Skip to content

Monthly Archives: June 2016

Ransomware scum build weapon from JavaScript

Quote

Demands $250, steals passwords for good measure

 

New ransomware written entirely in JavaScript has appeared encrypting users files for a US$250 (£172, A$336) ransom and installing a password-stealing application.

Researchers @jameswt_mht and @benkow_ found the ransomware they dubbed RAA.

Bleeping Computer malware man Lawrence Abrams described the ransomware noting it is shipped as a JS file and uses the CryptoJS library for AES encryption.

“RAA is currently being distributed via emails as attachments that pretend to be doc files and have names like mgJaXnwanxlS_doc_.js,” Abrams says.

“When the JS file is opened it will encrypt the computer and then demand a ransom of about US$250 USD to get the files back.

“To make matters worse, it will also extract the embedded password stealing malware called Pony from the JS file and install it onto the onto the victim’s computer.”

The ransomware launches a word document that appears to be corrupted, and serves to distract users while the malware encrypts files.

Microsoft in April warned of a spike in malicious JavaScript email attachments shortly before virus writers behind Locky sent their ransomware in that format.

Trend Micro researchers say Locky and RAA use JavaScript files also as malware downloaders which obtain and install a malware.

“The RAA ransomware is considered unique because it’s rare to see client-side malware written in web-based languages like JavaScript, which are primarily designed to be interpreted by browsers,” they say . “… users are advised to avoid opening attachments with the filenames mentioned above, even if they’re enclosed in a .zip archive.”

No means yet exist for free decryption.

Rule of thumb, do not open attachments unless you are absolutely sure the sender is valid and actually sending you something for which you asked.

We receive many emails with malware attachments from ***known*** users because they are irresponsible and do not secure their passwords or systems with strong passwords and anti-malware software. So even if you recognize the sender, do not assume it is safe.

Google IMAP losing old security protocols this month

Quote

Google’s ongoing elimination of the antediluvian SSLv3 and RC4 protocols is taking another step on June 16.
From that date, Gmail’s IMAP and POP services will join its SMTP services in rejecting connections using those protocols.
Recognising, perhaps, that not everybody’s been paying attention, Mountain View is giving users and sysadmins time to adjust. It may take “longer than 30 days for users to be fully restricted from connecting” using clients that still run those protocols, the company’s announcement states.
However, most clients already support more modern TLS versions.
Beyond the deprecation date, sysadmins will start to see errors if they try running SSLv3 or RC4 in connection, and app developers are likewise warned they need to push out upgrades.
It’s been a year since the IETF put a bolt into the skull of SSLv3, issuing RFC 7568 as a not-so-gentle reminder to the industry.
And as a cipher, RC4 has been a dead duck for years.
So if your favourite mail app tells you “upgrade now”, you might want to ask why they’ve taken so long.

Took long enough!

Guilty till Proven Innocent

Quote

Oklahoma Highway Patrol officers can now seize funds from prepaid debit cards, without requiring a warrant or criminal charges.

The Electronic Recovery and Access to Data (ERAD) device can be used in the field, enabling officers to quickly drain cards found in vehicles or on drivers and passengers. Officers must merely establish a “reasonable suspicion” that a crime is being committed.

To get the money back, or counter initial suspicions, individuals must prove the money was obtained legitimately.ote

Civil-rights advocates claim officers frequently abuse the system and take money from law-abiding citizens. In many states, courts have agreed that “innocent until proven guilty” protects individuals, but not their possessions.

Raising further concerns, the company that owns the patent for the device, ERAD Group, receives a 7.7-percent cut of any funds seized using the tools. A larger portion can find its way back to police departments for new gear and other expenses, creating a potential conflict of interest.

“This is a capability that law enforcement has never had before and one that is very likely to land [Oklahoma’s Department of Public Safety] in litigation,” opined ACLU Oklahoma legal director Brady Henderson.

The United Police States. What a disgrace. How can we continue to hold this country as a model of freedom to the world and allow this?