Browsing Posts tagged Windows

Hey folks, Brandon here! Something we’ve talked about to for the past year or so is Ransomware, a type of malware designed to encrypt your files causing you to not be able to access them, then demand a monetary ransom to get access to your files again. Every couple of months there seems to be a new wave of these coming out and one seems to have started going out this week……So of course Steve and I decided to download the latest and greatest in Cryptowall and try it out!

So let’s talk about how this new wave of Cryptowall is being distributed and how it works.

Note that this version is using Java to run. When we didn’t have Java installed, the virus couldn’t do anything. Unfortunately, removing Java from all your machines isn’t really a good way to prevent this sort of thing, as it’ll cause new issues. The best thing to do is to keep everything up to date, as companies are constantly releasing security updates.

How it’s being sent

This is being sent to people in an email about new Outlook settings (Subject typically: Important – New Outlook Settings) coming from Administrator@outlook-us.com

Attachment/Link

The email comes with a URL (different URL each time) that appears to change what it’s doing each time you click it. Sometimes it downloads ‘message.zip’ which contains ‘outlook_settings_pdf.exe’ (the virus). Now this is tricky because unless your computer shows file extensions, it just shows as outlook_settings_pdf with a sneaky little Adobe Acrobat icon. Sometimes the site it takes you to loads a blank page. Sometimes it loads what appears to be a…poem? Yeah, a poem. Alaa has actually been reloading the page over and over to make a poem book. We’ll probably put that on Amazon for your Kindle soon.

Bottom line

If you see an out-of-place looking email from anybody @outlook-us.com, you should probably err on the side of caution. As always, clicking on links if you don’t know where they’re from is typically a bad idea. If there’s anything you’re unsure about, ask your IT support! We in IT would rather you be cautious and secure than click-happy and vulnerable :)

That’s really it. If you want the details of what the virus is doing, keep on reading!

What’s the file doing?

If the outlook_settings_pdf.exe gets run, it will show itself as a process as well as 2 process that *appear* to have randomly generated names. They’re definitely noticeable. Here is resource monitor with the processes (click image to see full-size):

Then it gets to work! It’s using the system Cryptographic Services to start encrypting your precious files to hold for ransom:

 

 

 

 

 

 

(I just realized the bottom task got cut off. But it’s the cryptographic service…)

 

I know, I know, Christmas is over. But I just couldn’t resist passing along just one more free gift. This one’s from one of my favorite websites, MakeUseOf. They have all kinds of cool, helpful and free stuff, like: Tips & How To Articles, Best of Tools, Must Read Guides, Cool Sites Directory and more.

If you own both a Mac and a PC, you’re not alone. According to a 2009 survey, 85% of Mac owners also own a PC. This means millions of people need to make these two systems work together.

If you’re one of those, check out “Computing Harmony: Seamlessly Blend Windows and OS X,” the latest free MakeUseOf manual. Just click on the link above and you’ll be on your way to making these rivals work better together.

Enjoy. And Merry Christmas from Simplex-IT and MakeUseOf.com!

I’m glad you asked that question because eventually it’s going to happen. And when it does, how concerned should you be?

The answer to this question can be found here – http://bit.ly/cnLS3C.

Of course, the key to understanding exactly WHEN Microsoft will stop supporting any given piece of software can be found in their Support Lifecycle Policy which you will also find linked on the above mentioned site.

After all is said and done, however, it is generally understood (and expected) that as new software is developed its primary focus of compatibility is going to be with the most contemporary software – applications AND operating systems! So if you’re contemplating upgrading to Office 2010, for example, and were looking for just one more reason to push you to also move to Windows 7, this could be it.

Good reading!