Hi,

 

thought I'd share this zero day alert with you all as it could be bad.

 

What:

A vulnerability exists in the Java Runtime Environment component of Oracle Java SE.

 

Impact

Successful attack of this vulnerability can result in unauthorised Operating System takeover including arbitrary code execution.

 

Applicability:

 

Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier and 5.0 Update 45 and earlier and OpenJDK 7.

 

 

More info:

 

http://www.scmagazine.com.au/News/354931,java-6-zero-day-added-to-neutrino-exploit-kit.aspx

http://www.zdnet.com/java-6-users-vulnerable-to-zero-day-flaw-security-experts-warn-7000020019/

http://blog.trendmicro.com/trendlabs-security-intelligence/a-new-exploit-kit-in-neutrino/

Pretty sure I'm on 7 phew!

Hmm time to update Java on my desktop. I've ignored it for too long!

What version do you have installed?:

http://www.java.com/en/download/installed.jsp

 

Java old version uninstaller :

http://www.java.com/en/download/uninstallapplet.jsp

New Ransomware Campaign

 

Received a number of reports from victims of a new ransomware campaign targeting end-user systems. The malicious software is commonly known by the

name CryptoLocker.

 

Ransomware is a type of software which restricts access to a victim computer system, and demands a ransom be paid to the perpetrator in order for the restriction to be removed.

 

Details:

 

As with other ransomware variants, CryptoLocker encrypts documents, photos, databases and certificate files, and then demands payment of an amount in the vicinity of $300. In the case of this malware, the files are encrypted using public key cryptography, so the key is never stored on the machine, and thus is not available for acquisition using file recovery or other forensic techniques.

 

Of particular note, the CryptoLocker ransomware searches connected network shares for the specified document types, and thus will encrypt any backups that are reachable via mounted network drives. In previous ransomware campaigns CERT Australia was contacted by a number of organisations that had suffered significant business disruption

as a result of corrupted backups.

 

In order to reduce attractiveness of the ransomware business model, CERT Australia recommends against payment of any amounts demanded by the operators of this type of

malicious software.

 

Files with the extensions listed below are targeted by current versions of the CryptoLocker ransomware:

.3fr, .accdb, .ai, .arw, .bay, .cdr, .cer, .cr2, .crt, .crw, .dbf, .dcr, .der, .dng, .doc, .docm, .docx, .dwg,

.dxf, .dxg, .eps, .erf, .indd, .jpe, .jpg, .kdc, .mdb, .mdf, .mef, .mrw, .nef, .nrw, .odb, .odm, .odp,

.ods, .odt, .orf, .p12, .p7b, .p7c, .pdd, .pef, .pem, .pfx, .ppt, .pptm, .pptx, .psd, .pst, .ptx, .r3d, .raf,

.raw, .rtf, .rw2, .rwl, .srf, .srw, .wb2, .wpd, .wps, .xlk, .xls, .xlsb, .xlsm, .xlsx

 

A list of the files on a particular machine that have been encrypted by the malware are available at the following Windows registry key:

HK_CURRENT_USER\Software\CryptoLocker\Files

 

Current reporting indicates the majority of incidents involve the user opening a malicious email attachment containing the CryptoLocker malware, or visiting a website which exploits an application running on the user’s PC to install the ransomware.

 

Recommedations

 

Consider the following specific mitigations to protect against this cyber security risk:

 

• Activate Volume Shadow Copy on the relevant Windows PCs. This feature maintains previous versions of files in a location that is not accessible by current samples of CryptoLocker. Once the malware has been removed from an infected PC, files mirrored by the Volume Shadow Copy service can be recovered by the user.
  
• Make regular backups of valuable files and maintain an offline copy. As online drives and network shares are encrypted by the malware any connected backups will be rendered unusable.
  
• Ensure computer systems are running antivirus software with the latest antivirus signatures.
  
• Consider implementing application whitelisting or, at least, software restriction policies to hinder the ability of malicious software to execute successfully.
  

 

More Detail

 

https://www.cert.gov.au/advisories

http://nakedsecurity.sophos.com/2013/10/12/destructive-malware-CryptoLockeron-the-loose

http://technet.microsoft.com/en-us/library/hh831534.aspx

Argghhhh ransomware is the worst! It's such a nightmare and yet such an effective blackmailing tool now that everyone keeps their lives on their PCs

Good thing about not having any important files

that ones been around for a little while - the newer version asks for 10bitcoins or $2100.

 

 

they also launched a decrypting website..

http://1.bp.blogspot.com/-1lkvlnXWxAI/UnZ7F9AWPHI/AAAAAAAAYbM/M58T4YQHLbI/s728/CryptoLocker+Ransomware+Decryption+Service.png

 

 

there is however a tool to protect your files from crypto - tool

i'd be more worried about buying an appliance at the moment - particularly one made in china.

 

household appliances imported from China contain tiny computers that seek out open WiFi networks and then get to work sending spam and distributing malware.

 

local authorities had examined kettles and irons and found “20 to 30 pieces of Chinese home appliance 'spy' microchips” that “sends some data to the foreign server”.

 

This has led to speculation that the chips allegedly found in the home appliances may also have the ability to steal data and send it back to Chinese servers.

 

... :disgust:

 

Surely they would only be able to connect to an unprotected network though?

trouble is many many "wireless devices" don't have a default password - ie cameras, home fones, fridges etc and manufactures don't care as they put the problem in the consumers hands saying its their responsibility to secure their devices.

 

the defense dept has been worried for years about Chinese manufactured microchips containing trojans or malware for obvious reasons..

 

Specifically, the American-designed, Chinese-made Actel/Microsemi ProASIC3 A3P250 — commonly known as the PA3 — chip was found by Cambridge researcher, Sergei Skorobogatov, to have a backdoor, or trojan, deliberately built into it. The PA3 is what’s called a Field Reprogrammable Gate Array (FRGA); an almost blank slate of a microchip that can be programmed by its owner to perform a variety of tasks.

 

Most alarming is that the PA3 is considered to be one of the “most impenetrable” designs on the market. The chip is used in military “weapons, guidance, flight control, networking and communications” hardware, according to Skorobogatov’s report on his findings that was published last weekend. The PA3 is also used in civilian “nuclear power plants, power distribution, aerospace, aviation, public transport and automotive products,” according to Skorobogatov.

 

If your banking with westpac you can get BitDefender for 1 year free.

 

http://www.westpac.com.au/security/bitdefender-lp/