm not sure entirely sure how one could perform this type of "isolation" I'm not on a server-

Anyone's thoughts on this?

@jamison20000e-
I agree with you. Even if one does pay it may not get rid of the virus.
This is another example where intelligent and craftiness have went in the wrong direction- IMO
It's kinda why I pulled the chris cloud down for a bit
 
Old 11-06-2013, 06:20 PM   #7
moxieman99
Member
 
Registered: Feb 2004
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 413

Rep: Reputation: 82
Quote:
Originally Posted by Ztcoracat View Post
That could take a while right? Jefro?

This kind of stuff makes me worry a tad-
Shouldn't take too long. Remember, they only have to match it against their own database of keys. It's not like they're generating random keys.
 
Old 11-06-2013, 07:18 PM   #8
andrewthomas
Senior Member
 
Registered: May 2010
Location: Chicago Metro
Distribution: Arch, Gentoo, Slackware
Posts: 1,690

Rep: Reputation: 307Reputation: 307Reputation: 307Reputation: 307
Quote:
it sounds as though they have to try to decrypting your data with every stored private key until they hit one that produces a plausible result.”
They never have to decrypt the data. They just have to deprive you of the data.

Next us?

Backup, backup, backup.

Last edited by andrewthomas; 11-06-2013 at 07:19 PM.
 
Old 11-06-2013, 09:28 PM   #9
Ztcoracat
Senior Member
 
Registered: Dec 2011
Distribution: Slackware, CentOS & Android
Posts: 3,174
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by moxieman99 View Post
Shouldn't take too long. Remember, they only have to match it against their own database of keys. It's not like they're generating random keys.
Thanks-
 
Old 11-07-2013, 12:40 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893
Quote:
Originally Posted by jefro View Post
Will linux be the next target?
What exactly written in this article makes you speculate that?
 
Old 11-07-2013, 08:57 AM   #11
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,397

Rep: Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114Reputation: 1114
Malware that maliciously encrypts your data ought to be able to run on any operating system ... and the fundamental solution to the problem is the same: a backup program, running continuously in the background, which stores data in volumes and directories that only it is authorized to get to.

The backup software is privileged to search through any directory, but it runs under a user-id that can't be directly logged-in to, and it creates and maintains storage files that only it can read/write. So, you can't tamper with your own backup, and neither can any application running on your behalf.

It shouldn't be too difficult to trace this scheme back to the perpetrator, since the bitcoin system actually can be very well tracked. (Since the tokens are one-of-a-kind, they are the perfect "marked(!) bills.")
 
Old 11-07-2013, 09:01 AM   #12
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: infinity; (randomly born:) Milwaukee, WI, US, Earth
Distribution: any UNIXish that works well on my cheapest with mostly KDE, Xfce, JWM or CLI but open ;-)
Posts: 1,379
Blog Entries: 2

Rep: Reputation: 360Reputation: 360Reputation: 360Reputation: 360
From what I've read cryptolocker is an .exe but yes I agree backup, for me it's to Blu-ray every month or so.

Last edited by jamison20000e; 11-07-2013 at 09:04 AM.
 
Old 11-07-2013, 09:09 AM   #13
Germany_chris
Member
 
Registered: Jun 2011
Location: Stuttgart, Germany
Distribution: Arch
Posts: 592

Rep: Reputation: 207Reputation: 207Reputation: 207
Quote:
Originally Posted by sundialsvcs View Post
Malware that maliciously encrypts your data ought to be able to run on any operating system ... and the fundamental solution to the problem is the same: a backup program, running continuously in the background, which stores data in volumes and directories that only it is authorized to get to.

The backup software is privileged to search through any directory, but it runs under a user-id that can't be directly logged-in to, and it creates and maintains storage files that only it can read/write. So, you can't tamper with your own backup, and neither can any application running on your behalf.

It shouldn't be too difficult to trace this scheme back to the perpetrator, since the bitcoin system actually can be very well tracked. (Since the tokens are one-of-a-kind, they are the perfect "marked(!) bills.")
If your backup is continuous that means the drive is connected and that means tha happy bit of malware will take it too. It will take all data connected to the computer punkt. Ars isn't going to cover any but of crappy malware this one is no joke because it can jump in your network. This can jump from my wifes virtualized Windows to my/our NAS (free NAS)to her dropbox..it it is in any manner connected to you computer/network it's locked.
 
Old 11-07-2013, 01:34 PM   #14
NetBot
LQ Newbie
 
Registered: Nov 2013
Posts: 13

Rep: Reputation: 0
If this malware is exe, then this shouldn't affect Linux system. Is this correct? Also, not everybody uses wine and some would even uninstall wine if it were installed by default.
 
Old 11-07-2013, 02:05 PM   #15
Germany_chris
Member
 
Registered: Jun 2011
Location: Stuttgart, Germany
Distribution: Arch
Posts: 592

Rep: Reputation: 207Reputation: 207Reputation: 207
If there is a Windows user anywhere on your network you're vulnerable.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT -5. The time now is 06:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration